[Ben Hutchings]
> haveged or jitterentropy-rngd are likely to be better.
Is there any hope to run them within d-i in Buster before /target/ is
set up?
--
Happy hacking
Petter Reinholdtsen
Ben Hutchings (2019-04-16):
> On Tue, 2019-04-16 at 13:57 +0200, Petter Reinholdtsen wrote:
> > [Ben Hutchings]
> > > This is a pretty terrible approach. Especially as the world has moved
> > > on to SSDs and they provide very little entropy from interrupts.
> >
> > Absolutely. But it has
On Tue, 2019-04-16 at 13:57 +0200, Petter Reinholdtsen wrote:
> [Ben Hutchings]
> > This is a pretty terrible approach. Especially as the world has moved
> > on to SSDs and they provide very little entropy from interrupts.
>
> Absolutely. But it has solved the problem with too little entropy
Daniel Lange dixit:
> Thorsten Glaser (CC) has produced a prototype early-rng-init-tools (cf.
> https://lists.debian.org/debian-devel/2019/02/msg00327.html) which could be
> extended to try reading entropy off the network when it doesn't have a
> carried-over seed (as in the Debian Installer
[Ben Hutchings]
> This is a pretty terrible approach. Especially as the world has moved
> on to SSDs and they provide very little entropy from interrupts.
Absolutely. But it has solved the problem with too little entropy since 2011.
Do you have any better ways to force the kernel to add some
On Tue, 2019-04-16 at 12:19 +0200, Petter Reinholdtsen wrote:
> Debian Edu ran into this problem when installing Kerberos as a server from
> d-i,
> and solved it by running a process in the background to monitor the entropy
> level,
> and when it was running low, it would flush the file
Debian Edu ran into this problem when installing Kerberos as a server from d-i,
and solved it by running a process in the background to monitor the entropy
level,
and when it was running low, it would flush the file buffers and run 'find
/target' to force some IO operations that would add
This is related to #916690.
getrandom() essentially blocks during many use cases where the system
does not have enough entropy. This is somewhat mitigated by the Debian
kernel now trusting the RDRAND (CONFIG_RANDOM_TRUST_CPU) for AMD64
8 matches
Mail list logo
