On 2017-09-26 18:20, Jorge Almeida wrote:
> This is what I do at stage 1, regarding entropy gathering:

Thanks, but nothing short of an ioctl(RNDADDTOENTCNT) or
ioctl(RNDADDENTROPY) will the change the kernel's measure of the
gathered entropy, and to use those in good conscience obviously requires
actually saving a seed across reboots, something which is not very
easily achievable in my case. But if I can't convince Laurent to not
rely on getrandom() in s6-rc-update I'll either have to try that, or
(more likely) just change getrandom: yes to getrandom: no in the sysdeps.

> - start haveged service soon
> - in background,
>         - read 512 bytes from /dev/random and write them to /dev/urandom
>         - write something to a pipe entropy_pipe
> 
> -meanwhile, do other stuff (filesystem checking, etc)
> 
> -in background,
>          -read from entropy_pipe (blocks until ready)
>          - start services that require /dev/urandom in a sane state

The two processes with an entropy_pipe between them seems overkill, why
not just have one process do getrandom(,,0)?

> To my experience (common 1 user workstations) startup is very fast (1
> or 2 secs).

Yes, but this is far from a common user workstation.

-- 
Rasmus Villemoes
Software Developer
Prevas A/S
Hedeager 1
DK-8200 Aarhus N
+45 51210274
rasmus.villem...@prevas.dk
www.prevas.dk

Reply via email to