On 2017-09-26 18:20, Jorge Almeida wrote: > This is what I do at stage 1, regarding entropy gathering:
Thanks, but nothing short of an ioctl(RNDADDTOENTCNT) or ioctl(RNDADDENTROPY) will the change the kernel's measure of the gathered entropy, and to use those in good conscience obviously requires actually saving a seed across reboots, something which is not very easily achievable in my case. But if I can't convince Laurent to not rely on getrandom() in s6-rc-update I'll either have to try that, or (more likely) just change getrandom: yes to getrandom: no in the sysdeps. > - start haveged service soon > - in background, > - read 512 bytes from /dev/random and write them to /dev/urandom > - write something to a pipe entropy_pipe > > -meanwhile, do other stuff (filesystem checking, etc) > > -in background, > -read from entropy_pipe (blocks until ready) > - start services that require /dev/urandom in a sane state The two processes with an entropy_pipe between them seems overkill, why not just have one process do getrandom(,,0)? > To my experience (common 1 user workstations) startup is very fast (1 > or 2 secs). Yes, but this is far from a common user workstation. -- Rasmus Villemoes Software Developer Prevas A/S Hedeager 1 DK-8200 Aarhus N +45 51210274 [email protected] www.prevas.dk
