On 2017-09-26 18:20, Jorge Almeida wrote:
> This is what I do at stage 1, regarding entropy gathering:
Thanks, but nothing short of an ioctl(RNDADDTOENTCNT) or
ioctl(RNDADDENTROPY) will the change the kernel's measure of the
gathered entropy, and to use those in good conscience obviously requires
actually saving a seed across reboots, something which is not very
easily achievable in my case. But if I can't convince Laurent to not
rely on getrandom() in s6-rc-update I'll either have to try that, or
(more likely) just change getrandom: yes to getrandom: no in the sysdeps.
> - start haveged service soon
> - in background,
> - read 512 bytes from /dev/random and write them to /dev/urandom
> - write something to a pipe entropy_pipe
> -meanwhile, do other stuff (filesystem checking, etc)
> -in background,
> -read from entropy_pipe (blocks until ready)
> - start services that require /dev/urandom in a sane state
The two processes with an entropy_pipe between them seems overkill, why
not just have one process do getrandom(,,0)?
> To my experience (common 1 user workstations) startup is very fast (1
> or 2 secs).
Yes, but this is far from a common user workstation.
DK-8200 Aarhus N