Am 08.02.2016 um 12:17 schrieb Oliver Grawert: >>> > > I think including rng-tools everywhere is a good idea: for only 80KB or >>> > > so >>> > > of storage space the value it gives is fantastic. I'd rather it be >>> > > included everywhere and set up by default to the extent we can. >> > >> > It does not help to include rng-tools and then start it eventually. It >> > is important that the boot process blocks until a certain amount of >> > entropy bits has become available as during first boot persistent keys >> > are generated (essentially without entropy). >> > >> > I think boot / all initialization of snaps and system wide services >> > should block until at least 1024 bits of entropy are available for the >> > first time. > i disagree... we should make sure to only block services that actually > make use of the entropy by having properly defined dependencies between > systemd units, not delay the whole boot process ;)
Yeah sure, it does not have to block the whole boot process, as long as it it possible for Snaps to wait on entropy as well. > ... and in that light we should perhaps consider pulling rng-tools into > the initrd to have it start as early as /sys and /dev are there so even > these delays are as short as possible. Yes it would be good to have rngd running from the initrd. Though as it is a daemon, does it then need to be restarted when rootfs takes over? Another issue is the configuration of rngd - i guess it would be a start to have the autodetect logic as in the init script but ultimatively this is hardware dependent and thus might need to be different from platform to platform. Cheers Simon Yeah well -- Simon Eisenmann [ mailto:si...@struktur.de ] [ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ] [ T. +49.711.896656.68 | F.+49.711.89665610 ] [ http://www.struktur.de | mailto:i...@struktur.de ]
signature.asc
Description: OpenPGP digital signature
-- snappy-devel mailing list snappy-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
