On Sun, Jun 14, 2015 at 6:45 PM, Greg KH <gre...@linuxfoundation.org> wrote: > On Sun, Jun 14, 2015 at 02:11:53PM -0300, Cristian Rodríguez wrote: >> On Sun, Jun 14, 2015 at 1:43 PM, Greg KH <gre...@linuxfoundation.org> wrote: >> > On Sun, Jun 14, 2015 at 12:49:55PM -0300, Cristian Rodríguez wrote: >> >> >> >> El jun. 14, 2015 10:21, "cee1" <fykc...@gmail.com> escribió: >> >> > >> >> > Hi all, >> >> > >> >> > Why we need to read/save random seed? Can it be read from /dev/random >> >> > each >> >> time? >> >> >> >> Because the kernel is borked and still is needs to be fed of entropy at >> >> system >> >> startup by user space. Please read the random man page. >> >> >> >> I agree we shouldn't have to do this at all.. >> > >> > Really? And how do you suggest we "fix" the kernel when the hardware >> > itself doesn't provide us with a proper random number "seed" in the >> > first place? What do you suggest we do instead? >> >> Las time I checked , it required this userspace help even when the >> machine has rdrand/rdseed or when a virtual machine is fed from the >> host using the virtio-rng driver.. (may take up to 60 seconds to >> report >> random: nonblocking pool is initialized) Any other possible solution >> that I imagined involves either blocking and/or changes in the >> behaviour visible to userspace and that is probably unacceptable >> . > > Really?
Yes, this is why for example you will find an "haveged" dracut module that SUSE added during the SLE 12 development. to start entropy feed from user-space as early as possible this is not because folks are crazy but because it took way too long to initialize at that time.. >A lot of changes went into seeding the initial random generator > in the kernel in the past year, you might want to try it out again. Sure, I will check it again.. >> The random-seed tool also does not increment the entropy count (It >> writes to /dev/random instead of using the ioctls) so the ultimate >> result is still a system with very little entropy to go on, only >> starting rngd or haveged *very* early in the boot sequence seem to >> help. > > Then why not fix the random-seed tool to use the correct interface? yeah, I think we should take a look on this too. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
