On Di, 01.05.18 18:08, Vito Caputo ([email protected]) wrote: > Hello systemd-devel, > > There's an ongoing discussion @ lkml about early boot random number > entropy, or the lack of it, and how it may hang systemd-using instances > from booting indefinitely. > > Ted Ts'o is questioning the validity of journal-authenticate's early > random number usage, maybe some of you care to comment.
There appears to be some confusion there... journal-authenticate.c only has an effect if forward secure sealing is turned on, which it isn't by default, people have to explicitly generate a keypair first. And it's the generation of that keypair that requires proper (cryptographic) entropy — but this is generally not done on boot. Hence, yes there's some code that requires proper cryptographic entropy, and for a valid reason, but that code is neither run on boot, nor run unless explicitly enabled. Or maybe this confusion is just another iteration of the stuff dicussed here? https://github.com/systemd/systemd/issues/4167 (Every single time I posted something on kernel mailing lists in the past years I got excessively nasty mails back from kernel community members, about that I should go and die and suchlike, and hence I am generally refraining to post on kernel mailing lists, which is why I am replying here, and not there... I know that sucks, but they really need to fix their community first) Lennart _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
