On Mon, Apr 05, 2021 at 12:51:44AM +0200, Joerg Sonnenberger wrote: > On Sun, Apr 04, 2021 at 02:16:41PM -0700, Paul Goyette wrote: > > Perhaps sysinst(8) should ask > > > > Do you need a hyper-secure system? > > > > If yes, then leave things as they are today. But if you answer no, > > we should automatically copy enough pseudo-entropy bits to /dev/rnd > > to prevent future blocking. > > For most architectures, sysinst does do exactly that. It assumes that > you don't just reset or reboot, but properly shutdown the system. > > Joerg
Are you sure? AFAIK the estimation is saved inside the entropy file that gets written on shutdown, and loaded on next boot. If the estimation was zero, it stays zero, and you get blocking. Martin had a patch that added a menu to sysinst providing various options if estimation == 0, but IIRC it was disabled pending further discussion.