Hey, Ben Hutchings <ben@decadent.org.uk> (2019-11-09): > > Ben Hutchings <ben@decadent.org.uk> (2019-11-07): > > > Linux 5.4 introduces an in-kernel jitter-entropy implementation > > > for systems without a usable hardware RNG, which should remove the > > > need for haveged. > > > > > > We could possibly cherry-pick that change on to 5.3, to avoid the > > > need for further changes to haveged packaging. > > > > Oh, great. > > > > Feel free to either follow-up on this bug report once you have > > backported it to 5.3, or alternatively once 5.4 trunk has reached > > experimental, so that the switch away from haveged can be tested. > > This is included in 5.3.9-1, which is currently building. I know it's been available for a while, but merging this right before D-I Bullseye Alpha 2 feels a little wrong. Anyway, to get the ball rolling, I've performed some tests to see how it would go. I've tried dropping haveged-udeb from pkg-lists and that seems to be working fine: there are no obvious delays with either the all-HTTPS scenario or the encrypted LVM one. I'm seeing the “random: crng init done” message after 23 or 52 seconds respectively, likely when the first entropy-needing operations are happening. Can you confirm this is the expected behaviour? Next, I might try disabling the fc-cache trick at build time to see if the kernel-level mechanism makes that a moot point as well (I would assume it does, but I'd like to double check: this is happening rather early in the boot sequence). https://debamax.com/blog/2018/05/25/debugging-black-screen-in-debian-installer/ https://salsa.debian.org/installer-team/debian-installer/commit/59e1a9af0ce29da7afb55aecce6d54094c3f214f Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature