On Sat, 2020-03-14 at 08:13 +0100, Cyril Brulebois wrote: [...] > Anyway, to get the ball rolling, I've performed some tests to see how it > would go. I've tried dropping haveged-udeb from pkg-lists and that seems > to be working fine: there are no obvious delays with either the > all-HTTPS scenario or the encrypted LVM one. I'm seeing the “random: > crng init done” message after 23 or 52 seconds respectively, likely when > the first entropy-needing operations are happening. Can you confirm this > is the expected behaviour? [...] Yes, that's what I would expect. However: I've just run a test where the initramfs script reads one byte of /dev/random then reports the time and relevant log messages. On 5.5, with random.trust_cpu=N, it still hangs for many minutes. Eventually I stopped waiting and pressed keys, and that un-stuck it. So I think the in-kernel entropy generator might not be reliable (yet). Ben. -- Ben Hutchings Humour is the best antidote to reality.
Attachment:
signature.asc
Description: This is a digitally signed message part