Ben Hutchings <ben@decadent.org.uk> (2020-03-15): > On Sat, 2020-03-14 at 08:13 +0100, Cyril Brulebois wrote: > [...] > > Anyway, to get the ball rolling, I've performed some tests to see > > how it would go. I've tried dropping haveged-udeb from pkg-lists and > > that seems to be working fine: there are no obvious delays with > > either the all-HTTPS scenario or the encrypted LVM one. I'm seeing > > the “random: crng init done” message after 23 or 52 seconds > > respectively, likely when the first entropy-needing operations are > > happening. Can you confirm this is the expected behaviour? > [...] > > Yes, that's what I would expect. > > However: I've just run a test where the initramfs script reads one > byte of /dev/random then reports the time and relevant log messages. > On 5.5, with random.trust_cpu=N, it still hangs for many minutes. > Eventually I stopped waiting and pressed keys, and that un-stuck it. > So I think the in-kernel entropy generator might not be reliable > (yet). OK, I'll postpone the change then, and keep haveged-udeb for now. Feel free to let us/me know when you think this is reliable enough for us to implement the suggested change. Thanks! Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature