[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lack of boot-time entropy on arm64 ec2 instances

On Wed, Jan 08, 2020 at 02:48:13PM -0500, Noah Meyerhans wrote:
> We add haveged to the arm64 EC2 AMI.  This appears to work, and is
> something we can do today.  The debian-installer has previously used
> haveged to ensure reasonable entropy during installation, so there is
> some precident for this.

Every time I propose the use of haveged to resolve entropy starvation, I
get reactions from crypto folks saying that it's not a valid solution.
They invariably suggest that passing hardware RNG through to the VM is
the appropriate choice.

The latest such reaction being from mjg59. See:

Luca Filipozzi

Reply to: