Re: lack of boot-time entropy on arm64 ec2 instances

To: Luca Filipozzi <lfilipoz@emyr.net>
Cc: debian-cloud@lists.debian.org
Subject: Re: lack of boot-time entropy on arm64 ec2 instances
From: Noah Meyerhans <noahm@debian.org>
Date: Thu, 9 Jan 2020 13:22:30 -0500
Message-id: <[🔎] 20200109182230.GA15186@morgul.net>
In-reply-to: <[🔎] 20200109165724.hoo73qbp737rxnkk@snafu.emyr.net>
References: <[🔎] 20200108194813.GD31539@morgul.net> <[🔎] 20200108201713.bltwcjzo6d5doerb@snafu.emyr.net> <[🔎] 20200108212935.GF31539@morgul.net> <[🔎] 20200109004128.klwpvpmhmrnejq4y@snafu.emyr.net> <[🔎] 20200109011141.dr6gipjtpgnymiwe@snafu.emyr.net> <[🔎] 20200109042534.GB3527@mit.edu> <[🔎] 20200109054705.cnvwr73dqswktaqq@snafu.emyr.net> <[🔎] b6b25f61-0d25-f7ab-da14-3c671eb999d3@hyperone.com> <[🔎] 20200109125414.GA10771@morgul.net> <[🔎] 20200109165724.hoo73qbp737rxnkk@snafu.emyr.net>

On Thu, Jan 09, 2020 at 04:57:24PM +0000, Luca Filipozzi wrote:
> > > >> I'd encourage those of you who are in position to make Amazon listen
> > > >> to get with the program and support virtio-rng.  :-)
> > > > Noah: chances of AWS supporting virtio-rng?
> > > I wonder if the correct criterion for the cloud image is compatibility
> > > with AWS and GCP only. I suppose a large number of deployment are based
> > > on private cloud environments (OpenStack etc.). In addition to AWS and
> > > GCP, there is also Azure, which is based on Hyper-V, which has a low
> > > chance of getting support for virtio-rng for obvious reasons.
> > 
> > The cloud kernel flavour currently targets AWS and Azure only.  Hence
> > the lack of support for virtio-rng.
> 
> How is entropy starvation at boot solved for x86-64 in AWS / Azure?

RDRAND is available on amd64, and contributes early entropy.

Our 5.4 kernel in sid does not suffer from a lack of entropy at boot on
arm64 EC2 instances.  I guess it could be due to the "random: try to
actively add entropy rather than passively wait for it" that tytso
mentioned earlier.  I'm going to try to cherry-pick that into 4.19 and
see if things speed up.  Since we're already running it in 5.4, I guess
it's safe...

noah

Reply to:

Follow-Ups:
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>

References:
- lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: "Theodore Y. Ts'o" <tytso@mit.edu>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Adam Dobrawy <a.dobrawy@hyperone.com>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>

Prev by Date: Re: lack of boot-time entropy on arm64 ec2 instances
Next by Date: Re: lack of boot-time entropy on arm64 ec2 instances
Previous by thread: Re: lack of boot-time entropy on arm64 ec2 instances
Next by thread: Re: lack of boot-time entropy on arm64 ec2 instances
Index(es):
- Date
- Thread