Re: lack of boot-time entropy on arm64 ec2 instances

To: Noah Meyerhans <noahm@debian.org>
Cc: debian-cloud@lists.debian.org
Subject: Re: lack of boot-time entropy on arm64 ec2 instances
From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Wed, 8 Jan 2020 20:17:13 +0000
Message-id: <[🔎] 20200108201713.bltwcjzo6d5doerb@snafu.emyr.net>
In-reply-to: <[🔎] 20200108194813.GD31539@morgul.net>
References: <[🔎] 20200108194813.GD31539@morgul.net>

On Wed, Jan 08, 2020 at 02:48:13PM -0500, Noah Meyerhans wrote:
> We add haveged to the arm64 EC2 AMI.  This appears to work, and is
> something we can do today.  The debian-installer has previously used
> haveged to ensure reasonable entropy during installation, so there is
> some precident for this.

Every time I propose the use of haveged to resolve entropy starvation, I
get reactions from crypto folks saying that it's not a valid solution.
They invariably suggest that passing hardware RNG through to the VM is
the appropriate choice.

The latest such reaction being from mjg59. See:
https://twitter.com/mjg59/status/1181423056268349441
https://twitter.com/LucaFilipozzi/status/1181426253636755457

-- 
Luca Filipozzi

Reply to:

Follow-Ups:
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Ross Vandegrift <rvandegrift@debian.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>

References:
- lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: lack of boot-time entropy on arm64 ec2 instances
Next by Date: Prevencion Lavado de Dinero
Previous by thread: lack of boot-time entropy on arm64 ec2 instances
Next by thread: Re: lack of boot-time entropy on arm64 ec2 instances
Index(es):
- Date
- Thread