On 2020-01-17 14:32:22, Noah Meyerhans wrote:
> On Thu, Jan 09, 2020 at 05:22:17PM -0500, Noah Meyerhans wrote:
> > I've confirmed that 4.19.87 with changes cherry-picked from 50ee7529ec45
> > claims to have entropy at boot:
> >
> > admin@ip-172-31-49-239:~$ cloud-init analyze blame
> > -- Boot Record 01 --
> > 02.88900s (init-network/config-ssh)
> > ...
> >
> > The change applies cleanly to our kernel tree, so this would appear to
> > be a possible solution.
> >
> > I've opened https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948519
> > against the kernel discuss the entropy issue in general, and will follow
> > up there with a proposal for getting this change backported.
>
> The kernel team would prefer that any backport of 50ee7529ec45 to stable
> branches happen upstream, which is sensible. I'll follow up with the
> stable kernel maintainers to see about making this happen, if they're
> willing.
Thanks for that
> In the mean time, regardless of where the backport happens, there's no
> possibility of getting this kernel change into 10.3. So, I'd like to
> revisit my original proposal of adding haveged to the arm64 EC2 image
> configuration. Haveged is used in debian-installer for buster (but not
> bullseye+, see below), so there is precident for its use within Debian.
> IMO, this is the best option available in the short term. It results in
> a far better user experience on the instances in question, and is a
> fairly unintrusive change to make.
>
> Background on haveged in d-i:
> Haveged was added to d-i in commit c47000192 ("Add haveged-udeb [linux]
> to the pkg-lists/base") in response to bug #923675 and is used in
> buster. More recently, with the addition of the in-kernel entropy
> collection mechanisms we've been discussing here, the removal of haveged
> has been proposed for bullseye.
> https://lists.debian.org/debian-boot/2019/11/msg00077.html It has not
> yet been removed, though.
>
> Similarly, I would expect that we would remove haveged from the
> generated buster images once the kernel's entropy jitter-entropy
> collector is available for buster.
I think that what you're describing Noah is the best option at this point in
time.
We have to solve boot lag issue and in this case IMO the best is the enemy of
good enough.
So, yeah my opinion is to lets go with haveged until kernel is patched and then
remove it.
--
|_|0|_| |
|_|_|0| "Panta rei" |
|0|0|0| -------- kuLa -------- |
gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3
3DF1 A4DF C732 4688 38BC F121 6869 30DD 58C3 38B3
Attachment:
signature.asc
Description: PGP signature