Bug#898814: When I log in, it hangs until crng init done

To: 898814@bugs.debian.org, Xilin Sun <s.sn.giraffe@gmail.com>, Vincent Lefevre <vincent@vinc17.net>
Subject: Bug#898814: When I log in, it hangs until crng init done
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 14 Dec 2018 11:04:40 +0100
Message-id: <[🔎] 137e59ade7a47bdaee1aca6fd1f58f7e3ae4f0ec.camel@debian.org>
Reply-to: Yves-Alexis Perez <corsac@debian.org>, 898814@bugs.debian.org
In-reply-to: <[🔎] 9e51998c2413c580199d390aba82fb004461ced1.camel@debian.org>
References: <87sh6say44.fsf@jidanni.org> <[🔎] CAM5N1vxpTp17fRq6DOa+W=Wb1wRC7X7hSBK44124Qx+qMoKi8w@mail.gmail.com> <87sh6say44.fsf@jidanni.org> <[🔎] 9e51998c2413c580199d390aba82fb004461ced1.camel@debian.org> <87sh6say44.fsf@jidanni.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 2018-12-14 at 10:24 +0100, Yves-Alexis Perez wrote:
> Something puzzles me with all those issues: as far as I can tell, on most
> install, systemd-random-seed.service should save a seed at shutdown and
> restore it at startup, and this (I think) should be enough to properly init
> the RNG.
> 
> Can you check if the service has been run in your case?

Hi again,

actually don't bother, I was pointed to [1] which has explanations. The random
seed load is done by just writing to /dev/urandom which doesn't  credit
entropy [2].

But there's apparently an RFC [3] for crediting that. It's just a bit
complicated to impose trust on downstream users.

[1] https://bugs.debian.org/912087#118 
[2] 
https://sources.debian.org/src/systemd/239-15/src/random-seed/random-seed.c/#L108
[3] https://github.com/systemd/systemd/pull/10621

I don't have good solutions right now. With 4.19 and if your CPU has an RNG
you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
kernel command line, which should help seeding the RNG.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlwTgDgACgkQ3rYcyPpX
RFsyoAgAkbtHav7ce39vm+XnPJJeH7mBNRd3ff28Uy3JMQcweet1jKcqMDm0po/T
4f+zCGhHuR6/spuO+esHF7/jSRG8QW00jSqW7+9HW8EdUu8MdYMyg6/119U7RLXm
BqrjcXlWgpDYS+QcTGV939EAlhhA1QvpftuZ5stzLnl1Q4OTiMEfSCubFACB0knl
q7tpEUQTFywFD4oSAXiShLacUwSbxDkBbUcjZFHiFVpUDCs6JHdZvCt+giNxZrF0
8niQlxzlhaML2976lZQbfOjOVWVY8o2oVdDlr/7KhE1uivXpE82A/LZNCZwM1Dm5
c4OwK5tBoBGSgcTSJw8j9BvtL+ZvWQ==
=NQnp
-----END PGP SIGNATURE-----

Reply to:

References:
- Bug#898814: When I log in, it hangs until crng init done
  - From: Xilin Sun <s.sn.giraffe@gmail.com>
- Bug#898814: When I log in, it hangs until crng init done
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Bug#898814: When I log in, it hangs until crng init done
Next by Date: Bug#896165: linux: request packaging of bpftool
Previous by thread: Bug#898814: When I log in, it hangs until crng init done
Next by thread: Bug#898814: When I log in, it hangs until crng init done
Index(es):
- Date
- Thread