Bug#898814: When I log in, it hangs until crng init done
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 2018-12-14 at 10:24 +0100, Yves-Alexis Perez wrote:
> Something puzzles me with all those issues: as far as I can tell, on most
> install, systemd-random-seed.service should save a seed at shutdown and
> restore it at startup, and this (I think) should be enough to properly init
> the RNG.
>
> Can you check if the service has been run in your case?
Hi again,
actually don't bother, I was pointed to [1] which has explanations. The random
seed load is done by just writing to /dev/urandom which doesn't credit
entropy [2].
But there's apparently an RFC [3] for crediting that. It's just a bit
complicated to impose trust on downstream users.
[1] https://bugs.debian.org/912087#118
[2]
https://sources.debian.org/src/systemd/239-15/src/random-seed/random-seed.c/#L108
[3] https://github.com/systemd/systemd/pull/10621
I don't have good solutions right now. With 4.19 and if your CPU has an RNG
you're willing to trust, you'll be able to pass random.trust_cpu=yes to the
kernel command line, which should help seeding the RNG.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlwTgDgACgkQ3rYcyPpX
RFsyoAgAkbtHav7ce39vm+XnPJJeH7mBNRd3ff28Uy3JMQcweet1jKcqMDm0po/T
4f+zCGhHuR6/spuO+esHF7/jSRG8QW00jSqW7+9HW8EdUu8MdYMyg6/119U7RLXm
BqrjcXlWgpDYS+QcTGV939EAlhhA1QvpftuZ5stzLnl1Q4OTiMEfSCubFACB0knl
q7tpEUQTFywFD4oSAXiShLacUwSbxDkBbUcjZFHiFVpUDCs6JHdZvCt+giNxZrF0
8niQlxzlhaML2976lZQbfOjOVWVY8o2oVdDlr/7KhE1uivXpE82A/LZNCZwM1Dm5
c4OwK5tBoBGSgcTSJw8j9BvtL+ZvWQ==
=NQnp
-----END PGP SIGNATURE-----
Reply to: