Bug#948519: insufficient boot-time entropy on arm64 virtual machines
Package: src:linux
Version: 4.19.67-2+deb10u2
Severity: important
See the thread at
https://lists.debian.org/debian-cloud/2020/01/threads.html#00013 for
some context.
When launching arm64 VMs on Amazon EC2, a lack of entropy at boot
results in the full boot process taking several minutes, when the
expectation is that it take a small number of seconds (<10).
Analysis of the boot process shows the ssh key generation is the
culprit, taking nearly 3 minutes.
admin@ip-10-0-1-87:~$ cloud-init analyze blame
-- Boot Record 01 --
165.77300s (init-network/config-ssh)
The 5.4 kernel currently in sid does not experience this lack of
entropy. It has been suggested that upstream commit 50ee7529ec45
("random: try to actively add entropy rather than passively wait for
it") may be the difference here, but I have not confirmed this.
A suggested workaround has been to install haveged in the image, but
this tends to make crypto people frown.
Reply to: