On Wed, 2018-05-09 at 23:46 +0100, Ben Hutchings wrote: > It is unlikely that any further fix will be forthcoming on the kernel > side, so I believe that we need to do one of: > > 1. Add entropy to the kernel during boot; either: > a. Improve systemd-random-seed > b. Recommend use of haveged There's also something which might be worth trying in coordination with upstream: credit entropy for platform RNG like RDRAND/RDSEED. It obviously won't fix the problem everywhere, but at least on “recent” Intel platforms there should be an entropy source available without any further initialization (unlike the TPM for example). I know about the trust issues wrt. Intel, but maybe that should be revisited? Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part