On Sun, 2018-05-13 at 11:27 +0200, Yves-Alexis Perez wrote:
> On Wed, 2018-05-09 at 23:46 +0100, Ben Hutchings wrote:
> > It is unlikely that any further fix will be forthcoming on the kernel
> > side, so I believe that we need to do one of:
> >
> > 1. Add entropy to the kernel during boot; either:
> > a. Improve systemd-random-seed
> > b. Recommend use of haveged
>
> There's also something which might be worth trying in coordination with
> upstream: credit entropy for platform RNG like RDRAND/RDSEED. It obviously
> won't fix the problem everywhere, but at least on “recent” Intel platforms
> there should be an entropy source available without any further initialization
> (unlike the TPM for example).
>
> I know about the trust issues wrt. Intel, but maybe that should be revisited?
I think it would make sense to at least provide a run-time option for
trusting the platform RNG.
Ben.
--
Ben Hutchings
The most exhausting thing in life is being insincere.
- Anne Morrow Lindberg
Attachment:
signature.asc
Description: This is a digitally signed message part