Re: fix for no ssh

To: debian-user@lists.debian.org
Subject: Re: fix for no ssh
From: Reco <recoverym4n@enotuniq.net>
Date: Thu, 11 Jul 2019 18:19:31 +0300
Message-id: <[🔎] E1hlar6-0005zH-9F@enotuniq.net>
In-reply-to: <[🔎] 20190711150057.GZ8410@bitfolk.com>
References: <[🔎] slrnqi6r6k.21v.curty@einstein.electron.org> <[🔎] 20190708164527.GH8410@bitfolk.com> <[🔎] slrnqi8ibp.20d.curty@einstein.electron.org> <[🔎] 20190710081632.GS8410@bitfolk.com> <[🔎] slrnqibbq7.1ph.curty@einstein.electron.org> <[🔎] 20190710114633.GT8410@bitfolk.com> <[🔎] 20190710130316.GD2450@eeg.ccf.org> <[🔎] 20190711120353.GX8410@bitfolk.com> <[🔎] E1hlZnn-0005v5-UJ@enotuniq.net> <[🔎] 20190711150057.GZ8410@bitfolk.com>

	Hi.

On Thu, Jul 11, 2019 at 03:00:57PM +0000, Andy Smith wrote:
> On Thu, Jul 11, 2019 at 05:12:03PM +0300, Reco wrote:
> > On Thu, Jul 11, 2019 at 12:03:53PM +0000, Andy Smith wrote:
> > > I think the wiki article at
> > > https://wiki.debian.org/BoottimeEntropyStarvation really shows that
> > > currently there is no such consensus available, as every solution
> > > listed (except buying extra entropy hardware)
> > 
> > That one is bad too.
> > Hardware random generator is not used by kernel directly, it requires
> > userspace program (such as hwrngd).
> > So, even if you put it into initrd alongside with the needed kernel
> > modules, there's still a noticeable delay between 'kernel rng is needed'
> > and 'sufficient entropy is available'.
> 
> With no modifications and RDRAND instruction disabled,

RDRAND is an exception to this as kernel does use it directly if
allowed. Devices that I wrote about are exposed to userspace via
/dev/hwrng character device.

For instance, this Exynos ARM SOC comes with HWRNG, but:

[    0.000000] random: get_random_bytes called from start_kernel+0x9c/0x528 with crng_init=0
[    0.772543] random: fast init done
[    9.006398] random: lvm: uninitialized urandom read (4 bytes read)
[   10.206032] random: lvm: uninitialized urandom read (4 bytes read)
[   10.363308] random: lvm: uninitialized urandom read (4 bytes read)
[   10.439771] random: lvm: uninitialized urandom read (2 bytes read)
[   12.322888] random: lvmconfig: uninitialized urandom read (4 bytes read)
[   12.861180] random: systemd: uninitialized urandom read (16 bytes read)
[   12.878890] random: systemd: uninitialized urandom read (16 bytes read)
[   14.126267] random: crng init done
[   14.714783] exynos-trng 10830600.rng: Exynos True Random Number Generator.

Note that the kernel needs entropy from the beginning, but gets the
possibility to use HWRNG on 14th second of uptime.

Reco

Reply to:

References:
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>
- Re: fix for no ssh
  - From: Curt <curty@free.fr>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>
- Re: fix for no ssh
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>
- Re: fix for no ssh
  - From: Reco <recoverym4n@enotuniq.net>
- Re: fix for no ssh
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: HTML mail
Next by Date: Re: systemd-networkd, bridge and containers: unable to ping host from guest
Previous by thread: Re: fix for no ssh
Next by thread: Re: fix for no ssh
Index(es):
- Date
- Thread