[systemd-devel] Why we need to read/save random seed?
Cristian Rodríguez
cristian.rodriguez at opensuse.org
Sun Jun 14 17:34:31 PDT 2015
On Sun, Jun 14, 2015 at 6:45 PM, Greg KH <gregkh at linuxfoundation.org> wrote:
> On Sun, Jun 14, 2015 at 02:11:53PM -0300, Cristian Rodríguez wrote:
>> On Sun, Jun 14, 2015 at 1:43 PM, Greg KH <gregkh at linuxfoundation.org> wrote:
>> > On Sun, Jun 14, 2015 at 12:49:55PM -0300, Cristian Rodríguez wrote:
>> >>
>> >> El jun. 14, 2015 10:21, "cee1" <fykcee1 at gmail.com> escribió:
>> >> >
>> >> > Hi all,
>> >> >
>> >> > Why we need to read/save random seed? Can it be read from /dev/random each
>> >> time?
>> >>
>> >> Because the kernel is borked and still is needs to be fed of entropy at system
>> >> startup by user space. Please read the random man page.
>> >>
>> >> I agree we shouldn't have to do this at all..
>> >
>> > Really? And how do you suggest we "fix" the kernel when the hardware
>> > itself doesn't provide us with a proper random number "seed" in the
>> > first place? What do you suggest we do instead?
>>
>> Las time I checked , it required this userspace help even when the
>> machine has rdrand/rdseed or when a virtual machine is fed from the
>> host using the virtio-rng driver.. (may take up to 60 seconds to
>> report
>> random: nonblocking pool is initialized) Any other possible solution
>> that I imagined involves either blocking and/or changes in the
>> behaviour visible to userspace and that is probably unacceptable
>> .
>
> Really?
Yes, this is why for example you will find an "haveged" dracut module
that SUSE added during the SLE 12 development. to start entropy feed
from user-space as early as possible
this is not because folks are crazy but because it took way too long
to initialize at that time..
>A lot of changes went into seeding the initial random generator
> in the kernel in the past year, you might want to try it out again.
Sure, I will check it again..
>> The random-seed tool also does not increment the entropy count (It
>> writes to /dev/random instead of using the ioctls) so the ultimate
>> result is still a system with very little entropy to go on, only
>> starting rngd or haveged *very* early in the boot sequence seem to
>> help.
>
> Then why not fix the random-seed tool to use the correct interface?
yeah, I think we should take a look on this too.
More information about the systemd-devel
mailing list