[systemd-devel] Why we need to read/save random seed?
Lennart Poettering
lennart at poettering.net
Wed Jun 17 08:15:51 PDT 2015
On Wed, 17.06.15 23:08, cee1 (fykcee1 at gmail.com) wrote:
> 2015-06-17 22:03 GMT+08:00 Lennart Poettering <lennart at poettering.net>:
> > On Wed, 17.06.15 20:21, cee1 (fykcee1 at gmail.com) wrote:
> >>
> >> What I means is:
> >> 1. Load a saved seed to /dev/urandom.
> >> 2. The service read /dev/random, which will block until kernel thinks
> >> there's enough entropy - then the Random Number should be good?
> >> 3. Save the random number returned in step 2 on disk.
> >
> > Blocking at boot for this doesn't really sound like an option. But the
> > kernel does not provide us with any nice notifications about when the
> > RNG pool is complete. If we want to do this kind of polishing, then
> > that'd be great, but we'd need sane notifiers for that, blocking
> > syscalls are not an option.
>
> That don't mean blocking boot, but a service, let's say
> systemd-random-seed.service:
> 1. systemd-random-seed.service loads a seed from disk to /dev/urandom
> 2. systemd-random-seed.service tells systemd "I'm ready" (sd_notify())
> 3. Instead of quitting immediately, systemd-random-seed.service tries
> to read /dev/random, and it blocks ...
> 4. systemd-random-seed.service at last gets a 'good random number',
> and saves it on disk
i'd be willing to take a patch for such a change.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list