[systemd-devel] [tytso at mit.edu: Re: Linux messages full of `random: get_random_u32 called from`]

Lennart Poettering lennart at poettering.net
Wed May 2 09:25:40 UTC 2018


On Di, 01.05.18 18:08, Vito Caputo (vcaputo at pengaru.com) wrote:

> Hello systemd-devel,
> 
> There's an ongoing discussion @ lkml about early boot random number
> entropy, or the lack of it, and how it may hang systemd-using instances
> from booting indefinitely.
> 
> Ted Ts'o is questioning the validity of journal-authenticate's early
> random number usage, maybe some of you care to comment.

There appears to be some confusion there...

journal-authenticate.c only has an effect if forward secure sealing is
turned on, which it isn't by default, people have to explicitly
generate a keypair first. And it's the generation of that keypair that
requires proper (cryptographic) entropy — but this is generally not
done on boot. Hence, yes there's some code that requires proper
cryptographic entropy, and for a valid reason, but that code is
neither run on boot, nor run unless explicitly enabled.

Or maybe this confusion is just another iteration of the stuff
dicussed here? https://github.com/systemd/systemd/issues/4167

(Every single time I posted something on kernel mailing lists in the
past years I got excessively nasty mails back from kernel community
members, about that I should go and die and suchlike, and hence I am
generally refraining to post on kernel mailing lists, which is why I
am replying here, and not there... I know that sucks, but they really
need to fix their community first)

Lennart


More information about the systemd-devel mailing list