[systemd-devel] Antw: [EXT] Re: Journal message timestamps

[Lennart Poettering]

On Fr, 28.08.20 10:20, Ulrich Windl (Ulrich.Windl at rz.uni-regensburg.de) wrote:

> The code in the kernel relies on feeding the random pool probably before
> getting the first UUID (but obviously too late for boot_id):

The boot ID code is in the kernel. It knows better than userspace when
the entropy pool is initialized.

>  *      echo "Initializing random number generator..."
>  *      random_seed=/var/run/random-seed
>  *      # Carry a random seed from start-up to start-up
>  *      # Load and then save the whole entropy pool
>  *      if [ -f $random_seed ]; then
>  *              cat $random_seed >/dev/urandom
>  *      else
>  *              touch $random_seed
>  *      fi
>  *      chmod 600 $random_seed
>  *      dd if=/dev/urandom of=$random_seed count=1 bs=512

systemd has "systemd-random-seed.service" which something similar, but
a bit smarter. It's not as useful as people might assume though, since
it has to wait that /var is writable, since we should not use the seed
data unless we can make sure it's not going to be reused on next boot
(because coming up with the very same seed on every boot is the
opposite of random). Thus we need to invalidate the random seed first,
then upload it to the kernel, then write a new random seed to disk.

The boot ID is generated very early on during boot, by the kernel
internally long before /var becomes writable. Hence the entropy for it
needs to come from somewhere else, and the kernel needs to make sure
to generate it only after the entropy pool in the kernel is filled.

> What systemd might do is: Save the last boot_id. If the current boot_id is the
> same as the last one during boot, either do:

No, we rely on the kernel to work correctly. The same way as
/dev/urandom is kernel API /proc/sys/kernel/random/boot_id is kernel
API and we should rely on it to work and if it doesn't then it needs
to be fixed in the kernel.

Lennart

--
Lennart Poettering, Berlin