Fixing Linux getrandom() in stable
Michael Biebl
biebl at debian.org
Thu May 10 14:39:25 BST 2018
Am 10.05.2018 um 00:46 schrieb Ben Hutchings:
> 1. Add entropy to the kernel during boot; either:
> a. Improve systemd-random-seed
> b. Recommend use of haveged
> 2. For each affected userland package, either:
> a. Revert to using /dev/urandom
> b. Tolerate a longer wait for getrandom() to return
>
> I asked about haveged on Twitter, and got into a discussion with Jann
> Horn (who reported the original issue). He pointed out that the
> systemd-random-seed service already saves and restores some random data
> between boots. It currently doesn't tell the RNG that this should be
> treated as adding to available entropy, so it doesn't help to unblock
> getrandom(). It also doesn't fully protect against using the same
> saved data twice, which would be a prerequisite.
There is https://github.com/systemd/systemd/issues/4271 which seems
related. If there is further feedback from our side, this should
probably be added to the upstream bug report.
> The libbsd maintainer (Guillem Jover) favours option 2a.
>
> One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and
> also proposed that systemd could provide a wait-for-rng-ready unit to
> support this.
What exactly would such a wait-for-rng-ready service do and how would it
solve this particular problem?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the Pkg-systemd-maintainers
mailing list