Fixing Linux getrandom() in stable

Yves-Alexis Perez corsac at debian.org
Sun May 13 10:27:47 BST 2018


On Wed, 2018-05-09 at 23:46 +0100, Ben Hutchings wrote:
> It is unlikely that any further fix will be forthcoming on the kernel
> side, so I believe that we need to do one of:
> 
> 1. Add entropy to the kernel during boot; either:
>    a. Improve systemd-random-seed
>    b. Recommend use of haveged

There's also something which might be worth trying in coordination with
upstream: credit entropy for platform RNG like RDRAND/RDSEED. It obviously
won't fix the problem everywhere, but at least on “recent” Intel platforms
there should be an entropy source available without any further initialization
(unlike the TPM for example).

I know about the trust issues wrt. Intel, but maybe that should be revisited?

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180513/0eec2270/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list