Fixing Linux getrandom() in stable
Yves-Alexis Perez
corsac at debian.org
Sun May 13 10:27:47 BST 2018
On Wed, 2018-05-09 at 23:46 +0100, Ben Hutchings wrote:
> It is unlikely that any further fix will be forthcoming on the kernel
> side, so I believe that we need to do one of:
>
> 1. Add entropy to the kernel during boot; either:
> a. Improve systemd-random-seed
> b. Recommend use of haveged
There's also something which might be worth trying in coordination with
upstream: credit entropy for platform RNG like RDRAND/RDSEED. It obviously
won't fix the problem everywhere, but at least on “recent” Intel platforms
there should be an entropy source available without any further initialization
(unlike the TPM for example).
I know about the trust issues wrt. Intel, but maybe that should be revisited?
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180513/0eec2270/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list