Fixing Linux getrandom() in stable
Ben Hutchings
ben at decadent.org.uk
Sun May 13 18:13:15 BST 2018
On Sun, 2018-05-13 at 11:27 +0200, Yves-Alexis Perez wrote:
> On Wed, 2018-05-09 at 23:46 +0100, Ben Hutchings wrote:
> > It is unlikely that any further fix will be forthcoming on the kernel
> > side, so I believe that we need to do one of:
> >
> > 1. Add entropy to the kernel during boot; either:
> > a. Improve systemd-random-seed
> > b. Recommend use of haveged
>
> There's also something which might be worth trying in coordination with
> upstream: credit entropy for platform RNG like RDRAND/RDSEED. It obviously
> won't fix the problem everywhere, but at least on “recent” Intel platforms
> there should be an entropy source available without any further initialization
> (unlike the TPM for example).
>
> I know about the trust issues wrt. Intel, but maybe that should be revisited?
I think it would make sense to at least provide a run-time option for
trusting the platform RNG.
Ben.
--
Ben Hutchings
The most exhausting thing in life is being insincere.
- Anne Morrow Lindberg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180513/40608076/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list