Bug#911043: On starting (and stopping) rngd
Henrique de Moraes Holschuh
hmh at debian.org
Tue Nov 10 20:09:22 GMT 2020
On Tue, Nov 10, 2020, at 16:05, Thorsten Glaser wrote:
> So we additionally have the case where the character device
> exists but is not usableā¦ oh my.
This was common enough that rngd should know about it and bail out with an error if it doesn't gey proper random numbers from its input during startup. At least I vaguely recall adding that logic, including a timeout.
And it won't feed the entropy pool with obvious crap no matter what, although you can easily fool it of you want, a typical device malfunction (all zeroes, patterns with too much bias, all ones...) Won't get past it's simplistic fitness testing (the old fips one).
So you'd start it and it will bail up sometime later because the entropy source is unfit for use. On systemd you should watch that and don't restart it aggressively or you'll waste one cpu core worth of busywork in the worst case. Best case it sleeps.
--
Henrique de Moraes Holschuh <hmh at debian.org>
More information about the Pkg-systemd-maintainers
mailing list