On Tue, Sep 10, 2013 at 11:40 AM, Tim Bird <tbird20d@xxxxxxxxx> wrote: > How much time does it add to boot to feed the device tree into the > random number pool. > > Some of the device trees are expected to get pretty big. If it's over > a millisecond, IMHO, it should be configurable (but this is not). It's detinitely not a very fast operation. "add_device_randomness()" does four full "mix_pool_bytes()" operations, and those each iterate over the input set one byte at a time. It was kind of designed for things like mixing in ethernet MAC addresses etc, so at the time that was written, the thinking was that it would be just a few bytes, maybe tens of bytes. I don't know how big flattened device trees can be, but I guess we're talking a couple of kB? So it might even be a better idea to feed the device tree to a hashing function (eg SHA1 or even just MD5), and then just mix in the hash. At least most block hash functions do things a word at a time. It does *not* need to be cryptographically secure, so MD5 would be plenty good enough - the only point of the hash would be to give a meaningful number of result bits from the source array. Of course, maybe even the stupid add_device_randomness() is fast enough. I just wanted to point out that it definitely isn't some optimized thing. Linus -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html