On Sun, Jan 27, 2019 at 06:41:10PM +0100, Steve Grubb wrote: > The biggest problem in dealing with crypto early in boot is that the > system is starved for entropy. I'm wondering if this runs before or > after systemd loads the saved entropy seed into the kernel? On bare-metal, I didn't notice real problems regarding low entropy during the early sshd startup. I just noticed sometimes that sshd took a bit longer than usual to startup (due to low entropy). Perhaps this isn't the only reason, but I suspect that the usual network 'noise' and a ping I have running when I reboot a remote machine is sufficient for the remote machine to build up enough entropy in reasonable time. With the CI suite rapidly starting VMs, possibly inside a VM, I noticed serious entropy starving which resulted in slow sshd startup or even timeouts (with the early and late sshd), sometimes. Which resulted in pseudo-randomly failing tests, of course. Thus, my solution to this is to add `-device virtio-rng-pci` to the QEMU call. And when running the tests locally I also start haveged (on the host). This is not necessary in the Travis-CI environment. Best regards Georg -- 'Correction of ASN.1 syntax definition errors introduced by automatic Word correction.' (TD.57 specification version 29.2, 2011) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
