On Mi, 17.04.19 16:05, Chris Murphy (lists@xxxxxxxxxxxxxxxxx) wrote: > On Wed, Apr 17, 2019 at 11:36 AM Lennart Poettering > <mzerqung@xxxxxxxxxxx> wrote: > > > > Yeah, all that stuff is stuff the kernel could do better on its > > own. If the CPU jitter stuff or the TPM stuff is a good idea, then why > > not add that to the kernel natively, why involve userspace with that? > > i.e. if the TPM and the CPU jitter stuff can be trusted, then the same > > thing as for CONFIG_RANDOM_TRUST_CPU=y should be done: pass the random > > data into the pool directly inside in the kernel. > > $ grep CONFIG_HW_RANDOM_TPM /boot/config-5.0.6-300.fc30.x86_64 > CONFIG_HW_RANDOM_TPM=y So apparently, since a long time the kernel actually could push data from hwrngs into the kernel pool while crediting entropy: https://lkml.org/lkml/2018/11/2/193 i.e. it's the "rng_core.default_quality=700" switch on the kernel cmdline. It sounds like that option is just something that needs a compile time option that Fedora could just turn on. Quoting from that mail: "This is better than relying on rng-tools." > /usr/lib/systemd/system/rngd.service contains > > WantedBy=multi-user.target > > I'm gonna guess Steve Grubb is wondering whether it could be wanted by > an earlier target, possibly cryptsetup-pre.target? I don't see a > service file in the upstream project so this may have been selected by > the Fedora packager as a known to work option. WantedBy= doesn't really say much about when something is started, just about what wants it started. It's not about ordering, it's about requirement. If you want to order it early then set DefaultDependencies=no and use Before= some appropriate unit. But this is all pretty much pointless, since PID 1 (systemd) itself already needs entropy, and thus starting this after PID 1 is useless. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx