Re: Can we maybe reduce the set of packages we install by default a bit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mi, 17.04.19 16:05, Chris Murphy (lists@xxxxxxxxxxxxxxxxx) wrote:

> On Wed, Apr 17, 2019 at 11:36 AM Lennart Poettering
> <mzerqung@xxxxxxxxxxx> wrote:
> >
> > Yeah, all that stuff is stuff the kernel could do better on its
> > own. If the CPU jitter stuff or the TPM stuff is a good idea, then why
> > not add that to the kernel natively, why involve userspace with that?
> > i.e. if the TPM and the CPU jitter stuff can be trusted, then the same
> > thing as for CONFIG_RANDOM_TRUST_CPU=y should be done: pass the random
> > data into the pool directly inside in the kernel.
>
> $ grep CONFIG_HW_RANDOM_TPM /boot/config-5.0.6-300.fc30.x86_64
> CONFIG_HW_RANDOM_TPM=y

So apparently, since a long time the kernel actually could push data
from hwrngs into the kernel pool while crediting entropy:

https://lkml.org/lkml/2018/11/2/193

i.e. it's the "rng_core.default_quality=700" switch on the kernel
cmdline.

It sounds like that option is just something that needs a compile time
option that Fedora could just turn on.

Quoting from that mail: "This is better than relying on rng-tools."

> /usr/lib/systemd/system/rngd.service contains
>
> WantedBy=multi-user.target
>
> I'm gonna guess Steve Grubb is wondering whether it could be wanted by
> an earlier target, possibly cryptsetup-pre.target? I don't see a
> service file in the upstream project so this may have been selected by
> the Fedora packager as a known to work option.

WantedBy= doesn't really say much about when something is started,
just about what wants it started. It's not about ordering, it's about
requirement.

If you want to order it early then set DefaultDependencies=no and use
Before= some appropriate unit.

But this is all pretty much pointless, since PID 1 (systemd) itself already
needs entropy, and thus starting this after PID 1 is useless.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux