Hi David, On Wed, Mar 23, 2022 at 8:01 AM David Laight <David.Laight@xxxxxxxxxx> wrote: > > From: Jason A. Donenfeld > > Sent: 23 March 2022 04:48 > ... > > - Plenty of things are seeding the RNG correctly, and buildroot's > > shell script is just "doing it wrong". > > > > On that last point, I should reiterate that buildroot's shell script > > still isn't actually initializing the RNG, despite what it says in its > > echo; there's never been a way to initialize the RNG from a shell > > script, without calling out to various special purpose ioctl-aware > > binaries. > > Perhaps the very first write after boot could be assumed to > be valid initialisation data? > (On top of a few other tests.) I addressed this already earlier. That approach does not work. Too many things already pass in garbage, not expecting for it to be credited, but just contributory. /dev/urandom writes simply has never had the semantics one would want for credited seeding. Adding a heuristic like this will break users. Jason
