17.09.2019 22:32, Willy Tarreau пишет:
On Tue, Sep 17, 2019 at 07:30:36PM +0200, Lennart Poettering wrote:
On Di, 17.09.19 21:58, Alexander E. Patrakov (patrakov@xxxxxxxxx) wrote:
I am worried that the getrandom delays will be serialized, because processes
sometimes run one after another. If there are enough chained/dependent
processes that ask for randomness before it is ready, the end result is
still a too-big delay, essentially a failed boot.
In other words: your approach of adding delays only makes sense for heavily
parallelized boot, which may not be the case, especially for embedded
systems that don't like systemd.
As mentioned elsewhere: once the pool is initialized it's
initialized. This means any pending getrandom() on the whole system
will unblock at the same time, and from the on all getrandom()s will
be non-blocking.
He means that all process will experience this delay until there's enough
entropy.
Willy
Indeed, my wording was not clear enough. Linus' patch has a 5-second
timeout for small entropy requests, after which they get converted to
the equivalent of urandom. However, in the following shell script:
#!/bin/sh
p1
p2
if both p1 and p2 ask for a small amount of entropy before crng is fully
initialized, and do nothing that produces more entropy, the total delay
will be 10 seconds.
--
Alexander E. Patrakov