Hi! > > => src/random-seed/random-seed.c: > > /* > > * Let's make this whole job asynchronous, i.e. let's make > > * ourselves a barrier for proper initialization of the > > * random pool. > > */ ... > > k = getrandom(buf, buf_size, GRND_NONBLOCK); > > if (k < 0 && errno == EAGAIN && synchronous) { > > log_notice("Kernel entropy pool is not initialized yet, " > > "waiting until it is."); > > > > k = getrandom(buf, buf_size, 0); /* retry synchronously */ > > } > > Yeah, the above is yet another example of completely broken garbage. > > You can't just wait and block at boot. That is simply 100% > unacceptable, and always has been, exactly because that may > potentially mean waiting forever since you didn't do anything that > actually is likely to add any entropy. Hmm. This actually points to a solution, and I believe solution is in the kernel. Userspace is not the best place to decide what is the best way to generate entropy. > As mentioned, this has already historically been a huge issue on > embedded devices, and with disks turnign not just to NVMe but to > actual polling nvdimm/xpoint/flash, the amount of true "entropy" > randomness we can give at boot is very questionable. > > We can (and will) continue to do a best-effort thing (including very > much using rdread and friends), but the whole "wait for entropy" > simply *must* stop. And we can stop it... from kernel, and without hacks. Simply by generating some entropy. We do not need to sit quietly while userspace waits for entropy to appear. We can for example do some reads from the disk. (find / should be good for generating entropy on many systems). For systems with rtc but not timestamp counter, we can actually just increase register, then read it from interrupt... ...to get precise timings. We know system is blocked waiting for entropy, we can do expensive things we would not "normally" do. Yes, it would probably mean new kind of "driver" whose purpose is to generate some kind of activity so that interrupts happen and entropy is generated... But that is still better solution than fixing all of the userspace. (With some proposals here, userspace _could_ do while (getrandom() == -EINVAL) { system("find / &"); sleep(1); } ...but I believe we really want to do it once, in kernel, and less hacky than this) Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html