On Fri, 23 Jun 2023 at 06:55, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> Setting the variable from user space is ultimately a better choice, I
> think.
Doing it from the kernel might still be an option, but I think it was
a huge mistake to do it *early*.
Early boot is fragile to begin with when not everything is set up, and
*much* harder to debug.
So not only are problems more likely to happen in the first place,
when they do happen they are a lot harder to figure out.
Maybe it would make more sense to write a new seed at kernel shutdown.
Not only do y ou presumably have a ton more entropy at that point, but
if things go sideways it's also less of a problem to have dead
machine.
Of course, shutdown is another really hard to debug situation, so not
optimal either.
Linus
