[tytso@xxxxxxx: Re: Linux messages full of `random: get_random_u32 called from`]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Di, 01.05.18 18:08, Vito Caputo (vcaputo at pengaru.com) wrote:

> Hello systemd-devel,
> 
> There's an ongoing discussion @ lkml about early boot random number
> entropy, or the lack of it, and how it may hang systemd-using instances
> from booting indefinitely.
> 
> Ted Ts'o is questioning the validity of journal-authenticate's early
> random number usage, maybe some of you care to comment.

There appears to be some confusion there...

journal-authenticate.c only has an effect if forward secure sealing is
turned on, which it isn't by default, people have to explicitly
generate a keypair first. And it's the generation of that keypair that
requires proper (cryptographic) entropy â?? but this is generally not
done on boot. Hence, yes there's some code that requires proper
cryptographic entropy, and for a valid reason, but that code is
neither run on boot, nor run unless explicitly enabled.

Or maybe this confusion is just another iteration of the stuff
dicussed here? https://github.com/systemd/systemd/issues/4167

(Every single time I posted something on kernel mailing lists in the
past years I got excessively nasty mails back from kernel community
members, about that I should go and die and suchlike, and hence I am
generally refraining to post on kernel mailing lists, which is why I
am replying here, and not there... I know that sucks, but they really
need to fix their community first)

Lennart
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux