On Fr, 28.08.20 10:20, Ulrich Windl (Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx) wrote: > The code in the kernel relies on feeding the random pool probably before > getting the first UUID (but obviously too late for boot_id): The boot ID code is in the kernel. It knows better than userspace when the entropy pool is initialized. > * echo "Initializing random number generator..." > * random_seed=/var/run/random-seed > * # Carry a random seed from start-up to start-up > * # Load and then save the whole entropy pool > * if [ -f $random_seed ]; then > * cat $random_seed >/dev/urandom > * else > * touch $random_seed > * fi > * chmod 600 $random_seed > * dd if=/dev/urandom of=$random_seed count=1 bs=512 systemd has "systemd-random-seed.service" which something similar, but a bit smarter. It's not as useful as people might assume though, since it has to wait that /var is writable, since we should not use the seed data unless we can make sure it's not going to be reused on next boot (because coming up with the very same seed on every boot is the opposite of random). Thus we need to invalidate the random seed first, then upload it to the kernel, then write a new random seed to disk. The boot ID is generated very early on during boot, by the kernel internally long before /var becomes writable. Hence the entropy for it needs to come from somewhere else, and the kernel needs to make sure to generate it only after the entropy pool in the kernel is filled. > What systemd might do is: Save the last boot_id. If the current boot_id is the > same as the last one during boot, either do: No, we rely on the kernel to work correctly. The same way as /dev/urandom is kernel API /proc/sys/kernel/random/boot_id is kernel API and we should rely on it to work and if it doesn't then it needs to be fixed in the kernel. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel