Re: Antw: Re: Antw: [EXT] Re: Journal message timestamps

[Lennart Poettering <lennart@xxxxxxxxxxxxxx>]

On Mo, 07.09.20 09:55, Ulrich Windl (Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx) wrote:

> > The boot ID is generated very early on during boot, by the kernel
> > internally long before /var becomes writable. Hence the entropy for it
> > needs to come from somewhere else, and the kernel needs to make sure
> > to generate it only after the entropy pool in the kernel is filled.
> >
> >> What systemd might do is: Save the last boot_id. If the current boot_id is
>
> > the
> >> same as the last one during boot, either do:
> >
> > No, we rely on the kernel to work correctly. The same way as
> > /dev/urandom is kernel API /proc/sys/kernel/random/boot_id is kernel
> > API and we should rely on it to work and if it doesn't then it needs
> > to be fixed in the kernel.
>
> Lennart,
>
> you seem to miss my point:
> I tried to explain that any user-supplied randomness will arrive too late for
> boot_id. So sources that may contribute are the RTC and the boot device and
> maybe some interrupts. But if there is not RTC, no loaded NIC driver and the
> boot disk in on flash, there's likely no randomness.
> A crude workaound I could think of is top provide "randomness" via a kernel
> parameter: On shutdown you would patch the GRUB menu to receive a new
> randomness value...

systemd-boot implements something like this actually:

https://systemd.io/RANDOM_SEEDS/#systemds-support-for-filling-the-kernel-entropy-pool

The third point there: "The systemd-boot EFI boot loader included in
systemd is able to maintain and provide a random seed stored in the
EFI..."

Other boot loaders should be able to implement the same.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel