Announcement

Collapse
No announcement yet.

Linux To Better Protect Entropy Sent In From User-Space

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux To Better Protect Entropy Sent In From User-Space

    Phoronix: Linux To Better Protect Entropy Sent In From User-Space

    Fedora has begun utilizing a user-space jitter entropy daemon for feeding entropy to the kernel at boot time in case not enough is available for the kernel's random needs. But with that approach not being from a true hardware random number generator, a patch worked out by veteran Linux kernel developer Ted Ts'o will mix in RdRand entropy...

    http://www.phoronix.com/scan.php?pag...t-User-Entropy

  • #2
    For those wondering ”why not haveged?“: jitter entropy is being integrated into rng-tools, which are already used on Fedora.

    Comment


    • #3
      To quote somewhere from the LKML (or maybe it was github): "systemd shouldn't be using cryptographic quality random during boot anyways"

      Comment


      • #4
        I think this should be done by systemd.

        Comment


        • #5
          systemd-randomd

          Comment


          • #6
            I recently got hit by a weird bug, when sddm took very long time to appear (in VM and on one older computer). Apparently, there wasn't enough randomness for it. I had to install rng-tools5. You can check if your processor has needed feature (rdrand) is /proc/cpuinfo.

            Comment


            • #7
              I thought the entropy pool was saved at shutdown and restored at bootup. What happened to that?

              Comment


              • #8
                What uses random on boot?

                Comment


                • #9
                  Originally posted by Templar82 View Post
                  What uses random on boot?
                  sddm does.

                  Comment


                  • #10
                    Originally posted by shmerl View Post
                    I recently got hit by a weird bug, when sddm took very long time to appear (in VM and on one older computer). Apparently, there wasn't enough randomness for it. I had to install rng-tools5. You can check if your processor has needed feature (rdrand) is /proc/cpuinfo.
                    I might be in the same situation. Waiting for sddm to show up is definitely the longest part of my boot process.

                    It seems like a bug in sddm, as I don't see why it should need cryptographic-quality random numbers at all.

                    I'm not hitting this issue on another machine, though.

                    Comment

                    Working...
                    X