Linux 5.4 Will Try When Needed To Actively Generate RNG Entropy To Avoid Boot Problems

Linux 5.4-rc1 didn't end up being released on Sunday night as is tradition but instead there were some last-minute critical patches that landed around the kernel's handling of the random number generator / entropy at boot-time.

The changes involve the kernel now trying to actively generate entropy to feed the random number generator when needed where as previously it would wait for entropy. In the event of idle systems, the system could wait indefinitely.

User-space brought this problem to light with GNOME/GDM requesting secure randomness at boot time, which exposed the vulnerability in the Linux kernel's getrandom() call. Now it's all hopefully sorted out with trying to generate the entropy when needed.

The change will start actively collecting entropy when needed and feeding it well for newer CPUs with high frequency timestamp counter support and generating timer noise. Other avenues for improving the kernel's "random" code are also being explored like exploiting CPU speculative execution's complexities.

With these random improvements, Linux 5.4 is also reverting a revert of an EXT4 improvement from Linux 5.3 that was bringing this issue to light.

So it's an interesting change on top of all the other features and changes of Linux 5.4. Presumably Linus Torvalds will move ahead today and issue Linux 5.4-rc1.