From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christophe LEROY <christophe.leroy@c-s.fr>
Cc: Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org,
Linux Kernel Developers List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/5] random: fix crng_ready() test
Date: Thu, 17 May 2018 16:56:55 -0400 [thread overview]
Message-ID: <20180517205655.GC15263@thunk.org> (raw)
In-Reply-To: <84e0c16c-2b48-69e5-4ca4-2ca3bce15dc9@c-s.fr>
On Thu, May 17, 2018 at 08:01:04AM +0200, Christophe LEROY wrote:
>
> On a powerpc embedded board which has an mpc8xx processor running at 133Mhz,
> I now get the startup done in more than 7 minutes instead of 30 seconds.
> This is due to the webserver blocking on read on /dev/random until we get
> 'random: crng init done':
>
> [ 0.000000] Linux version 4.17.0-rc4-00415-gd2f75d40072d (root@localhost)
> (gcc version 5.4.0 (GCC)) #203 PREEMPT Wed May 16 16:32:02 CEST 2018
> [ 0.295453] random: get_random_u32 called from
> bucket_table_alloc+0x84/0x1bc with crng_init=0
> [ 1.030472] device: 'random': device_add
> [ 1.031279] device: 'urandom': device_add
> [ 1.420069] device: 'hw_random': device_add
> [ 2.156853] random: fast init done
> [ 462.007776] random: crng init done
>
> This has become really critical, is there anything that can be done ?
Figure out why the webserver needs to read /dev/random and is it for a
security critical purpose?
A kernel patch which makes the kernel do a "lalalalala I'm secure"
when it really isn't secure is a simple "solution", but would it
really make you happy?
- Ted
next prev parent reply other threads:[~2018-05-17 20:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-13 1:30 [PATCH 1/5] random: fix crng_ready() test Theodore Ts'o
2018-04-13 1:30 ` [PATCH 2/5] random: use a different mixing algorithm for add_device_randomness() Theodore Ts'o
2018-04-13 1:30 ` [PATCH 3/5] random: set up the NUMA crng instances after the CRNG is fully initialized Theodore Ts'o
2018-04-13 22:31 ` kbuild test robot
2018-04-13 1:30 ` [PATCH 4/5] random: crng_reseed() should lock the crng instance that it is modifying Theodore Ts'o
2018-04-13 1:30 ` [PATCH 5/5] random: add new ioctl RNDRESEEDCRNG Theodore Ts'o
2018-04-13 5:38 ` [PATCH 1/5] random: fix crng_ready() test Stephan Mueller
2018-04-13 12:53 ` Theodore Y. Ts'o
2018-04-13 13:05 ` Stephan Mueller
2018-04-13 17:00 ` Theodore Y. Ts'o
2018-05-17 0:07 ` Srivatsa S. Bhat
2018-05-17 20:53 ` Theodore Y. Ts'o
2018-05-17 6:01 ` Christophe LEROY
2018-05-17 20:56 ` Theodore Y. Ts'o [this message]
2018-05-02 16:18 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180517205655.GC15263@thunk.org \
--to=tytso@mit.edu \
--cc=christophe.leroy@c-s.fr \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.