From: Milan Broz <mbroz@redhat.com>
To: device-mapper development <dm-devel@redhat.com>
Cc: Valentin QUEQUET <v.quequet-techniques@orange.fr>,
linux-crypto@vger.kernel.org, bugme-daemon@bugzilla.kernel.org
Subject: Re: Re: [Bugme-new] [Bug 12680] New: Not having a VIA PadLock hardware incurs a long delay in probing on modules insertion attempt.
Date: Wed, 11 Feb 2009 20:28:20 +0100 [thread overview]
Message-ID: <499326D4.5060005@redhat.com> (raw)
In-Reply-To: <20090211091647.6607aea4.akpm@linux-foundation.org>
Andrew Morton wrote:
> (cc dm-devel)
>
> On Wed, 11 Feb 2009 17:27:42 +0100 Valentin QUEQUET <v.quequet-techniques@orange.fr> wrote:
>
>> I've finally found why my computer seems to hang (pause) quite lengthy
>> when I boot Pristine Linux 2.6.29-rcX... instead of Pristine Linux
>> 2.6.28.4 (for example).
>>
>> The reason is that the cryptographic keys generation for the Device
>> Mapper takes longer with 2.6.29 than with 2.6.28 under certain
>> circumstances.
>
> So it's device-mapper userspace?
No. cryptsetup (which is probably "device-mapper userspace" here) reads
/dev/random only during luksFormat or during manipulating with keyslots
(adding key for example).
The situation you are talking about is when you have for example swap
encrypted with random key. It is initscripts which owns /etc/crypttab
and which just tell cryptsetup "use /dev/random as keyfile".
Also initscripts are responsible for loading of random seed to
properly initialize RNG *before* this.
Most distributions uses two steps - mount volume with /var
(where is the random seed stored) and later mount encrypted volumes
using random key.
I do not know if the delay in new kernel is bug, but the problem
with lack of entropy during system boot is "known" problem.
(Imagine 128bit random key which use fast-generated key with only
few random bits because of lack of entropy... better to not
use encryption at all then use such key!)
(if you use LUKS, the random key is generated during luksFormat and
you do not need random data (entropy) on activation, you just need
enter known passphrase to unlock keyslot with the volume key.)
Milan
--
mbroz@redhat.com
next prev parent reply other threads:[~2009-02-11 19:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-12680-10286@http.bugzilla.kernel.org/>
2009-02-09 21:05 ` [Bugme-new] [Bug 12680] New: Not having a VIA PadLock hardware incurs a long delay in probing on modules insertion attempt Andrew Morton
2009-02-09 21:59 ` Valentin QUEQUET
[not found] ` <4992FC7E.3010207@orange.fr>
2009-02-11 17:16 ` Andrew Morton
2009-02-11 19:28 ` Milan Broz [this message]
2009-02-11 20:55 ` [dm-devel] " Valentin QUEQUET
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=499326D4.5060005@redhat.com \
--to=mbroz@redhat.com \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=dm-devel@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=v.quequet-techniques@orange.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.