Re: [patch 2/2] ssh-client: add urandom seeding

[Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]

On 10/12/2012 09:35 PM, Vivek Goyal wrote:

> On Fri, Oct 12, 2012 at 12:44:37PM +0800, Dave Young wrote:
>> On 10/12/2012 03:58 AM, Vivek Goyal wrote:
>>
>>> On Thu, Oct 11, 2012 at 10:16:01AM +0200, Harald Hoyer wrote:
>>>> Hmm, wouldn't that mean, that the generator is seeded with the _same_ seed on
>>>> every reboot?
>>>> How is this different from booting with no seed at all?
>>>
>>> Atleast it can help with kdump where we might regenerate the initramfs
>>> upon user config change and capture the new seed.
>>>
>>> Also kdump does not happen often on the machine. So I guess for once in 
>>> a while operation it is still better to use random-seed then not using
>>> anything at all.
>>
>>
>> For normal boot case, I think something like
>> systemd-random-seed-load.service is fine because rootfs is always
>> mounted in initramfs. But I'm not sure how to handle the mount issue if
>> /var/lib if mounted to another partition.
>>
>> Or simply add below to pre-pivot hook:
>>
>> if [ -f /proc/vmcore ]; then
>>     cat /var/lib/random-seed > /dev/urandom
>> else
>>     if [ -f /sysroot/var/lib/random-seed ]; then
>>         cat /sysroot/var/lib/random-seed > /dev/urandom
>>     fi
>> fi
>>
> 
> Or how about doing it rhel6 way. Let kdump module pack in
> /var/lib/random-seed in kdump initramfs and if this file is present,
> feed it to /dev/urandom.


Ok, will add this in kdump module instead.

Harald, please ignore patch 2/2 then.

> 
> Thanks
> Vivek



-- 
Thanks
Dave