From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christophe LEROY <christophe.leroy@c-s.fr>
Cc: Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org,
Linux Kernel Developers List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/5] random: fix crng_ready() test
Date: Thu, 17 May 2018 16:56:55 -0400 [thread overview]
Message-ID: <20180517205655.GC15263@thunk.org> (raw)
In-Reply-To: <84e0c16c-2b48-69e5-4ca4-2ca3bce15dc9@c-s.fr>
On Thu, May 17, 2018 at 08:01:04AM +0200, Christophe LEROY wrote:
>
> On a powerpc embedded board which has an mpc8xx processor running at 133Mhz,
> I now get the startup done in more than 7 minutes instead of 30 seconds.
> This is due to the webserver blocking on read on /dev/random until we get
> 'random: crng init done':
>
> [ 0.000000] Linux version 4.17.0-rc4-00415-gd2f75d40072d (root@localhost)
> (gcc version 5.4.0 (GCC)) #203 PREEMPT Wed May 16 16:32:02 CEST 2018
> [ 0.295453] random: get_random_u32 called from
> bucket_table_alloc+0x84/0x1bc with crng_init=0
> [ 1.030472] device: 'random': device_add
> [ 1.031279] device: 'urandom': device_add
> [ 1.420069] device: 'hw_random': device_add
> [ 2.156853] random: fast init done
> [ 462.007776] random: crng init done
>
> This has become really critical, is there anything that can be done ?
Figure out why the webserver needs to read /dev/random and is it for a
security critical purpose?
A kernel patch which makes the kernel do a "lalalalala I'm secure"
when it really isn't secure is a simple "solution", but would it
really make you happy?
- Ted
next prev parent reply other threads:[~2018-05-17 20:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-13 1:30 [PATCH 1/5] random: fix crng_ready() test Theodore Ts'o
2018-04-13 1:30 ` [PATCH 2/5] random: use a different mixing algorithm for add_device_randomness() Theodore Ts'o
2018-04-13 1:30 ` [PATCH 3/5] random: set up the NUMA crng instances after the CRNG is fully initialized Theodore Ts'o
2018-04-13 22:31 ` kbuild test robot
2018-04-13 1:30 ` [PATCH 4/5] random: crng_reseed() should lock the crng instance that it is modifying Theodore Ts'o
2018-04-13 1:30 ` [PATCH 5/5] random: add new ioctl RNDRESEEDCRNG Theodore Ts'o
2018-04-13 5:38 ` [PATCH 1/5] random: fix crng_ready() test Stephan Mueller
2018-04-13 12:53 ` Theodore Y. Ts'o
2018-04-13 13:05 ` Stephan Mueller
2018-04-13 17:00 ` Theodore Y. Ts'o
2018-05-17 0:07 ` Srivatsa S. Bhat
2018-05-17 20:53 ` Theodore Y. Ts'o
2018-05-17 6:01 ` Christophe LEROY
2018-05-17 20:56 ` Theodore Y. Ts'o [this message]
2018-05-02 16:18 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180517205655.GC15263@thunk.org \
--to=tytso@mit.edu \
--cc=christophe.leroy@c-s.fr \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).