emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#37501: closed ([core-updates] Entropy starvation d

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#37501: closed ([core-updates] Entropy starvation during boot)
Date: Sun, 06 Oct 2019 16:43:02 +0000 
Your message dated Sun, 06 Oct 2019 18:42:43 +0200
with message-id <address@hidden>
and subject line Re: bug#37501: [core-updates] Entropy starvation during boot
has caused the debbugs.gnu.org bug report #37501,
regarding [core-updates] Entropy starvation during boot
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden.)


-- 
37501: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=37501
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: [core-updates] Entropy starvation during boot Date: Tue, 24 Sep 2019 17:48:02 +0200 User-agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) 
Hello,

After reconfiguring on the 'core-updates' branch, systems using the
OpenSSH service will occasionally (not always!) hang forever during
boot, waiting for entropy.  Moving the mouse or mashing the keyboard
allows the boot to proceed.

I don't think this is limited to OpenSSH, but anything that calls
getrandom() during startup.

There is some information about this problem and various workarounds
here, including links to recent LKML discussions:

https://daniel-lange.com/archives/152-hello-buster.html

For Guix, I believe adding (service urandom-seed-service-type) to
%base-services should be sufficient, but have not verified this yet.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- Subject: Re: bug#37501: [core-updates] Entropy starvation during boot Date: Sun, 06 Oct 2019 18:42:43 +0200 User-agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) 
Ludovic Courtès <address@hidden> writes:

> Hi,
>
> Marius Bakke <address@hidden> skribis:
>
>> I tried it, but it did not make any discernible difference in the
>> available entropy right after boot, nor did it aid the CRNG seeding.
>
> Bah, too bad, though it still doesn’t sound right to consume this much
> entropy right from the start.  I’m surprised it doesn’t make any
> difference when you remove that bit.

I guess generating 512 random bytes does not cost a lot of entropy.
Writing that made me curious, so I tested it:

$ cat /proc/sys/kernel/random/entropy_avail
3938
$ head -c 512 /dev/urandom > /dev/null && !!
3947

Wait, what?  Trying again...

$ head -c 512 /dev/urandom > /dev/null && cat 
/proc/sys/kernel/random/entropy_avail 
3693
[...typing this section of the email...]
$ head -c 512 /dev/urandom > /dev/null && cat 
/proc/sys/kernel/random/entropy_avail 
3898

> Perhaps we should print the value of /proc/…/entropy_avail in several
> places during boot time to get a better understanding.

That could be useful.  My understanding is that we were waiting for the
kernel to be absolutely certain that the entropy pool is sufficiently
random, i.e. "state 2" from this overview:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33

Once it is initialized, we get an "endless" stream of good random data
thanks to the entropy pool and ChaCha20(?).

See also this article for an overview of the discussions that lead to
Torvalds' patch:

https://lwn.net/SubscriberLink/800509/de787577364be340/

Anyway, I pushed the upstream fix in
dd6989711370c43676edc974f86c8586f21f80f6.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]