Improving available entropy
Simon Eisenmann
simon at struktur.de
Mon Feb 8 08:41:31 UTC 2016
Hi,
Am 06.02.2016 um 02:09 schrieb Seth Arnold:
> On Fri, Feb 05, 2016 at 06:39:40PM -0600, Tyler Hicks wrote:
>> 2) We need to make rng-tools available. Would it be preferred that
>> rng-tools is seeded in core or should it be a snap that gadget
>> snaps, for devices that have a hwrng, can declare as a preinstall
>> dependency?
>
> I think including rng-tools everywhere is a good idea: for only 80KB or so
> of storage space the value it gives is fantastic. I'd rather it be
> included everywhere and set up by default to the extent we can.
It does not help to include rng-tools and then start it eventually. It
is important that the boot process blocks until a certain amount of
entropy bits has become available as during first boot persistent keys
are generated (essentially without entropy).
I think boot / all initialization of snaps and system wide services
should block until at least 1024 bits of entropy are available for the
first time.
Cheers
Simon
--
Simon Eisenmann
[ mailto:simon at struktur.de ]
[ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ]
[ T. +49.711.896656.68 | F.+49.711.89665610 ]
[ http://www.struktur.de | mailto:info at struktur.de ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160208/28bd08bb/attachment.pgp>
More information about the snappy-devel
mailing list