On Wed, Apr 24, 2019 at 12:24 PM Lennart Poettering
> > But why do that in userspace at all? the "Trust CPU
> > compile time option shows that these things are trivial to solve if
> > people just want to. Instead of involving rngd at all, why not add a
> > similar option for the TPM RNG (or any other non-CPU hw rng) and then
> > rngd doesn't do anything useful anymore whatsoever? I mean, to my
> > knowledge all those other RNGs already feed into the pool anyway, they
> > just don't get trusted and thus don't add to the entropy
> > estimate. Fixing that should be quite doable and given that
> > CONFIG_RANDOM_TRUST_CPU exists now it shouldn't be politically too
> > hard to argue for a CONFIG_RANDOM_TRUST_TPM either...
> I like the part that this is trivial to solve if people want to.
> Making people agree is an order of magnitude harder than fixing any
> code. Nevertheless, without rngd, getrandom() would block in one of
> the first services started by systemd (if it doesn't block in systemd
As mentioned before: systemd itself already needs entropy itself (it
assigns a random 128bit id to each service invocation, dubbed the
"invocation ID" of it, and it generates the machine ID and seeds its
hash table hash functions), hence rngd doesn't cut it anyway, since it
starts after systemd, being a service managed by systemd. If rngd was
supposed to fill up the entropy pool at boot, it would have to run as
initial PID 1 in the initrd, before systemd, and then hand over to
systemd only after the pool is full. But it doesn't, hence rngd is
pointless: it runs too late to be useful.
The goal of running rngd early was to have the system boot, not
necessarily to address systemd's need for random numbers. In that it
is successful. I do not disagree that it is not a clean solution.