On Mi, 17.04.19 15:25, Simo Sorce (simo(a)redhat.com) wrote:
On Wed, 2019-04-17 at 15:14 -0400, Steve Grubb wrote:
> Many have tried to convince upstream about this. If anyone here has influence,
> please try.
If upstream is currently resistant, what about turning rngd into a
loadable kernel module and then insure it is in the initramfs and
loaded at kernel boot time ?
Would this be a way to show upstream that this works and perhaps allow
inclusion later on ?
So apparently the kernel can do both the RDSEED/RDRAND stuff already
on its own (and this is turned on in Fedora) and also can credit
entropy based on other hwrngs too (see other mail). The latter is a
bit awkward since it requires a kernel cmdline option currently to
enable, and is global for all drivers though it would probably be wise
to enable this individually for each driver judging by how much the
device is trusted or not.
(Also note that virtio-rng is something systemd automatically loads if
it's not around but the environment would support it, and it appears
to credit entropy too.)
Lennart Poettering, Berlin