On Tue, Feb 25, 2020 at 12:48:08PM -0700, stan wrote:
On Tue, 25 Feb 2020 14:24:10 -0500 Neil Horman nhorman@redhat.com wrote:
On Tue, Feb 25, 2020 at 11:58:56AM -0700, stan wrote:
Doesn't the elimination of the shadow pool, and the removal of push_to_pool end the ability to push entropy? I'm going to have to bite the bullet and take the code apart until I can understand the new system.
shouldn't do, the ioclt writes directly to the input_pool
I can confirm this. I booted the 5.6 kernel without any patches, and the rtl2832 is happily feeding it entropy. So, all this back and forth was because of my mistaken understanding. Apologies everyone, and thanks for your patience.
I'm thinking of a dedicated server that does nothing but provide entropy.
That works pretty well in a secure environment (in fact, once I get it fixed, you can use the nist beacon server code and the nist beacon source to transport that entropy), but I don't think cloud providers like the idea of shipping entropy from a central source to other nodes where the possibility exists for snooping. They all rely on localized entropy. Shared entropy pools accross systems are better used for things like distributed testing, where multiple systems might need to use the same random bits.
Thanks for the explanation.
Hey, just FYI, its still a bit nascent, but it works: https://github.com/nhorman/rng-tools
Now has an rtlsdr entropy source, which can be used to feed the kernel entropy pool.
I'll be tagging and releasing an updated rng-tools in the next few weeks, and will have it in fedora soon thereafter.
Best Neil