Linux 5.6 removed the cargo cult blocking CSPRNG.
/dev/random now works the same way as getrandom. It only blocks until CSPRNG is initialized after booting.
GRND_RANDOM flag for getrandom doesn't do anything anymore.
/dev/urandom still doesn't wait for CSPRNG initialization.
Conversation
It's not good advice to use /dev/urandom. The best advice is to use getrandom(...). There was no properly designed API on kernels without getrandom(...).
/dev/random is fine to use on Linux 5.6 and later though. Previously misguided software using /dev/random now works properly.
1
8
Linux 5.4 and later actively seed the CSPRNG if anything blocks on it being initialized. It no longer hangs indefinitely waiting for entropy to be collected from elsewhere. It would be really nice if they fixed /dev/urandom too so that all of these APIs simply worked correctly...
1
8
Replying to
I think the remaining fix we now need badly is a rewrite of the docs with modern rationalization and use case oriented recommendations
1
Replying to
The linux-man-pages project is often out-of-sync with the Linux kernel implementation. It was often never correct in the first place. It would be best if the form of kernel documentation used by most people was actually maintained and updated alongside the kernel...