Conversation

OVH Arch Linux VPS image is annoying. They installed and enabled dhcpcd but also have the systemd-networkd DHCP client enabled too. They race with each other and sometimes end up causing a 2 minute delay at boot. It also has the obsolete haveged service installed + enabled too.

Replying to

What makes haveged obsolete?

Replying to

Modern Linux kernel has a proper CSPRNG and has dropped all of the cargo cult entropy exhaustion nonsense. /dev/random and getrandom(...) only block until the CSPRNG is initialized in early boot and never again. Rather than blocking indefinitely, the kernel also now fixes it.

Replying to

and

If reading from /dev/random or calling getrandom(...) would block due to the CSPRNG not being initialized yet, the kernel starts generating jitter entropy until the CSPRNG is initialized. Using haveged is only adding extra complexity with no real benefits.

Replying to

Oh nice! I need to fix that in

then.

Replying to

and

/dev/random no longer uses the cargo cult entropy exhaustion nonsense. It works the same way as getrandom(...) and the GRND_RANDOM parameter for getrandom(...) is a no-op. Entire thing is fixed now other than /dev/urandom not blocking until CSPRNG initialization in early boot.

Replying to

and

mknod /dev/urandom c 1 8?

Replying to

and

Someone might make another, such as in a container.

Replying to

and

Ideally they could be convinced to make /dev/urandom behave the same way as the new /dev/random now that the kernel actively fixes the issue of indefinite blocking itself. They probably won't because in theory that might not work in some super weird / broken environment.

Replying to

and

Most modern devices have an SoC CSPRNG and entropy passed from the bootloader, neither of which the kernel actually credits for providing entropy. Both of those are enough to properly seed it in practice though. Also, kernel finally learned how to seed itself via non-CPU HW RNGs.

10:39 PM · May 24, 2021Twitter Web App

Replying to

and

Android has userspace code to read /dev/hw_random into /dev/random in early boot and then on a regular basis in addition to saving / restoring entropy via persistent state. The kernel *finally* learned how to do that itself when it brings up the HW RNG. Think it's just at init.

Replying to

and

IMO, the kernel should use pstore to save / restore entropy for itself in very early boot. I've suggested that on multiple occasions. Hasn't gone anywhere though. I personally don't really care since the problem is solved 10x over in different ways for modern smartphones anyway.

Show replies