VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
Kurt Roeckx
kurt at roeckx.be
Fri Jun 7 18:41:01 UTC 2019
On Fri, Jun 07, 2019 at 02:31:54PM -0400, Viktor Dukhovni wrote:
>
> That's a different issue. What I was suggesting was a service that
> waits for seeding to be ready. So that other services can depend
> on that service, with that service using various sources to adequately
> seed the kernel RNG, with configurable additional sources beyond the
> save file, possibly with a non-zero entropy estimate. Thus, for example,
> a virtual machine or container might make use of an interface to get a
> a trusted seed from the host hypervisor/OS. Or a physical host might
> trust its TPM, ...
>
> This is not the sort of thing to bolt into the kernel, but is not
> unreasonable for systemd and the like.
The kernel actually already does this in recent versions, if
configured to do it.
Kurt
More information about the openssl-project
mailing list