VOTE Apply PR#9084 reverting DEVRANDOM_WAIT

Kurt Roeckx kurt at
Fri Jun 7 18:41:01 UTC 2019

On Fri, Jun 07, 2019 at 02:31:54PM -0400, Viktor Dukhovni wrote:
> That's a different issue.  What I was suggesting was a service that
> waits for seeding to be ready.  So that other services can depend
> on that service, with that service using various sources to adequately
> seed the kernel RNG, with configurable additional sources beyond the
> save file, possibly with a non-zero entropy estimate.  Thus, for example,
> a virtual machine or container might make use of an interface to get a
> a trusted seed from the host hypervisor/OS.  Or a physical host might
> trust its TPM, ...
> This is not the sort of thing to bolt into the kernel, but is not
> unreasonable for systemd and the like.

The kernel actually already does this in recent versions, if
configured to do it.


More information about the openssl-project mailing list