Comment # 15 on bug 1096072 from 
(In reply to Franck Bui from comment #10)
> hum, what's this thing:
> 
> #8  0x00007ffff64dd751 in _gcry_random_selftest
> (report=report@entry=0x7ffff642b2a0 <reporter>) at random.c:581
> #9  0x00007ffff642c1ea in run_random_selftests () at fips.c:589
> #10 _gcry_fips_run_selftests (extended=extended@entry=0) at fips.c:736
> 
> Werner any idea ?

Ahh .. yes, the FIPS tests do drain the current entropy of the system. This is
a known problem of FIPS

I was not aware that FIPS had been enabled on Leap 15.  Also I've never
understood why those FIPS tests done at first usage of FIPS do drain the
entropy  of a system without restoring or refilling the entropy as not existin
entropy make the system unusable ... no program can use real random numbers
anymore upto the point where the entropy gets filled again. Now on switch root
every program wich had not been rebased to the new root (by using chroot(2))
and protected with a leading `@' byte in its argv[0] will be killed by systemd
and/or do removed name space.

To get this final solved the kernel has to collect entropy from any source it
can use in initrd, e.g. using the jitter on the CPUs

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb5530e4082446aac3a3d69780cd4dbfa4520013

You are receiving this mail because: