[opensuse-factory] set CONFIG_RANDOM_TRUST_CPU in the kernel
Hi: An increasing number of components are using getrandom() and the libc wrapper getentropy() , but getrandom() may block at boot affecting startup performance, including but not limited to any software linking to openssl >= 1.1.1, libgcrypt, systemd itself and its libraries, QT5, Xorg and a long etc. In recent kernels, it is possible for getrandom not to block if one trusts the CPU to seed the CSPRNG. Paranoid people should set random.trust_cpu=0 boot option to disable this behaviour (and possibly wait several seconds for some services to start) and always remember that they are already trusting userspace components like haveged, rngd to do this job (albeit too late) and other hardware events that may not be "THAT random" either.. This also gives the nice advantage haveged, rngd or whatever do not need to normally be running and can be disabled by default. This option ideally has to be set in kernel-default but it got to be at least set in kernel-obs-build so build vms never block due to this condition if running on hardware that supports RDSEED, RDRAND or whatever hardware RNGD the kernel supports now or in the future. Looking forward to hear your opinion on this. Chers. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 10.11.18 um 18:19 schrieb Cristian Rodríguez:
Hi:
An increasing number of components are using getrandom() and the libc wrapper getentropy() , but getrandom() may block at boot affecting startup performance, including but not limited to any software linking to openssl >= 1.1.1, libgcrypt, systemd itself and its libraries, QT5, Xorg and a long etc.
In recent kernels, it is possible for getrandom not to block if one trusts the CPU to seed the CSPRNG.
Paranoid people should set random.trust_cpu=0 boot option to disable this behaviour (and possibly wait several seconds for some services to start) and always remember that they are already trusting userspace components like haveged, rngd to do this job (albeit too late) and other hardware events that may not be "THAT random" either..
This also gives the nice advantage haveged, rngd or whatever do not need to normally be running and can be disabled by default.
This option ideally has to be set in kernel-default but it got to be at least set in kernel-obs-build so build vms never block due to this condition if running on hardware that supports RDSEED, RDRAND or whatever hardware RNGD the kernel supports now or in the future.
Looking forward to hear your opinion on this.
Chers.
Hi, for my personal laptop and workstation I don't mind trusting the CPU. +1 Hendrik -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Cristian Rodríguez -
Hendrik Woltersdorf