On Mi, 17.04.19 15:25, Simo Sorce (s...@redhat.com) wrote: > On Wed, 2019-04-17 at 15:14 -0400, Steve Grubb wrote: > > Many have tried to convince upstream about this. If anyone here has > > influence, > > please try. > > If upstream is currently resistant, what about turning rngd into a > loadable kernel module and then insure it is in the initramfs and > loaded at kernel boot time ? > > Would this be a way to show upstream that this works and perhaps allow > inclusion later on ?
So apparently the kernel can do both the RDSEED/RDRAND stuff already on its own (and this is turned on in Fedora) and also can credit entropy based on other hwrngs too (see other mail). The latter is a bit awkward since it requires a kernel cmdline option currently to enable, and is global for all drivers though it would probably be wise to enable this individually for each driver judging by how much the device is trusted or not. (Also note that virtio-rng is something systemd automatically loads if it's not around but the environment would support it, and it appears to credit entropy too.) Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
