Hi, On Fri, Nov 18, 2016 at 02:21:36PM +0100, David Jander wrote: > Or is there a way (that I ignore) to speed-up the generation of entropy in the > Linux kernel?
Did you build your kernel with CONFIG_CRYPTO_JITTERENTROPY=y and CONFIG_CRYPTO_DRBG_HASH=y ? Also, depending on your platform, there might be hardware support. We use an i.MX6 which also includes a hardware RNG in its Cryptographic Acceleration And Assurance Module (CAAM). So we enabled CONFIG_CRYPTO_DEV_FSL_CAAM and use rngd to feed /dev/hwrng into the kernel's entropy pool. Could you try with above options and rngd started early? There should be much more entropy available in a short time. It's probably a bad idea to just patch python for every PTXdist user. Not everybody is willing to trade security for faster start times. Besides, not having enough entropy will lead to other problems as well. If you are using systemd, verify that PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED is not set. systemd-random-seed restores the random seed of the system at early boot and saves it at shutdown. So only the first boot would take longer. Regards, Clemens _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de
