On Fri, 18 Nov 2016 18:15:58 +0100 Clemens Gruber <clemens.gru...@pqgruber.com> wrote:
> Hi, > > On Fri, Nov 18, 2016 at 02:21:36PM +0100, David Jander wrote: > > Or is there a way (that I ignore) to speed-up the generation of entropy in > > the > > Linux kernel? > > Did you build your kernel with CONFIG_CRYPTO_JITTERENTROPY=y and > CONFIG_CRYPTO_DRBG_HASH=y ? Yes I had those. > Also, depending on your platform, there might be hardware support. > We use an i.MX6 which also includes a hardware RNG in its Cryptographic > Acceleration And Assurance Module (CAAM). > So we enabled CONFIG_CRYPTO_DEV_FSL_CAAM and use rngd to feed /dev/hwrng > into the kernel's entropy pool. Ah. There it is. I was already wondering if there wasn't any CAAM support. I expected it under drivers/char/hwrng. Instead it is hidden under /crypto/. > Could you try with above options and rngd started early? There should be > much more entropy available in a short time. Will try that out. > It's probably a bad idea to just patch python for every PTXdist user. Yes, I was thinking about making that patch configurable somehow. > Not everybody is willing to trade security for faster start times. I agree. > Besides, not having enough entropy will lead to other problems as well. > > If you are using systemd, verify that > PTXCONF_SYSTEMD_DISABLE_RANDOM_SEED is not set. > systemd-random-seed restores the random seed of the system at early boot > and saves it at shutdown. So only the first boot would take longer. Thanks a lot. Best regards, -- David Jander Protonic Holland. _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de
