2015-06-17 22:03 GMT+08:00 Lennart Poettering <lenn...@poettering.net>: > On Wed, 17.06.15 20:21, cee1 (fykc...@gmail.com) wrote: >> >> What I means is: >> 1. Load a saved seed to /dev/urandom. >> 2. The service read /dev/random, which will block until kernel thinks >> there's enough entropy - then the Random Number should be good? >> 3. Save the random number returned in step 2 on disk. > > Blocking at boot for this doesn't really sound like an option. But the > kernel does not provide us with any nice notifications about when the > RNG pool is complete. If we want to do this kind of polishing, then > that'd be great, but we'd need sane notifiers for that, blocking > syscalls are not an option.
That don't mean blocking boot, but a service, let's say systemd-random-seed.service: 1. systemd-random-seed.service loads a seed from disk to /dev/urandom 2. systemd-random-seed.service tells systemd "I'm ready" (sd_notify()) 3. Instead of quitting immediately, systemd-random-seed.service tries to read /dev/random, and it blocks ... 4. systemd-random-seed.service at last gets a 'good random number', and saves it on disk This can save a seed as soon as possible, as suggested in the article http://www.2uo.de/myths-about-urandom/: """ On Linux it isn't too bad, because Linux distributions save some random numbers when booting up the system (but after they have gathered some entropy, since the startup script doesn't run immediately after switching on the machine) into a seed file that is read next time the machine is booting. Obviously that isn't as good as if you let the shutdown scripts write out the seed, because in that case there would have been much more time to gather entropy. The advantage is obviously that this does not depend on a proper shutdown with execution of the shutdown scripts (in case the computer crashes, for example). """ -- Regards, - cee1 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel