[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181031224106.GD6236@thunk.org>
Date: Wed, 31 Oct 2018 18:41:06 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Sebastian Andrzej Siewior <sebastian@...akpoint.cc>
Cc: Kurt Roeckx <kurt@...ckx.be>, 912087@...s.debian.org,
"Package Development List for OpenSSL packages."
<pkg-openssl-devel@...oth-lists.debian.net>,
linux-kernel@...r.kernel.org,
Bernhard Übelacker <bernhardu@...lbox.org>,
pkg-systemd-maintainers@...ts.alioth.debian.org,
debian-ssh@...ts.debian.org, 912087-submitter@...s.debian.org
Subject: Re: Bug#912087: openssh-server: Slow startup after the upgrade to
7.9p1
On Wed, Oct 31, 2018 at 11:21:59AM +0000, Sebastian Andrzej Siewior wrote:
> On October 30, 2018 8:51:36 PM UTC, "Theodore Y. Ts'o" <tytso@....edu> wrote:
> >
> >So it's complicated. It's not a binary trusted/untrusted sort of
> >thing.
>
> What about RNDRESEEDCRNG? Would it be reasonable to issue it after writing the seed as part of the boot process?
No, that's for debugging purposes only.
When there is sufficient entropy added (either through a hw_random
subsystem, or because RDRAND is trusted, or the RNDADDENTORPY ioctl),
the crng is automatically reseeded by credit_entropy_bits(). So it's
not needed to use RNDRESEEDCRNG.
- Ted
Powered by blists - more mailing lists