Re: Linux 5.3-rc8

From: Theodore Y. Ts'o
Date: Sat Sep 14 2019 - 12:28:00 EST

Next message: Linus Torvalds: "Re: Linux 5.3-rc8"
Previous message: Yonghong Song: "Re: [RFC v1 05/14] krsi: Initialize KRSI hooks and create files in securityfs"
In reply to: Ahmed S. Darwish: "Re: Linux 5.3-rc8"
Next in thread: Ahmed S. Darwish: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 14, 2019 at 11:25:09AM +0200, Ahmed S. Darwish wrote:
> Unfortunately, it only made the early fast init faster, but didn't fix
> the normal crng init blockage :-(

Yeah, I see why; the original goal was to do the fast init so that
using /dev/urandom, even before we were fully initialized, wouldn't be
deadly. But then we still wanted 128 bits of estimated entropy the
old fashioned way before we declare the CRNG initialized.

There are a bunch of things that I think I want to do long-term, such
as make CONFIG_RANDOM_TRUST_CPU the default, trying to get random
entropy from the bootloader, etc. But none of this is something we
should do in a hurry, especially this close before 5.4 drops. So I
think I want to fix things this way, which is a bit a of a hack, but I
think it's better than simply reverting commit b03755ad6f33.

Ahmed, Linus, what do you think?

- Ted

Next message: Linus Torvalds: "Re: Linux 5.3-rc8"
Previous message: Yonghong Song: "Re: [RFC v1 05/14] krsi: Initialize KRSI hooks and create files in securityfs"
In reply to: Ahmed S. Darwish: "Re: Linux 5.3-rc8"
Next in thread: Ahmed S. Darwish: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]