Web lists-archives.com

Re: Handling of entropy during boot




On Wed, 2019-01-16 at 11:05 +0100, Guido Günther wrote:
> Hi,
> On Mon, Jan 14, 2019 at 05:56:20PM +0100, W. Martin Borgert wrote:
> > Quoting Michael Stone <mstone@xxxxxxxxxx>:
> > > Unless the cpu supports rdrand/rdseed, installing rng-tools5
> > > won't
> > > really change anything. If it does support those, it probably
> > > makes more
> > > sense going forward to just enable CONFIG_RANDOM_TRUST_CPU rather
> > > than
> > > installing another package.
> > 
> > This option is only available for some architectures (X86, S390,
> > PPC)?
> > What about the others?
> 
> There's also jitterentropy-rngd which does the trick but I haven't
> looked at the security implications.
>  -- Guido

FWIW I've been using jitterentropy-rngd and rng-tools in production for
years, in Azure/VMWare/AWS x86 VMs, exactly for this problem. Haven't
been hacked so far... as far as I know :-)

-- 
Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part