[Development] QRandomGenerator and boot times

Thiago Macieira thiago.macieira at intel.com
Thu Sep 14 19:02:29 CEST 2017 

On Thursday, 14 September 2017 08:18:05 PDT Giuseppe D'Angelo wrote:
> Il 14/09/2017 17:01, Thiago Macieira ha scritto:
> >> 2. Add "rng-tools" to the image for inputting entropy to the kernel
> >> - Speeds up initialization of nonblocking pool
> >> - On devices with HW random generator, this adds real entropy to the
> >> kernel
> >> pool - On devices without HW random generator, this adds bad entropy from
> >> /dev/urandom to the kernel pool
> > 
> > Huh? Adding entropy from /dev/urandom back to /dev/urandom? This is worse
> > than the "rob Peter to pay Paul" - you want to rob Peter to pay Peter.
> 
> It's a myth of some crazy tutorials and broken default configurations
> found on the internet. Don't do that!
> 
> By the way, it's strange that the entropy is emptied just after boot
> (which is when there should be plenty of I/O to refill the entropy pool).

The entropy pool starts empty at boot. How much data is required to fill it 
enough for the kernel's needs will vary from device to device. The faster your 
device and the more I/O it does, the faster that will happen. A HWRNG will 
also help, but it will clearly start with no entropy either, so how soon it 
will work is again dependent on the implementation.

On my Skylake system, which does have a HWRNG, it takes 3.8 seconds after boot 
for the random system on Linux to be up to speed. But that's slow enough that 
several system services have already started:

$ dmesg | grep random:
[    3.475259] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475305] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475328] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475612] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475634] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475643] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475655] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475662] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475667] random: systemd: uninitialized urandom read (16 bytes read)
[    3.475715] random: systemd: uninitialized urandom read (16 bytes read)
[    3.837995] random: crng init done

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

More information about the Development mailing list