Petr Štetiar <yn...@true.cz> [2019-03-15 17:58:31]: > I've just found following interesting upstream commits in v4.18: > > commit 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 > Author: Theodore Ts'o <ty...@mit.edu> > Date: Tue Jul 17 18:24:27 2018 -0400 > > random: add a config option to trust the CPU's hwrng > > commit 9b25436662d5fb4c66eb527ead53cab15f596ee0 > Author: Kees Cook <keesc...@chromium.org> > Date: Mon Aug 27 14:51:54 2018 -0700 > > random: make CPU trust a boot parameter > > So this actually might be a better direction for exploration.
It turned out, that it didn't helped at all, because this random.trust_cpu=on option probably works only[1] on archs which implement arch_get_random_seed_long and arch_get_random_long, thus needing HW support and so it's only working on powerpc, s390 and x86[2] so far. I've tested those 2 patches on top of 4.14.105 with random.trust_cpu=on cmdline option on got following results: i.mx6 (Freescale i.MX6 Quad/DualLite) [ 3.281637] random: fast init done [ 1120.394672] random: crng init done (yeah, 18 minutes) QEMU x86_64 (QEMU Virtual CPU version 2.0.0) [ 18.916219] random: fast init done [ 600.853035] random: crng init done ar9342 (UBNT Bullet M (XW)) [ 2.388033] random: fast init done [ 130.088071] random: crng init done qca9563 (TP-Link Archer C7 v5) [ 2.535992] random: fast init done [ 120.043132] random: crng init done x86_64 (apu2c, AMD GX-412TC SOC) [ 7.625454] random: fast init done [ 79.990240] random: crng init done This are just crng init times from other devices for comparison (not using the random.trust_cpu cmdline option and patches). qca4019 (ZyXEL NBG6617) [ 1.908960] random: fast init done [ 8.423297] random: crng init done mt7621 (dir-860l rev B1) [ 2.943770] random: fast init done [ 5.254226] random: crng init done x86_64 (i7-6700HQ) [ 0.000000] random: fast init done [ 4.608414] random: crng init done For the reference I'm quoting part from "random: introduce getrandom(2) system call" commit message[3]: Any userspace program which uses this new functionality must take care to assure that if it is used during the boot process, that it will not cause the init scripts or other portions of the system startup to hang indefinitely. 1. https://elixir.bootlin.com/linux/latest/source/drivers/char/random.c#L804 2. https://elixir.bootlin.com/linux/latest/source/drivers/char/Kconfig#L567 3. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895 -- ynezz _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
