On 5/13/19 2:07 PM, s...@gmx.li wrote: > From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for > around 85 seconds. > It seems to me that starting sshd takes time until crng init is done. > In 2.5 it doesn't wait for that. How can I avoid that? > Maybe I have to add that I use a recipe that adds keys as rootfs is usually > r/o. > > Another think I have observed (which is not clear to me): I don't get a > message from system message bus anymore. ??? > > Instead of it udevd complains about "specific group 'kvm' unknown. Looking > into source there are mentioned: > # The static_node is required on s390x and ppc (they are using MODULE_ALIAS) > So, can I safely ignore that (use ARM). > >
There was recently a discussion on this in the oe-core mailing list (Search for "[OE-core] [PATCH 2/2] openssh: usable sshd depends on rngd from rng-tools", be sure to read the whole thread.) Assuming you are using certain cryptography resources, the system is waiting for enough entropy for a good random number set. Often you may need to enable rngd, or up the quality of the kernel hardware random number generators, as many are set very low. (Often the hardware random number generator you have is of sufficient quality that the quality level can be increased to generate random numbers more quickly.) Be aware of the ramifications if you make these changes to your system -- as faster entropy generation does not necessarily equal quality. There are numerous incorrect assumptions about entropy and the kernel for these. Above all else, do not use /dev/urandom as an entropy source for /dev/random. That is simply not safe to do. What you do NOT want to do is figure out that you are booting 10k boards in a factory and they all end up getting exactly the same random numbers and thus identical keys. (Yes this has happened in the past!) --Mark -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
