On Sat, Dec 22, 2018, 08:50 Grant Grundler <grantgrundler@gmail.com wrote:
On Wed, Nov 28, 2018 at 1:51 AM Ivan Ivanov <qmastery16@gmail.com> wrote:
> Sorry but I think that relying on Intel RNG is a _Terrible_ idea
> regarding the security and not sure you should be pursuing it.

What I'm pursueing is a reasonable initialization time so
wpa_supplicant can start. 555 seconds is not reasonable:
[  555.496678] random: crng init done
[  555.496678] random: crng init done
[  555.496684] random: 7 urandom warning(s) missed due to ratelimiting
[  560.265385] wlp2s0: authenticate with xx:xx:xx:xx:xx:xx
[  560.279395] wlp2s0: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
[  560.281981] wlp2s0: authenticated

intel-crng was proposed elsewhere as one solution to this problem but
it's clear to me now that this is not an option with the panther

I don't recall seeing this with older kernels (have been running
debian on this HW since early 4.x releases) and will look at the
driver git logs.

I was hoping someone in the Coreboot community would have some idea
why random driver isn't getting enough entropy and if coreboot isn't
advertising something that helps with the random crng initialization.

I experimented with attaching just an optical mouse and that didn't
seem to help.
Attaching a keyboard and just hitting <shift> key did seem to help
("crng init done" in about 10 seconds). I'm assuming the /dev/random
driver is not seeing enough actiivity otherwise.

I have observed the same behavior on Debian Sid, I would have to smash my keyboard a few times to generate enough entropy. I don't see anything similar with Arch Linux. Maybe it has to do with distro-specific packaging? I haven't checked.


Best regards,
Angel Pons