On Sat, Dec 22, 2018, 08:50 Grant Grundler <firstname.lastname@example.org wrote:
On Wed, Nov 28, 2018 at 1:51 AM Ivan Ivanov email@example.com wrote:
Sorry but I think that relying on Intel RNG is a _Terrible_ idea regarding the security and not sure you should be pursuing it.
What I'm pursueing is a reasonable initialization time so wpa_supplicant can start. 555 seconds is not reasonable: [ 555.496678] random: crng init done [ 555.496678] random: crng init done [ 555.496684] random: 7 urandom warning(s) missed due to ratelimiting [ 560.265385] wlp2s0: authenticate with xx:xx:xx:xx:xx:xx [ 560.279395] wlp2s0: send auth to xx:xx:xx:xx:xx:xx (try 1/3) [ 560.281981] wlp2s0: authenticated
intel-crng was proposed elsewhere as one solution to this problem but it's clear to me now that this is not an option with the panther chromebox.
I don't recall seeing this with older kernels (have been running debian on this HW since early 4.x releases) and will look at the driver git logs.
I was hoping someone in the Coreboot community would have some idea why random driver isn't getting enough entropy and if coreboot isn't advertising something that helps with the random crng initialization.
I experimented with attaching just an optical mouse and that didn't seem to help. Attaching a keyboard and just hitting <shift> key did seem to help ("crng init done" in about 10 seconds). I'm assuming the /dev/random driver is not seeing enough actiivity otherwise.
I have observed the same behavior on Debian Sid, I would have to smash my keyboard a few times to generate enough entropy. I don't see anything similar with Arch Linux. Maybe it has to do with distro-specific packaging? I haven't checked.
Best regards, Angel Pons