[coreboot] Asus Chromebox Panther: no HW RNG?
Angel Pons
th3fanbus at gmail.com
Sat Dec 22 09:05:38 CET 2018
Hello,
On Sat, Dec 22, 2018, 08:50 Grant Grundler <grantgrundler at gmail.com wrote:
> On Wed, Nov 28, 2018 at 1:51 AM Ivan Ivanov <qmastery16 at gmail.com> wrote:
> >
> > Sorry but I think that relying on Intel RNG is a _Terrible_ idea
> > regarding the security and not sure you should be pursuing it.
>
> What I'm pursueing is a reasonable initialization time so
> wpa_supplicant can start. 555 seconds is not reasonable:
> [ 555.496678] random: crng init done
> [ 555.496678] random: crng init done
> [ 555.496684] random: 7 urandom warning(s) missed due to ratelimiting
> [ 560.265385] wlp2s0: authenticate with xx:xx:xx:xx:xx:xx
> [ 560.279395] wlp2s0: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
> [ 560.281981] wlp2s0: authenticated
>
> intel-crng was proposed elsewhere as one solution to this problem but
> it's clear to me now that this is not an option with the panther
> chromebox.
>
> I don't recall seeing this with older kernels (have been running
> debian on this HW since early 4.x releases) and will look at the
> driver git logs.
>
> I was hoping someone in the Coreboot community would have some idea
> why random driver isn't getting enough entropy and if coreboot isn't
> advertising something that helps with the random crng initialization.
>
> I experimented with attaching just an optical mouse and that didn't
> seem to help.
> Attaching a keyboard and just hitting <shift> key did seem to help
> ("crng init done" in about 10 seconds). I'm assuming the /dev/random
> driver is not seeing enough actiivity otherwise.
>
I have observed the same behavior on Debian Sid, I would have to smash my
keyboard a few times to generate enough entropy. I don't see anything
similar with Arch Linux. Maybe it has to do with distro-specific packaging?
I haven't checked.
cheers,
> grant
>
Best regards,
Angel Pons
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20181222/4288ba09/attachment.html>
More information about the coreboot
mailing list