Fixing getrandom()

Posted Sep 28, 2019 5:52 UTC (Sat) by josh (subscriber, #17465)
Parent article: Fixing getrandom()

> As Garrett noted, though, that is the exact scenario for which the getrandom(0) behavior was designed. Torvalds does not see that kind of key generation as anything other than a hypothetical, it seems.

Many distributions (both live and initial-boot) generate SSH keys on boot. They do this *today*. That's not a hypothetical, that's a case that Debian folks have been discussing for a while now, where systems take forever to boot. This is still a bug today, if you don't have a hardware random number generator.

Fixing getrandom()

Posted Oct 4, 2019 7:21 UTC (Fri) by kmeyer (subscriber, #50720) [Link] (1 responses)

It doesn't fix the issue for live systems (are there many of those without RDRAND?), but for installed initial-boot systems: why not have the installer write out a random seed and optionally also sshd host keys?

Fixing getrandom()

Posted Oct 4, 2019 9:23 UTC (Fri) by zdzichu (subscriber, #17118) [Link]

Because host keys need to be unique. Installer is used once to create a template. This template is then used number of times to create virtual machines.
Template cannot contain pregenerated host keys, because every VM would have the same key.
Using installer everytime when creating new VM is not feasible, installation process takes too much time. Creating new VM is something that should take no more than few seconds.