[OpenWrt-Devel] Relatively insane getrandom blocking times on ARM/i.MX6 [Was: Re: [PATCH] openssl: Fix longer booting times by unblocking getrandom]

Petr Štetiar ynezz at true.cz
Sun Mar 17 10:49:01 EDT 2019

Petr Štetiar <ynezz at true.cz> [2019-03-15 17:58:31]:

> I've just found following interesting upstream commits in v4.18:
>  commit 39a8883a2b989d1d21bd8dd99f5557f0c5e89694
>  Author: Theodore Ts'o <tytso at mit.edu>
>  Date:   Tue Jul 17 18:24:27 2018 -0400
>     random: add a config option to trust the CPU's hwrng
>  commit 9b25436662d5fb4c66eb527ead53cab15f596ee0
>  Author: Kees Cook <keescook at chromium.org>
>  Date:   Mon Aug 27 14:51:54 2018 -0700
>     random: make CPU trust a boot parameter
> So this actually might be a better direction for exploration.

It turned out, that it didn't helped at all, because this random.trust_cpu=on
option probably works only[1] on archs which implement arch_get_random_seed_long
and arch_get_random_long, thus needing HW support and so it's only working on
powerpc, s390 and x86[2] so far.

I've tested those 2 patches on top of 4.14.105 with random.trust_cpu=on
cmdline option on got following results:

 i.mx6 (Freescale i.MX6 Quad/DualLite)

  [    3.281637] random: fast init done
  [ 1120.394672] random: crng init done (yeah, 18 minutes)

 QEMU x86_64 (QEMU Virtual CPU version 2.0.0)
  [   18.916219] random: fast init done
  [  600.853035] random: crng init done

 ar9342 (UBNT Bullet M (XW))

  [    2.388033] random: fast init done
  [  130.088071] random: crng init done

 qca9563 (TP-Link Archer C7 v5)

  [    2.535992] random: fast init done
  [  120.043132] random: crng init done

 x86_64 (apu2c, AMD GX-412TC SOC)

  [    7.625454] random: fast init done
  [   79.990240] random: crng init done

This are just crng init times from other devices for comparison (not using the
random.trust_cpu cmdline option and patches).

 qca4019 (ZyXEL NBG6617)

  [    1.908960] random: fast init done
  [    8.423297] random: crng init done

 mt7621 (dir-860l rev B1)

  [    2.943770] random: fast init done
  [    5.254226] random: crng init done

 x86_64 (i7-6700HQ)

  [    0.000000] random: fast init done
  [    4.608414] random: crng init done

For the reference I'm quoting part from "random: introduce getrandom(2) system
call" commit message[3]:

 Any userspace program which uses this new functionality must take care to
 assure that if it is used during the boot process, that it will not cause the
 init scripts or other portions of the system startup to hang indefinitely.

1. https://elixir.bootlin.com/linux/latest/source/drivers/char/random.c#L804
2. https://elixir.bootlin.com/linux/latest/source/drivers/char/Kconfig#L567
3. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895

-- ynezz

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list