* [ptxdist] [PATCH 0/2] haveged: systemd service: move earlier in startup
@ 2020-01-20 22:57 Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 1/2] haveged: systemd service: import haveged.service from haveged 1.9.2 source Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target Andreas Pretzsch
0 siblings, 2 replies; 4+ messages in thread
From: Andreas Pretzsch @ 2020-01-20 22:57 UTC (permalink / raw)
To: ptxdist
On a device with defective HW RNG here, it takes quite long until
the bootup is finished, as kernel random is not seeded. Leading
to blockings for anything needing /dev/random.
As kind of a workaround (until I fixed the HW RNG driver), I pulled
in haveged. To work as expected, I needed to move haveged startup
in systemd to a more earlier point.
This patch series is probably NOT for inclusion to PTXdist mainline.
In a first step, haveged should be updated to the latest 1.9.8 release.
Also, all of this here is NOT really tested or well thought out.
It just works for me (tm).
I send it, in case somebody else has the same trouble to workaround.
Andreas Pretzsch (2):
haveged: systemd service: import haveged.service from haveged 1.9.2
source
haveged: systemd service: move from multi-user.target to
sysinit.target
projectroot/usr/lib/systemd/system/haveged.service | 12 ++++++++++++
rules/haveged.make | 4 ++--
2 files changed, 14 insertions(+), 2 deletions(-)
create mode 100644 projectroot/usr/lib/systemd/system/haveged.service
--
2.19.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ptxdist] [PATCH 1/2] haveged: systemd service: import haveged.service from haveged 1.9.2 source
2020-01-20 22:57 [ptxdist] [PATCH 0/2] haveged: systemd service: move earlier in startup Andreas Pretzsch
@ 2020-01-20 22:57 ` Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target Andreas Pretzsch
1 sibling, 0 replies; 4+ messages in thread
From: Andreas Pretzsch @ 2020-01-20 22:57 UTC (permalink / raw)
To: ptxdist
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
---
projectroot/usr/lib/systemd/system/haveged.service | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 projectroot/usr/lib/systemd/system/haveged.service
diff --git a/projectroot/usr/lib/systemd/system/haveged.service b/projectroot/usr/lib/systemd/system/haveged.service
new file mode 100644
index 000000000..81070ca8b
--- /dev/null
+++ b/projectroot/usr/lib/systemd/system/haveged.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
--
2.19.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target
2020-01-20 22:57 [ptxdist] [PATCH 0/2] haveged: systemd service: move earlier in startup Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 1/2] haveged: systemd service: import haveged.service from haveged 1.9.2 source Andreas Pretzsch
@ 2020-01-20 22:57 ` Andreas Pretzsch
2020-01-24 17:25 ` Michael Olbrich
1 sibling, 1 reply; 4+ messages in thread
From: Andreas Pretzsch @ 2020-01-20 22:57 UTC (permalink / raw)
To: ptxdist
For devices with no or defective HW RNG, it takes quite long until
the kernel random device is seeded, up to several 10 seconds.
See kernel "random: crng init done" message for this.
As a consequence, anything using /dev/random will block accordingly.
This is even true for "ssh-keygen -l" invocations, which should just
show the fingerprint of a pubkey. Which can be used e.g. to check for
valid keys to be present.
One way to expedite this is to run haveged, of course at the cost of
reduced quality of the random numbers.
But this start has to happen rather early in the boot process.
By default (based upon this (old) haveged package), haveged is started
late as user service in multi-user.target.
So move the start of haveged from multi-user.target to sysinit.target.
Also add a service dependency on after systemd-random-seed.service
(responsible to seed from a stored random pool, if enabled) and
systemd-tmpfiles-setup-dev.service (responsible to setup the dev files).
Comparable is done within Fedora and SuSE.
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
---
projectroot/usr/lib/systemd/system/haveged.service | 3 ++-
rules/haveged.make | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/projectroot/usr/lib/systemd/system/haveged.service b/projectroot/usr/lib/systemd/system/haveged.service
index 81070ca8b..5fab8c665 100644
--- a/projectroot/usr/lib/systemd/system/haveged.service
+++ b/projectroot/usr/lib/systemd/system/haveged.service
@@ -1,6 +1,7 @@
[Unit]
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+After=systemd-random-seed.service systemd-tmpfiles-setup-dev.service
[Service]
Type=simple
@@ -8,4 +9,4 @@ ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
SuccessExitStatus=143
[Install]
-WantedBy=multi-user.target
+WantedBy=sysinit.target
diff --git a/rules/haveged.make b/rules/haveged.make
index 80d1910f3..0c880b191 100644
--- a/rules/haveged.make
+++ b/rules/haveged.make
@@ -73,10 +73,10 @@ endif
endif
ifdef PTXCONF_HAVEGED_SYSTEMD_UNIT
- @$(call install_copy, haveged, 0, 0, 0644, -, \
+ @$(call install_alternative, haveged, 0, 0, 0644, \
/usr/lib/systemd/system/haveged.service)
@$(call install_link, haveged, ../haveged.service, \
- /usr/lib/systemd/system/multi-user.target.wants/haveged.service)
+ /usr/lib/systemd/system/sysinit.target.wants/haveged.service)
endif
@$(call install_finish, haveged)
--
2.19.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target
2020-01-20 22:57 ` [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target Andreas Pretzsch
@ 2020-01-24 17:25 ` Michael Olbrich
0 siblings, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2020-01-24 17:25 UTC (permalink / raw)
To: ptxdist
On Mon, Jan 20, 2020 at 11:57:04PM +0100, Andreas Pretzsch wrote:
> For devices with no or defective HW RNG, it takes quite long until
> the kernel random device is seeded, up to several 10 seconds.
> See kernel "random: crng init done" message for this.
>
> As a consequence, anything using /dev/random will block accordingly.
> This is even true for "ssh-keygen -l" invocations, which should just
> show the fingerprint of a pubkey. Which can be used e.g. to check for
> valid keys to be present.
>
> One way to expedite this is to run haveged, of course at the cost of
> reduced quality of the random numbers.
> But this start has to happen rather early in the boot process.
>
> By default (based upon this (old) haveged package), haveged is started
> late as user service in multi-user.target.
>
> So move the start of haveged from multi-user.target to sysinit.target.
> Also add a service dependency on after systemd-random-seed.service
> (responsible to seed from a stored random pool, if enabled) and
> systemd-tmpfiles-setup-dev.service (responsible to setup the dev files).
>
> Comparable is done within Fedora and SuSE.
>
> Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
> ---
> projectroot/usr/lib/systemd/system/haveged.service | 3 ++-
> rules/haveged.make | 4 ++--
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/projectroot/usr/lib/systemd/system/haveged.service b/projectroot/usr/lib/systemd/system/haveged.service
> index 81070ca8b..5fab8c665 100644
> --- a/projectroot/usr/lib/systemd/system/haveged.service
> +++ b/projectroot/usr/lib/systemd/system/haveged.service
> @@ -1,6 +1,7 @@
> [Unit]
> Description=Entropy Daemon based on the HAVEGE algorithm
> Documentation=man:haveged(8) http://www.issihosts.com/haveged/
> +After=systemd-random-seed.service systemd-tmpfiles-setup-dev.service
Maybe add DefaultDependencies=no as well?
Michael
>
> [Service]
> Type=simple
> @@ -8,4 +9,4 @@ ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
> SuccessExitStatus=143
>
> [Install]
> -WantedBy=multi-user.target
> +WantedBy=sysinit.target
> diff --git a/rules/haveged.make b/rules/haveged.make
> index 80d1910f3..0c880b191 100644
> --- a/rules/haveged.make
> +++ b/rules/haveged.make
> @@ -73,10 +73,10 @@ endif
> endif
>
> ifdef PTXCONF_HAVEGED_SYSTEMD_UNIT
> - @$(call install_copy, haveged, 0, 0, 0644, -, \
> + @$(call install_alternative, haveged, 0, 0, 0644, \
> /usr/lib/systemd/system/haveged.service)
> @$(call install_link, haveged, ../haveged.service, \
> - /usr/lib/systemd/system/multi-user.target.wants/haveged.service)
> + /usr/lib/systemd/system/sysinit.target.wants/haveged.service)
> endif
>
> @$(call install_finish, haveged)
> --
> 2.19.1
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-24 17:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-20 22:57 [ptxdist] [PATCH 0/2] haveged: systemd service: move earlier in startup Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 1/2] haveged: systemd service: import haveged.service from haveged 1.9.2 source Andreas Pretzsch
2020-01-20 22:57 ` [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target Andreas Pretzsch
2020-01-24 17:25 ` Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox