[meta-arm,1/2] arm-bsp: use pre-generated keys instead of haveged in FVP machines

Submitted by Ross Burton on Oct. 16, 2020, 6:19 p.m. | Patch ID: 177308

Details

Message ID 20201016181934.2017752-1-ross.burton@arm.com
State New
Headers show

Commit Message

Ross Burton Oct. 16, 2020, 6:19 p.m.
As the FVP images won't be used in production there is no need to
generate unique SSH keys on the first boot, which takes a long time in a
FVP.

Instead of recommending haveged (from meta-oe) we can simply install
pre-generated SSH keys. These keys are static so should not be used in
production!

Change-Id: I6a538de6bee892a77816c1d938dd2b55c94257f4
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta-arm-bsp/conf/machine/fvp-common.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/meta-arm-bsp/conf/machine/fvp-common.inc b/meta-arm-bsp/conf/machine/fvp-common.inc
index 2279338..da45026 100644
--- a/meta-arm-bsp/conf/machine/fvp-common.inc
+++ b/meta-arm-bsp/conf/machine/fvp-common.inc
@@ -33,8 +33,8 @@  PREFERRED_VERSION_linux-yocto ?= "5.4%"
 
 EXTRA_IMAGEDEPENDS += "virtual/trusted-firmware-a u-boot"
 
-# Use haveged as a source of entropy instead of rng-tools (Needed for ssh).
-# rngd (Part of rng-tools) takes ~7 mins to init resulting in a slow boot time.
-PACKAGE_EXCLUDE_append = " rng-tools"
-MACHINE_EXTRA_RRECOMMENDS += "haveged"
-
+# As this is a virtual target that will not be used in the real world there is
+# no need for real SSH keys.  Disable rng-tools (which takes too long to
+# initialise) and install the pre-generated keys.
+PACKAGECONFIG_remove_pn-openssh = "rng-tools"
+MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"

Comments

Jon Mason Oct. 17, 2020, 12:15 p.m.
On Fri, Oct 16, 2020 at 07:19:33PM +0100, Ross Burton wrote:
> As the FVP images won't be used in production there is no need to
> generate unique SSH keys on the first boot, which takes a long time in a
> FVP.
> 
> Instead of recommending haveged (from meta-oe) we can simply install
> pre-generated SSH keys. These keys are static so should not be used in
> production!
> 
> Change-Id: I6a538de6bee892a77816c1d938dd2b55c94257f4
> Signed-off-by: Ross Burton <ross.burton@arm.com>

Both patches pulled into master.

Thanks,
Jon

> ---
>  meta-arm-bsp/conf/machine/fvp-common.inc | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/meta-arm-bsp/conf/machine/fvp-common.inc b/meta-arm-bsp/conf/machine/fvp-common.inc
> index 2279338..da45026 100644
> --- a/meta-arm-bsp/conf/machine/fvp-common.inc
> +++ b/meta-arm-bsp/conf/machine/fvp-common.inc
> @@ -33,8 +33,8 @@ PREFERRED_VERSION_linux-yocto ?= "5.4%"
>  
>  EXTRA_IMAGEDEPENDS += "virtual/trusted-firmware-a u-boot"
>  
> -# Use haveged as a source of entropy instead of rng-tools (Needed for ssh).
> -# rngd (Part of rng-tools) takes ~7 mins to init resulting in a slow boot time.
> -PACKAGE_EXCLUDE_append = " rng-tools"
> -MACHINE_EXTRA_RRECOMMENDS += "haveged"
> -
> +# As this is a virtual target that will not be used in the real world there is
> +# no need for real SSH keys.  Disable rng-tools (which takes too long to
> +# initialise) and install the pre-generated keys.
> +PACKAGECONFIG_remove_pn-openssh = "rng-tools"
> +MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
> -- 
> 2.25.1
> 

> 
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1224): https://lists.yoctoproject.org/g/meta-arm/message/1224
Mute This Topic: https://lists.yoctoproject.org/mt/77556973/3617530
Group Owner: meta-arm+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-