| Message ID | 20220502211001.4183095-2-wes@mitsi.com |
|---|---|
| State | New |
| Headers | show |
| Series | rng-tools: disable libjitterentropy due to cpu usage | expand |
Isn't this desirable if you don't have an hwrng? We want to generate entropy so we can perform cryptographic operations by default if we bring in rng-tools. On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: > > After boot rngd maxes out the processor initializing JITTER entropy for > some minutes. Here we disable libjitterentropy in favor of only using > the hardware random source via config. > > Signed-off-by: Wes Malone <wes@mitsi.com> > --- > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > index 0696351903..4eed060960 100644 > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig > > EXTRA_OECONF = "--without-rtlsdr" > > -PACKAGECONFIG ??= "libjitterentropy" > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > > PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > -- > 2.36.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165176): https://lists.openembedded.org/g/openembedded-core/message/165176 > Mute This Topic: https://lists.openembedded.org/mt/90845997/4454469 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [wak@google.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Yes, I wonder why this needs to be disabled altogether at build time. Can’t rng-tools figure out the right sources at run time? Alex On Mon 2. May 2022 at 23.33, William A. Kennington III via lists.openembedded.org <wak=google.com@lists.openembedded.org> wrote: > Isn't this desirable if you don't have an hwrng? We want to generate > entropy so we can perform cryptographic operations by default if we > bring in rng-tools. > > On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: > > > > After boot rngd maxes out the processor initializing JITTER entropy for > > some minutes. Here we disable libjitterentropy in favor of only using > > the hardware random source via config. > > > > Signed-off-by: Wes Malone <wes@mitsi.com> > > --- > > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > index 0696351903..4eed060960 100644 > > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig > > > > EXTRA_OECONF = "--without-rtlsdr" > > > > -PACKAGECONFIG ??= "libjitterentropy" > > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > > > > PACKAGECONFIG[libargp] = > "--with-libargp,--without-libargp,argp-standalone," > > -- > > 2.36.0 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165177): > https://lists.openembedded.org/g/openembedded-core/message/165177 > Mute This Topic: https://lists.openembedded.org/mt/90845997/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
> Isn't this desirable if you don't have an hwrng? Perhaps what's needed then is a 'hwrng' in MACHINE_FEATURES? > Can’t rng-tools figure out the right sources at run time? rng-tools enables jitter by default if it's built in, even if hwrng is available. Maybe it's faster to do this on more powerful machines but it's disruptive to run the cpu at max for so long on my pi's. We could also disable it with the /etc/defaults file with `-x jitter`. On Mon, May 2, 2022 at 11:47 PM Alexander Kanavin <alex.kanavin@gmail.com> wrote: > > Yes, I wonder why this needs to be disabled altogether at build time. Can’t rng-tools figure out the right sources at run time? > > Alex > > On Mon 2. May 2022 at 23.33, William A. Kennington III via lists.openembedded.org <wak=google.com@lists.openembedded.org> wrote: >> >> Isn't this desirable if you don't have an hwrng? We want to generate >> entropy so we can perform cryptographic operations by default if we >> bring in rng-tools. >> >> On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: >> > >> > After boot rngd maxes out the processor initializing JITTER entropy for >> > some minutes. Here we disable libjitterentropy in favor of only using >> > the hardware random source via config. >> > >> > Signed-off-by: Wes Malone <wes@mitsi.com> >> > --- >> > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - >> > 1 file changed, 1 deletion(-) >> > >> > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb >> > index 0696351903..4eed060960 100644 >> > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb >> > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb >> > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig >> > >> > EXTRA_OECONF = "--without-rtlsdr" >> > >> > -PACKAGECONFIG ??= "libjitterentropy" >> > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" >> > >> > PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," >> > -- >> > 2.36.0 >> > >> > >> > >> > >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#165177): https://lists.openembedded.org/g/openembedded-core/message/165177 >> Mute This Topic: https://lists.openembedded.org/mt/90845997/1686489 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
On Tue, May 3, 2022 at 8:23 AM Wes Malone <wes@mitsi.com> wrote: > > > Isn't this desirable if you don't have an hwrng? > Perhaps what's needed then is a 'hwrng' in MACHINE_FEATURES? > > > Can’t rng-tools figure out the right sources at run time? > rng-tools enables jitter by default if it's built in, even if hwrng is > available. Maybe it's faster to do this on more powerful machines but > it's disruptive to run the cpu at max for so long on my pi's. > > We could also disable it with the /etc/defaults file with `-x jitter`. > I wonder if rng-tools is still needed after 5.6+ kernel after this commit [1] Arch Linux wiki says no [2]. We added this as a recommendation to openssh by default [3] [4], I wonder if we can turn that off by default and perhaps add havaged as dependency if needed. [5] changed to use /dev/hwrng which seems right change to me. I also wonder if we can tune the resource requirement for rng-tools with limiting cpu threads and buffers allocated for this. [1] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 [2] https://wiki.archlinux.org/title/Rng-tools [3] https://git.openembedded.org/openembedded-core/commit/?id=9b01375236e19e3366c58877c4154d7c71632984 [4] https://git.openembedded.org/openembedded-core/commit/?id=fe99349c1bd72b69d22ab0dc52b8825d3157b8e7 [5] https://git.openembedded.org/openembedded-core/commit/?id=f1dc9ac46710814c27cae2d22e79c84a9522993a > > On Mon, May 2, 2022 at 11:47 PM Alexander Kanavin > <alex.kanavin@gmail.com> wrote: > > > > Yes, I wonder why this needs to be disabled altogether at build time. Can’t rng-tools figure out the right sources at run time? > > > > Alex > > > > On Mon 2. May 2022 at 23.33, William A. Kennington III via lists.openembedded.org <wak=google.com@lists.openembedded.org> wrote: > >> > >> Isn't this desirable if you don't have an hwrng? We want to generate > >> entropy so we can perform cryptographic operations by default if we > >> bring in rng-tools. > >> > >> On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: > >> > > >> > After boot rngd maxes out the processor initializing JITTER entropy for > >> > some minutes. Here we disable libjitterentropy in favor of only using > >> > the hardware random source via config. > >> > > >> > Signed-off-by: Wes Malone <wes@mitsi.com> > >> > --- > >> > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - > >> > 1 file changed, 1 deletion(-) > >> > > >> > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > >> > index 0696351903..4eed060960 100644 > >> > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > >> > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > >> > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig > >> > > >> > EXTRA_OECONF = "--without-rtlsdr" > >> > > >> > -PACKAGECONFIG ??= "libjitterentropy" > >> > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > >> > > >> > PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > >> > -- > >> > 2.36.0 > >> > > >> > > >> > > >> > > >> > >> > >> > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165204): https://lists.openembedded.org/g/openembedded-core/message/165204 > Mute This Topic: https://lists.openembedded.org/mt/90845997/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
I'm not well versed enough in these details to make a decision but I'd like to help fix it once the decision is made. I of course moved on with a small append on my end but I'd like to help fix this since it affected my project. On Tue, May 3, 2022 at 11:21 AM Khem Raj <raj.khem@gmail.com> wrote: > > On Tue, May 3, 2022 at 8:23 AM Wes Malone <wes@mitsi.com> wrote: > > > > > Isn't this desirable if you don't have an hwrng? > > Perhaps what's needed then is a 'hwrng' in MACHINE_FEATURES? > > > > > Can’t rng-tools figure out the right sources at run time? > > rng-tools enables jitter by default if it's built in, even if hwrng is > > available. Maybe it's faster to do this on more powerful machines but > > it's disruptive to run the cpu at max for so long on my pi's. > > > > We could also disable it with the /etc/defaults file with `-x jitter`. > > > > I wonder if rng-tools is still needed after 5.6+ kernel after this commit [1] > Arch Linux wiki says no [2]. We added this as a recommendation to > openssh by default [3] [4], > I wonder if we can turn that off by default and perhaps add havaged as > dependency if needed. > [5] changed to use /dev/hwrng which seems right change to me. I also > wonder if we can tune > the resource requirement for rng-tools with limiting cpu threads and > buffers allocated for this. > > [1] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 > [2] https://wiki.archlinux.org/title/Rng-tools > [3] https://git.openembedded.org/openembedded-core/commit/?id=9b01375236e19e3366c58877c4154d7c71632984 > [4] https://git.openembedded.org/openembedded-core/commit/?id=fe99349c1bd72b69d22ab0dc52b8825d3157b8e7 > [5] https://git.openembedded.org/openembedded-core/commit/?id=f1dc9ac46710814c27cae2d22e79c84a9522993a > > > > > On Mon, May 2, 2022 at 11:47 PM Alexander Kanavin > > <alex.kanavin@gmail.com> wrote: > > > > > > Yes, I wonder why this needs to be disabled altogether at build time. Can’t rng-tools figure out the right sources at run time? > > > > > > Alex > > > > > > On Mon 2. May 2022 at 23.33, William A. Kennington III via lists.openembedded.org <wak=google.com@lists.openembedded.org> wrote: > > >> > > >> Isn't this desirable if you don't have an hwrng? We want to generate > > >> entropy so we can perform cryptographic operations by default if we > > >> bring in rng-tools. > > >> > > >> On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: > > >> > > > >> > After boot rngd maxes out the processor initializing JITTER entropy for > > >> > some minutes. Here we disable libjitterentropy in favor of only using > > >> > the hardware random source via config. > > >> > > > >> > Signed-off-by: Wes Malone <wes@mitsi.com> > > >> > --- > > >> > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - > > >> > 1 file changed, 1 deletion(-) > > >> > > > >> > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > >> > index 0696351903..4eed060960 100644 > > >> > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > >> > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > >> > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig > > >> > > > >> > EXTRA_OECONF = "--without-rtlsdr" > > >> > > > >> > -PACKAGECONFIG ??= "libjitterentropy" > > >> > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > > >> > > > >> > PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > > >> > -- > > >> > 2.36.0 > > >> > > > >> > > > >> > > > >> > > > >> > > >> > > >> > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#165204): https://lists.openembedded.org/g/openembedded-core/message/165204 > > Mute This Topic: https://lists.openembedded.org/mt/90845997/1997914 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
one way is to make rng-tools use less resources on embedded devices perhaps limit the number of cores its give and buffer sizes. secondly send a patch to remove openssh dependency on rng-tools perhaps On Thu, May 5, 2022 at 2:34 PM Wes Malone <wes@mitsi.com> wrote: > > I'm not well versed enough in these details to make a decision but I'd > like to help fix it once the decision is made. I of course moved on > with a small append on my end but I'd like to help fix this since it > affected my project. > > On Tue, May 3, 2022 at 11:21 AM Khem Raj <raj.khem@gmail.com> wrote: > > > > On Tue, May 3, 2022 at 8:23 AM Wes Malone <wes@mitsi.com> wrote: > > > > > > > Isn't this desirable if you don't have an hwrng? > > > Perhaps what's needed then is a 'hwrng' in MACHINE_FEATURES? > > > > > > > Can’t rng-tools figure out the right sources at run time? > > > rng-tools enables jitter by default if it's built in, even if hwrng is > > > available. Maybe it's faster to do this on more powerful machines but > > > it's disruptive to run the cpu at max for so long on my pi's. > > > > > > We could also disable it with the /etc/defaults file with `-x jitter`. > > > > > > > I wonder if rng-tools is still needed after 5.6+ kernel after this commit [1] > > Arch Linux wiki says no [2]. We added this as a recommendation to > > openssh by default [3] [4], > > I wonder if we can turn that off by default and perhaps add havaged as > > dependency if needed. > > [5] changed to use /dev/hwrng which seems right change to me. I also > > wonder if we can tune > > the resource requirement for rng-tools with limiting cpu threads and > > buffers allocated for this. > > > > [1] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 > > [2] https://wiki.archlinux.org/title/Rng-tools > > [3] https://git.openembedded.org/openembedded-core/commit/?id=9b01375236e19e3366c58877c4154d7c71632984 > > [4] https://git.openembedded.org/openembedded-core/commit/?id=fe99349c1bd72b69d22ab0dc52b8825d3157b8e7 > > [5] https://git.openembedded.org/openembedded-core/commit/?id=f1dc9ac46710814c27cae2d22e79c84a9522993a > > > > > > > > On Mon, May 2, 2022 at 11:47 PM Alexander Kanavin > > > <alex.kanavin@gmail.com> wrote: > > > > > > > > Yes, I wonder why this needs to be disabled altogether at build time. Can’t rng-tools figure out the right sources at run time? > > > > > > > > Alex > > > > > > > > On Mon 2. May 2022 at 23.33, William A. Kennington III via lists.openembedded.org <wak=google.com@lists.openembedded.org> wrote: > > > >> > > > >> Isn't this desirable if you don't have an hwrng? We want to generate > > > >> entropy so we can perform cryptographic operations by default if we > > > >> bring in rng-tools. > > > >> > > > >> On Mon, May 2, 2022 at 2:10 PM Wes Malone <wes@mitsi.com> wrote: > > > >> > > > > >> > After boot rngd maxes out the processor initializing JITTER entropy for > > > >> > some minutes. Here we disable libjitterentropy in favor of only using > > > >> > the hardware random source via config. > > > >> > > > > >> > Signed-off-by: Wes Malone <wes@mitsi.com> > > > >> > --- > > > >> > meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - > > > >> > 1 file changed, 1 deletion(-) > > > >> > > > > >> > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > > >> > index 0696351903..4eed060960 100644 > > > >> > --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > > >> > +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb > > > >> > @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig > > > >> > > > > >> > EXTRA_OECONF = "--without-rtlsdr" > > > >> > > > > >> > -PACKAGECONFIG ??= "libjitterentropy" > > > >> > PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > > > >> > > > > >> > PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > > > >> > -- > > > >> > 2.36.0 > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > > >> > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#165204): https://lists.openembedded.org/g/openembedded-core/message/165204 > > > Mute This Topic: https://lists.openembedded.org/mt/90845997/1997914 > > > Group Owner: openembedded-core+owner@lists.openembedded.org > > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > >
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.15.bb b/meta/recipes-support/rng-tools/rng-tools_6.15.bb index 0696351903..4eed060960 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.15.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.15.bb @@ -21,7 +21,6 @@ inherit autotools update-rc.d systemd pkgconfig EXTRA_OECONF = "--without-rtlsdr" -PACKAGECONFIG ??= "libjitterentropy" PACKAGECONFIG:libc-musl = "libargp libjitterentropy" PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone,"
After boot rngd maxes out the processor initializing JITTER entropy for some minutes. Here we disable libjitterentropy in favor of only using the hardware random source via config. Signed-off-by: Wes Malone <wes@mitsi.com> --- meta/recipes-support/rng-tools/rng-tools_6.15.bb | 1 - 1 file changed, 1 deletion(-)