[yocto] long time for starting sshd (wait for crng init done ?)

[Mark Hatle]

On 5/13/19 2:07 PM, star at gmx.li wrote:
> From yocto 2.5 to 2.7 I noticed a change in booting. The kernel stops for around 85 seconds.
> It seems to me that starting sshd takes time until crng init is done.
> In 2.5 it doesn't wait for that. How can I avoid that?
> Maybe I have to add that I use a recipe that adds keys as rootfs is usually r/o.
> 
> Another think I have observed (which is not clear to me): I don't get a message from system message bus anymore. ???
> 
> Instead of it udevd complains about "specific group 'kvm' unknown. Looking into source there are  mentioned:
> # The static_node is required on s390x and ppc (they are using MODULE_ALIAS)
> So, can I safely ignore that (use ARM).
> 
> 

There was recently a discussion on this in the oe-core mailing list (Search for
"[OE-core] [PATCH 2/2] openssh: usable sshd depends on rngd from rng-tools", be
sure to read the whole thread.)  Assuming you are using certain cryptography
resources, the system is waiting for enough entropy for a good random number set.

Often you may need to enable rngd, or up the quality of the kernel hardware
random number generators, as many are set very low.  (Often the hardware random
number generator you have is of sufficient quality that the quality level can be
increased to generate random numbers more quickly.)

Be aware of the ramifications if you make these changes to your system -- as
faster entropy generation does not necessarily equal quality.  There are
numerous incorrect assumptions about entropy and the kernel for these.  Above
all else, do not use /dev/urandom as an entropy source for /dev/random.  That is
simply not safe to do.

What you do NOT want to do is figure out that you are booting 10k boards in a
factory and they all end up getting exactly the same random numbers and thus
identical keys.  (Yes this has happened in the past!)

--Mark