scarce entropy during boot

[mmahut]

One of the issue I'm seeing using fido2luks is that when the system is booting and fido2luks is run during the initrd process, it can take several seconds to initialize because of limited entropy from the pool. Mostly on machines without CONFIG_RANDOM_TRUST_CPU.

[    0.233968] random: get_random_bytes called from start_kernel+0x91/0x4d2 with crng_init=0
[    1.699907] random: fido2luks: uninitialized urandom read (16 bytes read)
[    2.703263] random: fido2luks: uninitialized urandom read (16 bytes read)
[    2.772650] random: fido2luks: uninitialized urandom read (16 bytes read)
[   12.186591] random: crng init done

This is even worse on GRUB as it is not using the UEFI random number protocol that ought to seed the kernel PRNG on boot.

Are they any getrandom() calls we can remove during the open process? Are there any missing GRND_NONBLOCK flags?

[shimunn]

I'd guess that the problem lies here https://github.com/shimunn/ctap/blob/ctap_hmac/src/crypto.rs#L26 but I'm not sure what to do about it since it might not be a good idea to substitute the randomness with a static seed or similar.

[mmahut]

Can we maybe add an option, to print out output a message asking user to perform any actions to gather entry while we are waiting for CRNG to get initialized? That way the user is aware of the staling and can react, as just waiting for several seconds until moving your mouse is not obvious in most cases.

[mmahut]

It actually works pretty good with kernels from 5.4 as per https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50ee7529ec4500c88f8664560770a7a1b65db72b