why getrandom blocking does not work with /dev/urandom

From: Stephan Mueller
Date: Fri Oct 21 2016 - 23:44:01 EST


Hi Ted,

as mentioned, I looked a bit deeper into the issue of adding the blocking
behavior of getrandom to /dev/urandom.

As you and I already identified, moving that blocking behavior to /dev/urandom
simply does not work. The system does not boot.

The reason to this issue is actually quite simple. The init process of systemd
reads /dev/urandom for whatever purpose. Now, when /dev/urandom blocks during
boot, systemd will be blocked too. That means that user space (either in the
initramfs or with the regular root partition) is set up.

When there is no user space initialized, there are no devices set up. The
network card is not initialized, the block devices are not mounted, other
devices are not initialized. That means that neither interrupts nor block
device events are registered.

The only device that does not need setup and that will generate events is a
keyboard / mouse whose drivers are statically compiled (or other devices that
trigger interrupts without requiring any user space setup procedure). Thus, if
you use HID long enough, the kernel will eventually receive sufficient entropy
from these events, release systemd and user space starts.

However, just by itself, user space will almost never start with a blocking
behavior of /dev/urandom.

Ciao
Stephan