Created attachment 538996 [details] journald.log of affected boot When I boot the system, it takes a very long time until sddm shows up. When typing something to the keyboard (e.g. switching to another terminal an log in) sddm startup gets much faster. I have notived that the delay is aligned to the kernel message random: crng init done Example: [ 4.234107] IPv6: ADDRCONF(NETDEV_UP): wlp4s0: link is not ready [ 7.155093] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx [ 7.155150] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s25: link becomes ready [ 253.218244] random: crng init done [ 253.218250] random: 7 urandom warning(s) missed due to ratelimiting I have attached a journald log of a delayed boot (see 18:16:57) Thus, this appears to be some entropy problem from my POV. Searching the net I found several other users reporting similar issues: https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done https://bugzilla.redhat.com/show_bug.cgi?id=1572944 # emerge --info Portage 2.3.40 (python 3.5.5-final-0, default/linux/amd64/17.0/desktop/plasma/systemd, gcc-7.3.0, glibc-2.26-r7, 4.16.18-gentoo x86_64) ================================================================= System uname: Linux-4.16.18-gentoo-x86_64-Intel-R-_Core-TM-_i7-4810MQ_CPU_@_2.80GHz-with-gentoo-2.4.1 KiB Mem: 16387312 total, 12426032 free KiB Swap: 16777212 total, 16777212 free Timestamp of repository gentoo: Mon, 09 Jul 2018 14:24:38 +0000 Head commit of repository gentoo: ec552703614f6befc81d4fe77ff0716c31c46a80 Timestamp of repository kde: Mon, 09 Jul 2018 01:43:54 +0000 sh bash 4.4_p12 ld GNU ld (Gentoo 2.30 p2) 2.30.0 app-shells/bash: 4.4_p12::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.24.3-r1::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.5.5::gentoo dev-util/cmake: 3.9.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6-r3::gentoo, 1.15.1-r2::gentoo sys-devel/binutils: 2.30-r2::gentoo sys-devel/gcc: 7.3.0-r3::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/glibc: 2.26-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: -1000 kde location: /var/lib/layman/kde sync-type: laymansync sync-uri: https://github.com/gentoo-mirror/kde.git masters: gentoo priority: 50 local_overlay location: /usr/local/portage masters: gentoo priority: 100 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.3/conf" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.1/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cli-php7.1/ext-active/ /etc/portage/package.accept_keywords/99-autounmask /etc/portage/package.unmask/99-autounmask /etc/portage/package.use/99-autounmask /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=native -ggdb" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask-write --autounmask-continue --jobs=2 --load-average=8" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms sign splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl acpi activities aes alsa amd64 apng avx avx2 bash-completion berkdb bluetooth branding brotli bzip2 cairo cdaudio cdda cddb cdparanoia cdr chm cli crypt cryptsetup cups cxx dbus declarative djvu dnssec dri dri3 dts dvd dvdr egl emboss encode epub evdev exif f16c fam ffmpeg flac fma3 fortran gdbm gif glamor gles glib gpg gpm gstreamer gtk gzip iconv icu id3tag idn imagemagick inotify ipv6 irc jpeg jpeg2k kde kipi kwallet lame lcms ldap libnotify libsamplerate libtirpc lzma mad matroska mmx mmxext mng modules mp3 mp4 mpeg mplayer mtp multilib musicbrainz ncurses networkmanager nls nptl ntp ogg opengl openmp openvpn opus otr pam pango pclmul pcre pdf phonon plasma pm-utils png policykit popcnt ppds pulseaudio qemu qml qt5 quicktime rar readline real rss sdl seccomp semantic-desktop spell spice sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg systemd taglib tcpd theora threads thumbnail tiff truetype twolame udev udisks uefi unicode upower usb v4l v4l2 vaapi vcd vim-syntax visualization vorbis vpx wavpack wayland widgets wifi wma wmf wxwidgets x264 x265 xattr xcb xcomposite xinerama xml xv xvid xvidv xvmc xz zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="intel nouveau modesetting" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Also affects gdm on systemd.. the issue exists across distributions and probably due to a kernel change as specified here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572 My currentl work around has been to install sys-apps/rng-tools[jitterentropy] right now which has brought down the boot time from up to 5 minutes to 13s
This seems to have been backported upstream, so it's likely to affect >=kernel-4.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
I had similar situation with my machine, and as it comes out, this was not a kernel bug. I suppose that something has changed with crng initialization because of CVE-2018-1108. You should install sys-apps/rng-tools, set it up accordingly to your needs/hardware in "/etc/conf.d/rngd" and add it to the boot level: "rc-update add rngd boot". Boot delay should be mitigated.
I have just spotted that you are using systemd so: "systemctl enable rngd.service"
I had the same problem on stable sys-kernel/gentoo-sources-4.14.52 and stable x11-misc/sddm-0.17.0-r4. IMHO this means that rngd should become a dependency of sddm.
Same here. SDDM doesn't start X until this point: [ 13.177997] r8169 0000:06:00.0 eth0: link up [ 13.178017] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 56.959275] random: crng init done [ 56.959278] random: 6 urandom warning(s) missed due to ratelimiting and then I have to press random keys on the keyboard for X to start.
Not sure why Jonas assigned this to the kernel. This patch is in kernels >=4.17.0 and 4.16 is now EOL. Assigning to sddm maintainers for their thoughts about the dependency and keeping kernel project on CC in case we need to do something here. Picking on KDE team, since the user appears to be using the DM.
(In reply to Mike Pagano from comment #7) > Not sure why Jonas assigned this to the kernel. This patch is in kernels > >=4.17.0 and 4.16 is now EOL. I'm on 4.14, which exhibits the same problem, and it's obviously not EOL.
The problem persists for 4.17.6.
There is some broader discussion going on regarding this topic: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Protect-User-Entropy
There are plans to introduce kernel config option to enable hardware CPU's randr and include it to entropy pool which will mitigate the boot delay. https://lkml.org/lkml/2018/7/17/1279
(In reply to PrSo from comment #11) > There are plans to introduce kernel config option to enable hardware CPU's > randr and include it to entropy pool which will mitigate the boot delay. > > https://lkml.org/lkml/2018/7/17/1279 Only if the CPU supports it. Not all do.
Second that, but there could be an alternative besides rng-tools (for those that have such CPU)
Same here. Workaround for me: emerger haveged and enable it.
Linux kernel >=4.19.0 has a new option, with this enabled, the issue is fixed on my systemd box. RANDOM_TRUST_CPU - Trust the CPU manufacturer to initialize Linux's CRNG > Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or > RDRAND, IBM for the S390 and Power PC architectures) is trustworthy > for the purposes of initializing Linux's CRNG. Since this is not > something that can be independently audited, this amounts to trusting > that CPU manufacturer (perhaps with the insistence or mandate > of a Nation State's intelligence or law enforcement agencies) > has not installed a hidden back door to compromise the CPU's > random number generation facilities. This can also be configured > at boot with "random.trust_cpu=on/off". Alternative userspace solutions mentioned in this bug: sys-apps/haveged sys-apps/rng-tools Maybe this in-kernel option also works, in case people have the hardware: CONFIG_HW_RANDOM It seems that, since this bug was reported for more DMs than sddm, it would not be enough for those informations to be only disclosed via sddm ebuild. Thusly reassigning to systemd proj for coordination.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd3d4e174e04d50697e9761bdf2e14be2476fd0a commit fd3d4e174e04d50697e9761bdf2e14be2476fd0a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-03-31 20:46:57 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-04-01 14:47:10 +0000 x11-misc/sddm: Add pkg_postinst info for fixing entropy Closes: https://bugs.gentoo.org/660812 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> x11-misc/sddm/sddm-0.18.1-r6.ebuild | 6 ++++++ 1 file changed, 6 insertions(+)
