# kernel 4.16: random crng hangs boot; symptom: wpa_supplicant

## geki

Hi all,

I upgraded kernel from 4.14.15 to 4.16.12. All fine but wpa_supplicant. It hangs between 20~70 seconds on first startup at boot (runlevel default). See pastebin for complete log. Hang happens between these two lines: (delay here is 35 seconds)

```
1527422625.852320: wlp1s0: Setting scan request: 0.100000 sec

1527422700.196846: ENGINE: Loading dynamic engine
```

```
# conf.d file for wpa_supplicant

# uncomment this if wpa_supplicant starts up before your network interface

# is ready and it causes issues

# rc_want="dev-settle"

# Please check man 8 wpa_supplicant for more information about the options

# wpa_supplicant accepts.

#

wpa_supplicant_args="-dd -t -f /tmp/wpa_foo.log"
```

```
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

network={

   ssid="hmth"

   scan_ssid=1

   key_mgmt=WPA-PSK

   psk=<secret>

}

network={

   ssid="WLAN-573772"

   scan_ssid=1

   key_mgmt=WPA-PSK

   psk=<secret>

}

}
```

Anyone any ideas?

----------

## geki

wpa_supplicant is just the symptom. AFAIU it currently, the kernel driver random hangs seeding /dev/random (and the like?) until dmesg message "random: crng init done" appears[0]. To solve this, one should merge sys-apps/rng-tools and add rngd to sysinit boot level to utilize hardware rng. eudev and others need it, too, though they do not hang the boot process. Though, my sandybridge cpus do not have the rdrand feature. There seems to be some sandybridge cpus without that hardware rng feature.  :Confused: 

You see something like this:

```
# dmesg |grep random

[    0.988144] random: fast init done

[    1.670544] random: dd: uninitialized urandom read (512 bytes read)

[    1.675143] random: mktemp: uninitialized urandom read (10 bytes read)

[    2.415934] random: salt-master: uninitialized urandom read (32 bytes read)

[   61.559274] urandom_read: 1 callbacks suppressed

[   61.559276] random: ddclient: uninitialized urandom read (4 bytes read)

[  120.910490] random: apache2: uninitialized urandom read (8 bytes read)

[  120.910505] random: apache2: uninitialized urandom read (8 bytes read)

[  120.910513] random: apache2: uninitialized urandom read (8 bytes read)

[  121.163689] random: crng init done

[  121.163692] random: 2 urandom warning(s) missed due to ratelimiting
```

Any ideas? I will dig further... A ha, just found [1]. So, I have to be security concerned but fixes hang for old cpus without hardware rng, it seems.

Good fix is [0]. Enable your specific hardware rng with rngd, not CAAM. Bad fix is revert [1].

[0] https://www.toradex.com/community/questions/18861/random-number-generator-hangs-for-a-long-time.html

[1] https://unix.stackexchange.com/questions/442698/when-i-log-in-it-hangs-until-crng-init-done

----------

## geki

Until kernel behaves again I must apply this patch:

http://geki.selfhost.eu/hacks/linux-4.16.12-undo_random_fix_crng_ready_test.patch

If anyone got any ideas how to make the kernel behave properly, you are welcome!  :Surprised: 

----------

## IsisTheDamned

had the same issue on my machine w/ 4.14.52

I noticed that hammering your keyboard gets you started faster  :Smile: 

fixed the problem by installing sys-apps/rng-tools and adding rngd to the default runlevel like this:

```

# emerge sys-apps/rng-tools

# rc-update add rngd default

```

----------

## bunder

I had a similar delay recently with using lightdm, installing haveged is another option.   :Wink: 

----------

## giro83

 *IsisTheDamned wrote:*   

> had the same issue on my machine w/ 4.14.52
> 
> I noticed that hammering your keyboard gets you started faster 
> 
> fixed the problem by installing sys-apps/rng-tools and adding rngd to the default runlevel like this:
> ...

 

I had the same issue, and your suggestion fixed it. But adding the service to 'default' was not sufficient, as it would not start in time. I had to add it to 'boot' instead.

----------

## toralf

 *giro83 wrote:*   

> I had to add it to 'boot' instead.

 Yep, that's advised. BTW there're few more rng helper packages:

```
timer_entropyd audio-entropyd haveged
```

worth to be used.

----------

