Fixed
Created: Nov 27, 2018
Updated: Mar 14, 2019
Resolved Date: Feb 22, 2019
Found In Version: unknown
Fix Version: 10.18.44.3
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Documentation
ssh or scp that uses random number for cryptography fails to continue until the system random number pool is fully initialized("random: crng init done" shown on command line).
This comes up after the fix for CVE-2018-1108 is included, which insists that the system random number pool should not be used until it's fully initialized. There is nothing wrong with the fix. The failure is due to not enough entropy generated during boot process of qemu guest machine.
To mitigate in this scenario, we can append "-device virtio-rng-pci" and/or "-device virtio-rng-device" to qemu command line.
Here is an example:
1) build host and guest with regular steps, and boot target
2)qemu-system-x86_64 -enable-kvm -smp 5 -m 512 -net nic,macaddr=00:01:02:03:04:05,model=e1000 \
-net tap,script=/etc/qemu-ifup.tap -drive file=/tmp/vm1,if=virtio \
-kernel /boot/kernel \
-append "root=/dev/vda rw console=ttyS0,115200 ip=dhcp" -nographic \
-device virtio-rng-device
qemu-ifup.tap
#!/bin/sh
ifconfig $1 0
brctl addif virbr0 $1
3) try to ssh to guest
boot with virtio-rng
1) build host and guest with regular steps, and boot target
2)qemu-system-x86_64 -enable-kvm -smp 5 -m 512 -net nic,macaddr=00:01:02:03:04:05,model=e1000 \
-net tap,script=/etc/qemu-ifup.tap -drive file=/tmp/vm1,if=virtio \
-kernel /boot/kernel -append "root=/dev/vda rw console=ttyS0,115200 ip=dhcp" -nographic
qemu-ifup.tap
#!/bin/sh
ifconfig $1 0
brctl addif virbr0 $1
3) try to ssh to guest