Hey everyone,
i'm currently working on a custom board based on the amic110 soc using u-boot and (yocto) linux as bootloader and OS.
On bootup openssh generates a rsa key pair. As expected on this platform, key generation does take some time. Unexpected is the behaviour of the key generation: openssh does take between 20 seconds and 380 seconds to generate the keys. I've run a series of tests using the same exact board and software executing the following steps:
1. power on 2. wait for login prompt 3. login and delete keys 4. reboot
Using grabserial, i've measured the time necessary for key creation. The results are all over the place, from 20s up to 380s with a median of 76 seconds. i've repeated the experiment using different boards (custom boards, TI evaluation modules and the BeagleBone Black, all with some kind of an am355x based SoC) and software versions, but the results (especially the deviation between key generation times on one device) were the same.
I'm using Yocto 3.1 (Dunfell) with the TI Kernel 5.4.106 with openssl 1.1.1l. Support for RNG is enabled as per TI documentation:
[ 1.119132] omap_rng 48310000.rng: Random Number Generator ver. 20 [ 1.127665] random: fast init done [ 1.131274] random: crng init done
From my point of view the problem is entropy related. Does anyone experience the same problems on this SoC, are there suggestions on additional configurations to speed up key generation reliably? Or is this just expected behaviour of the RNG?
I'm not necessarily interested in speeding up the key generation, but i'd like to understand why the time needed is all over the place.
Thanks in advance,
Dave