[OE-core] [PATCH V2 1/2] openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.x

Bruce Ashfield bruce.ashfield at windriver.com
Thu Sep 20 07:22:17 UTC 2018 

On 09/20/2018 12:54 AM, richard.purdie at linuxfoundation.org wrote:
> On Thu, 2018-09-20 at 09:45 +0800, Hongxu Jia wrote:
>> I will fix it as my top priority today.
>>
>> Reproduce steps:
>>
>> - Build core-image-sato-sdk on qemuarm64
>> - Run qemu
>> - Log over ssh (openssh) failed
>>
> 
> I did have a little bit of a look at this. It seems to hang during key
> generation before starting the server during boot.
> 
> I had a suspicion that the problem could be a lack of entropy. We're
> supposed to have the virtio entropy generation being passed through
> from the host to avoid problems with entropy starvation but I'm not
> sure its running for arm64.

We ran into this with OVS in meta-virt as well. The new ssl + the
4.16+ kernel jams initializing crypto. The solution there was to
turn off ssl by default.

Author: Jason Wessel <jason.wessel at windriver.com>
Date:   Wed Sep 5 15:44:45 2018 -0700

     openvswitch: Turn off ssl integration by default

     The openssl library is an optional component for the openvswitch.  The
     problem with it enabled by default is that it will consume system
     entropy to try to initialize the openssl library even though we are not
     using it by default.  With the 4.16 kernel and up there is not always
     enough entropy available at the early boot time which can cause a
     lengthy stall, while waiting to initialize the openvswitch.

     If ssl is needed, it can of course be turned on with the package
     config option "ssl".

     Signed-off-by: Jason Wessel <jason.wessel at windriver.com>
     Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>


> 
> I noticed the .config shows CONFIG_CRYPTO_DEV_VIRTIO=m but setting that
> to =y didn't help. The virtio rng connects via pci bus iirc and
> CONFIG_PCI isn't set so I'm now looking into that...

This was the 2nd solution, but it did work in our cases without hang.

Which is to add: -device virtio-rng-pci to the qemu command line.
But yes, you need PCI for that to work.


> 
> To update, adding this config to the kernel:
> 
> CONFIG_CRYPTO_DEV_VIRTIO=y
> CONFIG_PCI=y
> CONFIG_PCI_HOST_GENERIC=y
> 
> appears to solve the problem and lets my simple tests work. I'll have
> to run some better tests but I think this is the problem, lack pci
> support in the kernel meaning the rng virtio passthrough doesn't work.
> 

Yes. That should be it. If someone sends me a config fragment tweak,
I'll get it into my queue that should come out in the next day or so.

Bruce

> Cheers,
> 
> Richard
> 
> 
> 
> 
> 
>

More information about the Openembedded-core mailing list