This actually looks like a kernel bug. The bug is easily reproducible in
qemu, BTW, and goes away if one adds a virtio-rng.
I have verified (again, using strace in the service file) that
systemd-random-seed gets successfully executed, successfully reads 512
bytes from its seed file, writes them to /dev/urandom, reads 512 bytes
of urandom back, and saves them, and that it all happens before the
start of NetworkManager.
The problem is that the kernel does not think that this big write to
urandom (or, for that matter, a write by haveged) is sufficient to
initialize the non-blocking entropy pool.
--
Alexander E. Patrakov
