Ben,
even though X is not involved, you are right on the money about this
being caused by waiting for random bits. This is a kernel bug caused by
urandom blocking when it should not. I will merge the issues when I have
my final patch ready.
You can see the "random: plymouthd: uninitialized urandom read" warning
in my screen photo:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=897572;filename=img_20180504_120059.jpg;msg=37
This bug is introduced by the "crng_init > 0" to "crng_init > 1" change
in this commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
This change inadvertently impacts urandom_read, causing the crng_init==1
state to be treated as uninitialized and causing urandom to block,
despite this state existing *specifically* to support non-cryptographic
needs at boot time:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c#n1863
Reverting 43838a23a05f ("random: fix crng_ready() test") fixes the bug
(tested with 4.16.5-1), but this may cause security concerns
(CVE-2018-1108 is mentioned in 43838a23a05f). I am testing a more
localised fix that should be more palatable to upstream.
Kind regards,
--
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
