haveged: systemd service: move from multi-user.target to sysinit.target

For devices with no or defective HW RNG, it takes quite long until
the kernel random device is seeded, up to several 10 seconds.
See kernel "random: crng init done" message for this.

As a consequence, anything using /dev/random will block accordingly.
This is even true for "ssh-keygen -l" invocations, which should just
show the fingerprint of a pubkey. Which can be used e.g. to check for
valid keys to be present.

One way to expedite this is to run haveged, of course at the cost of
reduced quality of the random numbers.
But this start has to happen rather early in the boot process.

By default (based upon this (old) haveged package), haveged is started
late as user service in multi-user.target.

So move the start of haveged from multi-user.target to sysinit.target.
Also add a service dependency on after systemd-random-seed.service
(responsible to seed from a stored random pool, if enabled) and
systemd-tmpfiles-setup-dev.service (responsible to setup the dev files).

Comparable is done within Fedora and SuSE.

Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

1 files changed, 2 insertions, 1 deletions

diff --git a/projectroot/usr/lib/systemd/system/haveged.service b/projectroot/usr/lib/systemd/system/haveged.service
index 81070ca8b..5fab8c665 100644
--- a/projectroot/usr/lib/systemd/system/haveged.service
+++ b/projectroot/usr/lib/systemd/system/haveged.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Entropy Daemon based on the HAVEGE algorithm
 Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+After=systemd-random-seed.service systemd-tmpfiles-setup-dev.service
 
 [Service]
 Type=simple
@@ -8,4 +9,4 @@ ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
 SuccessExitStatus=143
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=sysinit.target