TLS and boot time on low end embedded Linux systems

One issue you might face using TLS security (HTTPS,, MQTT, etc) is a long delay on bootup until the system gets enough hardware entropy to think the random number generator is secure. These delays can be minutes on a i.MX6UL. I tried setting /proc/sys/kernel/random/read_wakeup_threshold to some low number, but that did not make any difference. I then tried rng-tools – that reduced the boot time some, but boot time was still double. I then tried haveged – it worked – now back down to 38s boot time.

Would be interesting to study exactly how this works, but for a low profile IoT system, bank level encryption is not really necessary as the data is of little value, so not really worth hacking.

1 Like

It appears buildroot also provides the haveged utility.