Mir - or something - needs to generate a key, because we're securing copy/paste with a secret-key system.
Using /dev/urandom is unsafe for something that'll run in early-boot, before the random pool is initialised; if /dev/urandom is used at that time there's no entropy so it'd relatively simple to break the key and hence the copy/paste security.
Since USC doesn't require copy/paste we can avoid the most likely trigger for the problem by USC not providing cookies.
If this is insufficient, we could not provide cookies until a source of randomness has been initialised.
We could also rework the copy/paste API to not require a secret key.
We *shouldn't* handle this by throwing away the check. If this check is failing, then we're in precisely the situation where urandom has insufficient entropy to provide security guarantees!
Mir - or something - needs to generate a key, because we're securing copy/paste with a secret-key system.
Using /dev/urandom is unsafe for something that'll run in early-boot, before the random pool is initialised; if /dev/urandom is used at that time there's no entropy so it'd relatively simple to break the key and hence the copy/paste security.
Since USC doesn't require copy/paste we can avoid the most likely trigger for the problem by USC not providing cookies.
If this is insufficient, we could not provide cookies until a source of randomness has been initialised.
We could also rework the copy/paste API to not require a secret key.
We *shouldn't* handle this by throwing away the check. If this check is failing, then we're in precisely the situation where urandom has insufficient entropy to provide security guarantees!