By looking at the kernel source code diff it seems this doesn’t need a kernel parameter (such as hypothetically
entropy=[blob of random data].
We could ship an
/etc/default/grub.d configuration file snippet in package security-misc that reads some random data from
/dev/random  and adds it to kernel command line. 
How many bytes should be added?
Sized between 1024 bytes and 4096 bytes are being discussed.
- Bug 1386824 - random-seed size should be 4096 bytes in size
- random-seed: raise POOL_SIZE_MIN to 1024 (#1386824) #84
How would we encode the random data? (because should not write random characters directly into config file - these can mess up terminal and/or editors)
- sha512? hash using sha512 every x bytes?
- something better?
Should this kernel parameter be the first in line or last in line? This is because when users want to change kernel command line in grub boot menu (press
E to edit) they would see a huge random blob of data which is not pretty and bad usability. That makes me wonder if this is a good idea at all.
Isn’t there a “second kernel command line” or similar? Or any saner interface for the bootloader to pass entropy to the kernel? Maybe something similar to early-rng-init-tools for better entropy? would be a better idea?
systemd-boot loader supports passing a random seed file to the kernel when being used with EFI. More on that here:
I haven’t found anything for grub and/or non-EFI. Yet have to read that Tails ticket.
 The disadvantages of this implementation are:
- visible in
Why not pass the boot loader random seed via kernel command line instead of as EFI variable?
The kernel command line is accessible to unprivileged processes via
/proc/cmdline. It’s not desirable if unprivileged processes can use this information to possibly gain too much information about the current state of the kernel’s entropy pool.
- stays static until update-grub is re-run (mostly only at kernel upgrade)
- non-ideal but not a problem because no entropy added to the kernel mix can in theory worsen the quality of Linux entropy.
- perhaps better to re-generate this file on every boot but I don’t see yet a way to do so in an atomic way - meaning not break booting if grub config file generation is interrupted due to power loss or reboot