You are not logged in.

#1 2018-11-16 09:51:06

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

[solved] Determine whether rngd works

On our several digital signage systems we ran into the commonly known lack-of-entropy problem.
Hence, I installed haveged on those systems. However the respective wiki article states some security concerns regarding the randomness that haveged produces and to prefer a "hardware based random number generator" (I thought haveged was one as well since it uses the CPU?) like rngd.
So I wanted to give rngd a shot.
On the rngd page it states that one can test wheter "it works" by running "rngd -f" which yields the following on my machines.

$ sudo rngd -f

Initalizing available sources

Failed to init entropy source hwrng

Enabling RDRAND rng support

Initalizing entropy source rdrand

There it keeps hanging with no further output.
Unfortunately I have no idea what to do with the information above.
Does it work?

rngd wrote:

Enabling RDRAND rng support

Initalizing entropy source rdrand

Or does it not work?

rngd wrote:

Failed to init entropy source hwrng

Solved
I did not read far enough:

$ LANG=C dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock
1+0 records in
1+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 0.00255431 s, 401 kB/s

The speed is not "around 50 kB/s", but way higher, so I suspect that it works, since it hangs, when "rngd -f" is not running.
PS:
While it works on our Intel systems, it does not do so on our legacy AMD devices;

$ sudo rngd -f

Initalizing available sources

Failed to init entropy source hwrng

Failed to init entropy source rdrand

can't open any entropy source
Maybe RNG device modules are not loaded

Hence I'll stick to haveged.

Last edited by schard (2018-11-16 10:06:50)

Offline

#2 2018-11-16 11:45:27

Everette88
Member
Registered: 2018-02-17
Posts: 41

Re: [solved] Determine whether rngd works

With Linux 4.19 and later it's better to use

random.trust_cpu=on

in boot cmdline instead.

Offline

#3 2018-11-22 10:51:10

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

Re: [solved] Determine whether rngd works

Everette88 wrote:

With Linux 4.19 and later it's better to use

random.trust_cpu=on

in boot cmdline instead.

Not an option:

$ sudo grep options /boot/loader/entries/digital-signage.conf
options	init=/usr/lib/systemd/systemd root=LABEL=root rw random.trust_cpu=on
$ cat /proc/sys/kernel/random/entropy_avail
10

Offline

#4 2018-11-22 11:58:04

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,427

Re: [solved] Determine whether rngd works

Yes all of these use a CPU instruction available since sandybridge and amd zen so if you have an older AMD CPU you must use haveged (or some other software based solution): https://en.wikipedia.org/wiki/RdRand

Offline

Board footer

Powered by FluxBB