rngd [-b | --background | -f | --foreground]
[-p file | --pidfile=file]
[-B n | --rng-buffers=n] [--hrng=name] [-R name | --rng-
driver=name] [-r file | --rng-device=file]
[-H n.nnn | --rng-entropy=n.nnn] [-Q quality | --rng-quality=quality]
[-T n | --rng-timeout=n] [-o file | --random-device=file] [-s n | --random-step=n]
[-W n | --fill-watermark=n[%]]
[-t n | --feed-interval=n]
[-?] [--help] [-V] [--version]
This documenatin is severly abridged, see the man page and other refereneces for descriptions ed
Feeds entropy from a trusted source of randomness (called an entropy source) TrueRandomNumberGenerator (TRNG), to an entropy sink
The primary purpose of rngd is to keep this pool as full of randomness as possible.
If working with the kernel as an entropy sink, and the entropy pool is full, the daemon will force-feed the kernel random-step*8
bits of data every feed-interval seconds, to stir the entropy pool.
-b |
There is usually not much bandwidth available from a HRNG. Don't drain too much with too low a feed- interval, or rngd may not have enough data on its buffers when the kernel gets low on entropy.
SIGUSR1
to stderr
when in foreground mode, or syslog when in background mode.
raspberry pi zero w
2019-12-05 16:41:27 dapi2 daemon.info rngd[251]: stats: bits received from HRNG source: 2,460,064 bits sent to kernel pool: 2,412,288 entropy added to kernel pool: 2,412,288 FIPS 140-2 successes: 123 FIPS 140-2 failures: 0 FIPS 140-2(2001-10-10) Monobit: 0 FIPS 140-2(2001-10-10) Poker: 0 FIPS 140-2(2001-10-10) Runs: 0 FIPS 140-2(2001-10-10) Long run: 0 FIPS 140-2(2001-10-10) Continuous run: 0 HRNG source speed: (min=83.776; avg=267.081; max=690.126)Kibits/s FIPS tests speed: (min=571.206; avg=4804.457; max=6351.626)Kibits/s Lowest ready-buffers level: 0 Entropy starvations: 86 Time spent starving for entropy: (min=6,943; avg=28,116.221; max=94,230)usFIPS 140-2 successes and failures blocks accepted or rejected by the tests.
Seems to this authour that the only warning information in the stats is Lowest level and starvations
see example
Maybe use rsyslog filter or cleanLog
to delete stats: FIPS 140-2
forum
SIGTERM
terminates rngd cleanly.
SIGUSR1
dumps statistics
Don't shrink the capacity of the kernel entropy pool with rngd running, restart rngd when kernel entropy pool size is changed.
cat /proc/sys/kernel/random/entropy_availReview of statics on dapi2 show need for change
egrep 'Lowest|starvations' daemon.info | grep -v 's: 0' |grep -v 'l: [1-9]' 2019-12-05 12:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 12:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86 2019-12-05 13:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 13:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86 2019-12-05 14:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 14:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86 2019-12-05 15:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 15:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86 2019-12-05 16:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 16:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86 2019-12-05 17:41:27 dapi2 daemon.info rngd[251]: stats: Lowest ready-buffers level: 0 2019-12-05 17:41:27 dapi2 daemon.info rngd[251]: stats: Entropy starvations: 86over time period contained in daemon.info
cut -c6-14 daemon.info |uniq |tail 12-05 09: 12-05 10: 12-05 11: 12-05 12: 12-05 13: 12-05 14: 12-05 15: 12-05 16: 12-05 17: 12-05 18:Additional raspberry discussion:
the hwrng is not set up to feed /dev/random unless you install rng-tools. (and /dev/urandom is a pseudo number generator once entropy pool is exhausted) the arch article on rng-tools suggests testing it is working by this command, and if hwrng is set up it will be instantaneous, otherwise will take a long time. dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock I ran the test on zero stretch-lite with rng-tools and one without with rng-tools 1+0 records in 1+0 records out 1024 bytes (1.0 kB, 1.0 KiB) copied, 0.0192011 s, 53.3 kB/s without rng-tools 1+0 records in 1+0 records out 1024 bytes (1.0 kB, 1.0 KiB) copied, 98.4036 s, 0.0 kB/s