Comments (12)
rngd -l -d perhaps? debug info is always useful.
though I can tell you right now, that if you are on a more recent kernel, the tpm device is going to be disabled by default, because the kernel exports tpm entropy through /dev/hwrng. the tpm device is just there for older/legacy kernels. If you do have an older kernel, then you will want to run with the -n tpm option to expressly enable the tpm entropy source
As for why your hwrng failed to init, you want to dump out the debug information. If I had to guess, I would predict that you are running on a kernel for which /sys/devices/virtual/misc/hw_random/rng_available is reporting zero rngs as backing entropy sources
from rng-tools.
Well, I had indeed just to select few additional TPM config options in the kernel to get the TPM now working.
I was just curious that TPM was reported as unused (and /dev/tpm was not present at that time and hwrng was not used too).
BTW I do run here 5.12.13.
from rng-tools.
did you select CONFIG_HW_RANDOM_TPM=y in your config? If not, then the tpm won't export entropy via /dev/hwrng, and rngd won't be able to initialize it.
from rng-tools.
no, this is a rather recent zen3 Hetzner server and these configd were missing:
mr-fox /usr/src/linux # diff .config .config.old
1610,1612c1610,1611
< CONFIG_TCG_TIS_CORE=y
< CONFIG_TCG_TIS=y
< CONFIG_TCG_TIS_I2C_CR50=y
---
> # CONFIG_TCG_TIS is not set
> # CONFIG_TCG_TIS_I2C_CR50 is not set
1619c1618
< CONFIG_TCG_CRB=y
---
> # CONFIG_TCG_CRB is not set
from rng-tools.
so, is that a no to CONFIG_HW_RANDOM_TPM=y being set? If so, that explains your issue
from rng-tools.
so, is that a no to CONFIG_HW_RANDOM_TPM=y being set? If so, that explains your issue
Oh no, those were set before, but weren't enough:
mr-fox ~ # grep _TPM /usr/src/linux/.config
CONFIG_TCG_TPM=y
CONFIG_HW_RANDOM_TPM=y
from rng-tools.
ok, then you need to run rngd -f -d -l and provide the debug output here for us to understand whats going on
from rng-tools.
mr-fox ~ # uname -a
Linux mr-fox 5.12.12 #11 SMP Fri Jun 18 11:15:40 CEST 2021 x86_64 AMD Ryzen 9 5950X 16-Core Processor AuthenticAMD GNU/Linux
mr-fox ~ # rngd -f -l -f
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
Available and enabled entropy sources:
2: Intel RDRAND Instruction RNG (rdrand)
6: JITTER Entropy generator (jitter)
Available entropy sources that failed initalization:
0: Hardware RNG Device (hwrng)
mr-fox ~ # ls -l /dev/hwrng
crw------- 1 root root 10, 183 Jun 24 19:16 /dev/hwrng
mr-fox ~ # tail -v /sys/devices/virtual/misc/hw_random/*
==> /sys/devices/virtual/misc/hw_random/dev <==
10:183
==> /sys/devices/virtual/misc/hw_random/power <==
tail: error reading '/sys/devices/virtual/misc/hw_random/power': Is a directory
==> /sys/devices/virtual/misc/hw_random/rng_available <==
==> /sys/devices/virtual/misc/hw_random/rng_current <==
none
==> /sys/devices/virtual/misc/hw_random/rng_selected <==
0
==> /sys/devices/virtual/misc/hw_random/subsystem <==
tail: error reading '/sys/devices/virtual/misc/hw_random/subsystem': Is a directory
==> /sys/devices/virtual/misc/hw_random/uevent <==
MAJOR=10
MINOR=183
DEVNAME=hwrng
from rng-tools.
you didn't include the -d option, and as such you didn't get any debug output.
The tail output of rng_avail tells the story though. You don't have a rng backing the /dev/hwrng device, so it won't produce any entropy, and as such, rng-tools fails to initialize it, as to why thats happening, I can't say. your config should have added the tpm as an entropy source to the hwrng backing stores, but it appears to not have. The logic that does that is in the kernel function tpm_add_hwrng. I expect you can add a printf there or just trace the function to see if its getting called.
But from rngd's standpoint, this appears to be working as designed
from rng-tools.
-d seems to have no effect:
# rngd -f -d -l
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
Available and enabled entropy sources:
2: Intel RDRAND Instruction RNG (rdrand)
6: JITTER Entropy generator (jitter)
Available entropy sources that failed initalization:
0: Hardware RNG Device (hwrng)
But the question is; what about enabling TPM if hwrng initialization fails ?
from rng-tools.
oh, thats a bug, I turn off message loging so the output of -l is pretty, but I should likely override that if debug is enabled.
As for enabling tpm, thats up to you. As I noted above, this is working as designed. Because sysfs doesn't report any backing sources for /dev/hwrng, rngd is doing what its supposed to, in that it fails init of the hwrng source. It wouldn't make any sense to just fall back and automatically try the tpm source, because we have no visibility into what the kernel config is, and don't know if the tpm even supports entropy extraction via that path. That said, theres no reason you can't enable it at run time with the -n tpm command line option. This is all documented in the man page
from rng-tools.
ok, fair enough.
So just -d is left for you ;)
from rng-tools.
Related Issues (20)
- v6.15 build fails with jitterentropy 3.4 HOT 4
- rng-tools stopped to build with jitterentropy v3.4.0 HOT 16
- kernel handling of hwrng versus rngd HOT 3
- [6.14] rngd --list not showing full list and hangs HOT 31
- rngd and the LRNG HOT 14
- rngtestjitter.sh failures after recent changes HOT 23
- building without qrypt fails HOT 1
- Is it useful with kernel 5.18 (new rng blake2 output - entropy_avail always equal to 256)? HOT 1
- rngd fails with gcrypt library HOT 2
- 'rngd -l' | sources associated to an incorrect index HOT 1
- Add mention of kernel version when referring to it in documentation HOT 6
- External tool as entropy source for Jetson devices HOT 3
- Consider a new release for compatibility with jitterentropy-3.4 HOT 1
- Is it possible to add an option to capture the random data from the source to a file rather than adding it to the kernel entropy pool ? HOT 2
- 6.16: test suie runs forever HOT 2
- Change poolsize definition for recent Linux kernels? HOT 5
- Socket interface for hardware TRNGs HOT 7
- JITTER_OPT_TIMEOUT default value is too low HOT 4
- Coarse mixing of multiple entropy sources HOT 3
- xread_jitter bails out with EWOULDBLOCK in init_jitter_entropy_source (rngd_jitter.c) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rng-tools.