[OneRNG-Discuss] Debian 12 kernel ignoring entropy from OneRNG?

Tom Yates madhatter at teaparty.net
Wed Mar 13 10:35:04 GMT 2024 

I've got a D12 system, kernel 6.1.0-18, with an attached OneRNG.  As far 
as I can tell, the OneRNG isn't filling up the entropy pool: cat
/proc/sys/kernel/random/entropy_avail always returns 256 .

The OneRNG is inside the system case, on a USB cable, and the case is in a 
colo about 50 miles away, so it's difficult for me to see the LED.  But 
when the system is rebooted, onerng.sh starts up just fine; I see it in 
the process table:

root        1215  0.0  0.0   2576   892 ?        S    09:14   0:00 /bin/sh /sbin/onerng.sh feeder ttyACM0

I see it sleep for 5 seconds:

root        8033  0.0  0.0   2484   928 ?        S    09:34   0:00 sleep 5

then fire up and send a bunch of entropy to /dev/random via dd:

root        8069 16.6  0.0   2532   924 ?        R    09:34   0:00 dd if=/dev/ttyACM0 of=/dev/random bs=128 count=200

at which point it goes back to sleep for 5 seconds.  strace-ing the 
process shows the same pattern of events, which I think is what's expected 
of it.

Just in case, I also read notes referred to in an earlier post on this 
list [1], manually killed the onerng.sh script, and manually started rngd 
with the appropriate flags:

root at lory:~# rngd -r /dev/ttyACM0 -f
rngd 2.2 starting up...
entropy feed to the kernel ready

but still, the entropy pool remains stubbornly 256 bytes deep.  If I add 
"-S 60" to the daemon's flags, it logs once a minute along these lines:

stats: bits received from HRNG source: 60064
stats: bits sent to kernel pool: 7680
stats: entropy added to kernel pool: 7680
stats: FIPS 140-2 successes: 3
stats: FIPS 140-2 failures: 0
stats: FIPS 140-2(2001-10-10) Monobit: 0
stats: FIPS 140-2(2001-10-10) Poker: 0
stats: FIPS 140-2(2001-10-10) Runs: 0
stats: FIPS 140-2(2001-10-10) Long run: 0
stats: FIPS 140-2(2001-10-10) Continuous run: 0
stats: HRNG source speed: (min=2.129; avg=3.330; max=5.304)Mibits/s
stats: FIPS tests speed: (min=23.147; avg=40.524; max=66.925)Mibits/s
stats: Lowest ready-buffers level: 2
stats: Entropy starvations: 0
stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us

so it, too, seems to be getting entropy from the OneRNG and feeding it to 
the kernel, but again to no avail.

I suppose it's possible that this system has enormous drains on its 
entropy pool, but it didn't have them last week (when it was running 
CentOS 7, also with the OneRNG inside) and the duty-cycle hasn't changed 
much.

Does anyone have any thoughts about either (a) ways to hunt down an 
entropy sink, or (b) why my kernel seems to be ignoring entropy added to 
the pool?


-- 

       Tom Yates  -  https://www.teaparty.net


[1] https://github.com/denis-beurive/onerng-notes?tab=readme-ov-file

More information about the Discuss mailing list