[OneRNG-Discuss] Debian 12 kernel ignoring entropy from OneRNG?

Denis BEURIVE dbeurive at protonmail.com
Thu Mar 14 20:03:40 GMT 2024 

Hello Tom,

Just in case it may help, I have written notes about using ONERNG on Ubuntu 21.10:

https://github.com/denis-beurive/onerng-notes

Best regards.

Denis

-----------------------------

Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, merci de le détruire ainsi que toute copie de votre système et d'en avertir immédiatement l'expéditeur. Toute lecture non autorisée, toute utilisation de ce message qui n'est pas conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite.

-----------------------------

This message and any attachments (the "message") is intended solely for the intended addressees and is confidential. If you receive this message in error,or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender. Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited.

Envoyé avec la messagerie sécurisée Proton Mail.

Le mercredi 13 mars 2024 à 11:35, Tom Yates <madhatter at teaparty.net> a écrit :

> I've got a D12 system, kernel 6.1.0-18, with an attached OneRNG. As far
> as I can tell, the OneRNG isn't filling up the entropy pool: cat
> /proc/sys/kernel/random/entropy_avail always returns 256 .
> 
> The OneRNG is inside the system case, on a USB cable, and the case is in a
> colo about 50 miles away, so it's difficult for me to see the LED. But
> when the system is rebooted, onerng.sh starts up just fine; I see it in
> the process table:
> 
> root 1215 0.0 0.0 2576 892 ? S 09:14 0:00 /bin/sh /sbin/onerng.sh feeder ttyACM0
> 
> I see it sleep for 5 seconds:
> 
> root 8033 0.0 0.0 2484 928 ? S 09:34 0:00 sleep 5
> 
> then fire up and send a bunch of entropy to /dev/random via dd:
> 
> root 8069 16.6 0.0 2532 924 ? R 09:34 0:00 dd if=/dev/ttyACM0 of=/dev/random bs=128 count=200
> 
> at which point it goes back to sleep for 5 seconds. strace-ing the
> process shows the same pattern of events, which I think is what's expected
> of it.
> 
> Just in case, I also read notes referred to in an earlier post on this
> list [1], manually killed the onerng.sh script, and manually started rngd
> with the appropriate flags:
> 
> root at lory:~# rngd -r /dev/ttyACM0 -f
> rngd 2.2 starting up...
> entropy feed to the kernel ready
> 
> but still, the entropy pool remains stubbornly 256 bytes deep. If I add
> "-S 60" to the daemon's flags, it logs once a minute along these lines:
> 
> stats: bits received from HRNG source: 60064
> stats: bits sent to kernel pool: 7680
> stats: entropy added to kernel pool: 7680
> stats: FIPS 140-2 successes: 3
> stats: FIPS 140-2 failures: 0
> stats: FIPS 140-2(2001-10-10) Monobit: 0
> stats: FIPS 140-2(2001-10-10) Poker: 0
> stats: FIPS 140-2(2001-10-10) Runs: 0
> stats: FIPS 140-2(2001-10-10) Long run: 0
> stats: FIPS 140-2(2001-10-10) Continuous run: 0
> stats: HRNG source speed: (min=2.129; avg=3.330; max=5.304)Mibits/s
> stats: FIPS tests speed: (min=23.147; avg=40.524; max=66.925)Mibits/s
> stats: Lowest ready-buffers level: 2
> stats: Entropy starvations: 0
> stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us
> 
> so it, too, seems to be getting entropy from the OneRNG and feeding it to
> the kernel, but again to no avail.
> 
> I suppose it's possible that this system has enormous drains on its
> entropy pool, but it didn't have them last week (when it was running
> CentOS 7, also with the OneRNG inside) and the duty-cycle hasn't changed
> much.
> 
> Does anyone have any thoughts about either (a) ways to hunt down an
> entropy sink, or (b) why my kernel seems to be ignoring entropy added to
> the pool?
> 
> 
> --
> 
> Tom Yates - https://www.teaparty.net
> 
> 
> [1] https://github.com/denis-beurive/onerng-notes?tab=readme-ov-file
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.onerng.info
> https://lists.ourshack.com/mailman/listinfo/discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - dbeurive at protonmail.com - 0x3E433681.asc
Type: application/pgp-keys
Size: 1767 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20240314/56069f44/attachment.key>

More information about the Discuss mailing list