On Tue, Nov 10, 2020, at 16:05, Thorsten Glaser wrote:
> So we additionally have the case where the character device
> exists but is not usableā¦ oh my.
This was common enough that rngd should know about it and bail out with an
error if it doesn't gey proper random numbers from its input during startup. At
least I vaguely recall adding that logic, including a timeout.
And it won't feed the entropy pool with obvious crap no matter what, although
you can easily fool it of you want, a typical device malfunction (all zeroes,
patterns with too much bias, all ones...) Won't get past it's simplistic
fitness testing (the old fips one).
So you'd start it and it will bail up sometime later because the entropy source
is unfit for use. On systemd you should watch that and don't restart it
aggressively or you'll waste one cpu core worth of busywork in the worst case.
Best case it sleeps.
--
Henrique de Moraes Holschuh <h...@debian.org>
