Package: rng-tools5
Version: 5-4+b1
Apparently rngd-service fails by default:
# systemctl daemon-reload
# systemctl restart rngd
# systemctl status rngd
x rngd.service - Start entropy gathering daemon (rngd)
Loaded: loaded (/lib/systemd/system/rngd.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-08-15 14:46:07 CEST; 8s
ago
Duration: 3ms
Docs: man:rngd(8)
Process: 16819 ExecStart=/usr/sbin/rngd -f (code=exited, status=1/FAILURE)
Main PID: 16819 (code=exited, status=1/FAILURE)
CPU: 2ms
Aug 15 14:46:07 dpcl064 systemd[1]: Started Start entropy gathering daemon
(rngd).
Aug 15 14:46:07 dpcl064 rngd[16819]: Unable to open file: /dev/tpm0
Aug 15 14:46:07 dpcl064 rngd[16819]: can't open any entropy source
Aug 15 14:46:07 dpcl064 rngd[16819]: Maybe RNG device modules are not loaded
Aug 15 14:46:07 dpcl064 systemd[1]: rngd.service: Main process exited,
code=exited, status=1/FAILURE
Aug 15 14:46:07 dpcl064 systemd[1]: rngd.service: Failed with result
'exit-code'.
# modprobe rng-core
# systemctl restart rngd
# systemctl status rngd
* rngd.service - Start entropy gathering daemon (rngd)
Loaded: loaded (/lib/systemd/system/rngd.service; enabled; preset: enabled)
Active: inactive (dead) since Mon 2022-08-15 14:53:10 CEST; 22s ago
Duration: 4ms
Docs: man:rngd(8)
Process: 16889 ExecStart=/usr/sbin/rngd -f (code=exited, status=0/SUCCESS)
Main PID: 16889 (code=exited, status=0/SUCCESS)
CPU: 3ms
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: read error
Aug 15 14:53:10 dpcl064 rngd[16889]: No entropy sources working, exiting rngd
Aug 15 14:53:10 dpcl064 systemd[1]: rngd.service: Deactivated successfully.
# modprobe intel-rng
modprobe: ERROR: could not insert 'intel_rng': No such device
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 36 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: GenuineIntel
BIOS Vendor ID: Intel
Model name: Intel(R) Core(TM) i5 CPU 661 @ 3.33GHz
BIOS Model name: Intel(R) Core(TM) i5 CPU 661 @ 3.33GHz
To Be Filled By O.E.M. CPU @ 3.3GHz
BIOS CPU family: 205
CPU family: 6
Model: 37
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
Stepping: 2
Frequency boost: enabled
CPU(s) scaling MHz: 37%
CPU max MHz: 3334.0000
CPU min MHz: 1200.0000
BogoMIPS: 6687.80
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopolog
y nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64
monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt aes
lahf_lm pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid
dtherm ida arat flush_l1d
Virtualization features:
Virtualization: VT-x
Caches (sum of all):
L1d: 64 KiB (2 instances)
L1i: 64 KiB (2 instances)
L2: 512 KiB (2 instances)
L3: 4 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX disabled
L1tf: Mitigation; PTE Inversion; VMX conditional cache
flushes, SMT vulnerable
Mds: Vulnerable: Clear CPU buffers attempted, no microcode;
SMT vulnerable
Meltdown: Mitigation; PTI
Mmio stale data: Not affected
Retbleed: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user
pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW,
STIBP conditional, RSB filling
Srbds: Not affected
Tsx async abort: Not affected
The traditional workaround was something like
# echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
Moving to rng-tools5 this config file is gone, AFAICS. rngd(8) doesn't help.
Regards
Harri
