rng-tools and VIA chipsets with Padlock

Jeffrey Walton noloader at gmail.com
Mon May 17 21:59:08 UTC 2021


> My question is, is this something Ubuntu would like to investigate?

This looks like a problem I encountered in the past with rng-tools.
The problem in the past was, rngd is an old System V service. It does
not start correctly under Systemd.

I believe I fixed the problem in the past using a proper Systemd
service file. In fact, I think sysv wrapper would actually work if
Systemd retired the failed start.

$ systemctl status rng-tools.service
‚óŹ rng-tools.service
   Loaded: loaded (/etc/init.d/rng-tools; generated)
   Active: active (exited) since Mon 2021-05-17 15:04:17 EDT; 2h 49min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 372 ExecStart=/etc/init.d/rng-tools start (code=exited, status=0/SUCC

May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: No entropy sources working, exiting rngd
May 17 15:04:17 via systemd[1]: Started rng-tools.service.

$ journalctl -xe -u rng-tools.service
...
-- Reboot --
May 17 15:04:15 via systemd[1]: Starting rng-tools.service...
-- Subject: Unit rng-tools.service has begun start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit rng-tools.service has begun starting up.
May 17 15:04:15 via rng-tools[372]: Starting Hardware RNG entropy gatherer daemo
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
<more of the same> ...
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: read error
May 17 15:04:15 via rngd[378]: No entropy sources working, exiting rngd
May 17 15:04:17 via systemd[1]: Started rng-tools.service.
-- Subject: Unit rng-tools.service has finished start-up
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit rng-tools.service has finished starting up.
--
-- The start-up result is RESULT.
lines 1193-1215/1215 (END)

On Mon, May 17, 2021 at 4:33 PM Jeffrey Walton <noloader at gmail.com> wrote:
>
> Hi Everyone,
>
> I have an old VIA C7-D machine I use for testing Padlock. Padlock is a
> security engine provides AES, SHA and a RNG for some of the VIA
> processors. (It predates Intel's gear by about 15 years).
>
> With rng-tools installed I'm seeing failures in /dev/random. Draining
> /dev/random and then trying to read from it is causing prolonged
> blocking. Blocking should not occur since Padlock has a hardware RNG.
>
> It also appears draining /dev/random is breaking /dev/urandom.
> /dev/urandom is blocking on 1024 bytes. It took about 6 minutes to
> read 1024 bytes from /dev/urandom after draining /dev/random.
>
> I pinged Thorsten and Henrique but did not receive a response.
> (Henrique is CC'd in case it fell off his radar).
>
> I believe this is the package:
> https://packages.ubuntu.com/bionic/rng-tools. But I may be mistaken.
>
> My question is, is this something Ubuntu would like to investigate?
>
> ==========
>
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID: Peppermint
> Description:    Peppermint 10 Ten
> Release:        10
> Codename:       bionic
>
> $ apt-cache show rng-tools
> Package: rng-tools
> Architecture: i386
> Version: 5-0ubuntu4
> Priority: optional
> Section: universe/utils
> Origin: Ubuntu
> Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
> Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org>
> Bugs: https://bugs.launchpad.net/ubuntu/+filebug
> Installed-Size: 87
> Provides: intel-rng-tools
> Depends: libc6 (>= 2.4), libgcrypt20 (>= 1.8.0), udev (>= 0.053) |
> makedev (>= 2.3.1-77)
> Conflicts: intel-rng-tools
> Replaces: intel-rng-tools
> Filename: pool/universe/r/rng-tools/rng-tools_5-0ubuntu4_i386.deb
> Size: 22424
> MD5sum: 2d5fb50e664508b75cf5261a5ebd8257
> SHA1: 229fd35e378f76f6a287a108d321e214602f2da5
> SHA256: 946a8f199b1d9f392763871428cfd634702ef4640971a94d977f27fc8a9766bd
> Description-en: Daemon to use a Hardware TRNG
>  The rngd daemon acts as a bridge between a Hardware TRNG (true random number
>  generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
>  PRNG (pseudo-random number generator).
>  .
>  It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
>  tests to verify that it is indeed random, and feeds the random data to the
>  kernel entropy pool.
>  .
>  This increases the bandwidth of the /dev/random device, from a source that
>  does not depend on outside activity.  It may also improve the quality
>  (entropy) of the randomness of /dev/random.
>  .
>  A TRNG kernel module such as hw_random, or some other source of true
>  entropy that is accessible as a device or fifo, is required to use this
>  package.
>  .
>  This is an unofficial version of rng-tools which has been extensively
>  modified to add multithreading and a lot of new functionality.
> Description-md5: 6da2aca3dd07b55b609d9cf3d5d7cd57



More information about the Ubuntu-devel-discuss mailing list