A while ago, I added support for the TPM’s pRNG to the rng-tools package in Ubuntu. Since then, Kent Yoder added TPM support directly into the kernel’s /dev/hwrng device. This means there’s no need to carry the patch in rng-tools any more, since I can use /dev/hwrng directly now:
# modprobe tpm-rng # echo tpm-rng >> /etc/modules # grep -v ^# /etc/default/rng-tools RNGDOPTIONS="--fill-watermark=90%" # service rng-tools restart
And as before, once it’s been running a while (or you send SIGUSR1 to rngd), you can see reporting in syslog:
# pkill -USR1 rngd # tail -n 15 /var/log/syslog Aug 13 09:51:01 linux rngd[39114]: stats: bits received from HRNG source: 260064 Aug 13 09:51:01 linux rngd[39114]: stats: bits sent to kernel pool: 216384 Aug 13 09:51:01 linux rngd[39114]: stats: entropy added to kernel pool: 216384 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2 successes: 13 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2 failures: 0 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2(2001-10-10) Monobit: 0 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2(2001-10-10) Poker: 0 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2(2001-10-10) Runs: 0 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2(2001-10-10) Long run: 0 Aug 13 09:51:01 linux rngd[39114]: stats: FIPS 140-2(2001-10-10) Continuous run: 0 Aug 13 09:51:01 linux rngd[39114]: stats: HRNG source speed: (min=10.433; avg=10.442; max=10.454)Kibits/s Aug 13 09:51:01 linux rngd[39114]: stats: FIPS tests speed: (min=73.360; avg=75.504; max=86.305)Mibits/s Aug 13 09:51:01 linux rngd[39114]: stats: Lowest ready-buffers level: 2 Aug 13 09:51:01 linux rngd[39114]: stats: Entropy starvations: 0 Aug 13 09:51:01 linux rngd[39114]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us
I’m pondering getting this running in Chrome OS too, but I want to make sure it doesn’t suck too much battery.
© 2013, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
Hm.
I’ve currently something set up with stunnel and rngd that streams some entropy over the network and feeds it to rngd’s stdin on the Linux side.
Now I wonder whether it’s possible to tell rngd to pull from *both* TPM and stdin to mix those entropy sources?
Comment by mirabilos — August 14, 2013 @ 1:08 am
For sharing entropy over the network, I like using ekeyd-egd-linux with an EGD server. (I’m using ekeyd’s EGD server, but that requires an entropy key.) Someone should write an EGD extension to rng-tools. :)
Comment by kees — August 14, 2013 @ 6:45 am
I have a solution for sharing entropy over a network. What I want is to tell rngd to use *both* the remote entropy from the network *and* the local entropy from the TPM.
Comment by mirabilos — August 14, 2013 @ 7:01 am
Perhaps run two instances of rngd? The interface that feeds entropy into the kernel isn’t exclusive, I don’t think.
Comment by kees — August 14, 2013 @ 7:06 am
Isn’t the TPM a ludicrously slow source of random numbers, both in an absolute sense and especially compared to something like rdrand? Are you just hoping to use it as a source of entropy, rather than directly as an RNG? I assume you don’t plan to use it on platforms new enough to have better options?
Comment by Anonymous — August 14, 2013 @ 11:56 am
Anything is better than nothing. And it’s not too bad, actually. On a newer laptop, the speeds are even better than shown in the post:
But yeah, on systems with RDRAND, who cares about this. You’ll never run out of entropy there. :) But there are plenty of devices that have a TPM and lack RDRAND.
Comment by kees — August 14, 2013 @ 11:59 am
Plus many systems with rdrand don’t have a new enough rng-tools package to actually use it. Debian and Ubuntu are still using rng-tools-2, whereas you need rng-tools-4 for rdrand. I guess Debian forked it a while back which is part of the reason for the lag in updating. Ubuntu does seem to have added rng-tools-4 to 13.10, but since that’s not released yet…
Using the TPM as a source of randomness is better than having nothing at all in my opinion. I’ll use this until I can get rng-tools-4 with rdrand support.
Comment by Josh — August 29, 2013 @ 4:41 pm
I don’t think this is working in Ubuntu 14.04 LTS, unfortunately. Any chance you could check, and perhaps update your instructions, Kees?
Thanks!
:-Dustin
Comment by Dustin Kirkland — March 17, 2014 @ 5:51 pm
I just play with rngd5 9.4 but when sending USR1 signal to rngd it kills the daemon….
rngd produces no output at all. The daemon runs, but how can I now find out it really does what it´s meant to do?
Comment by numberpruncher — May 18, 2017 @ 3:59 am