[SOLVED] Entropy and HWRNG after core 122 update

General questions.
Post Reply
datamorgana
Posts: 53
Joined: May 16th, 2014, 7:51 am

[SOLVED] Entropy and HWRNG after core 122 update

Post by datamorgana » August 14th, 2018, 10:10 am

My IPfire still runs with an 32bit-PAE kernel and I cannot change to a 64bit installation on the short term. However, my beloved hardware RNG USB stick is not working anymore after the update to core 122. The rngd crashes after start and the entropy has decreased from approx. 4kbit to 400bit which is not so nice. Is there a solution already?

Thanks and regards
datamorgana

---

Mein IPfire läuft noch mit einem 32bit-PAE-Kernel und ich kann aus mehreren Gründen noch nicht auf 64bit upgraden. Dennoch würde ich gerne meinen bewährten HWRNG-USB-Stick weiter verwenden, was nach dem Core 122 Update nicht mehr geht, da der rngd sich nicht mehr starten lässt. Die Entropie der Kiste ist seitdem von ca. 4000bit auf ca. 400bit gesunken. Nicht so toll... Ist hier schon eine Lösung in Sicht?

Danke und Grüße
datamorgana

Image
Last edited by datamorgana on August 17th, 2018, 10:21 am, edited 1 time in total.

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8086
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Entropy and HWRNG after core 122 update

Post by Arne.F » August 14th, 2018, 10:54 am

You need to change the udev scripts for the tty rng because /dev/hwrng already exists with kernel 4.14 also if there is no supported kernel hwrng.

Add a command to remove /dev/hwrng before creating the symlink to the usb device of you tty rng
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

datamorgana
Posts: 53
Joined: May 16th, 2014, 7:51 am

Re: [SOLVED] Entropy and HWRNG after core 122 update

Post by datamorgana » August 15th, 2018, 7:53 am

Thanks Arne, that was of great help to me!

Actually I did not remove the "/dev/hwrng" device that might be needed by kernel 4.14 but I changed the "/lib/udev/rules.d/90-hwrng.rules" file I once created when I deployed the TrueRNG stick and chose a different name for the SYMLINK "/dev/truerng" to be created, like

Code: Select all

SUBSYSTEM=="tty", ATTRS{product}=="TrueRNG", SYMLINK+="truerng", RUN+="/bin/stty raw -echo -ixoff -F /dev/%k speed 3000000"
ATTRS{idVendor}=="04d8", ATTRS{idProduct}=="f5fe", ENV{ID_MM_DEVICE_IGNORE}="1"
Then I changed the "/etc/init.d/rngd" file in the "start" case section to read

Code: Select all

loadproc /usr/sbin/rngd --quiet --rng-device=/dev/truerng
Now it works and IPfire has >3kbit entropy. ;D

Code: Select all

[root@IPfire ~]# ls -la /dev/*rng
crw------- 1 root root 10, 183 Aug 15 09:27 /dev/hwrng
lrwxrwxrwx 1 root root       7 Aug 15 09:27 /dev/truerng -> ttyACM0
Thanks,
datamorgana
Image

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8086
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Entropy and HWRNG after core 122 update

Post by Arne.F » August 15th, 2018, 10:52 am

This is off course the better solution...
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

Lux73
Posts: 26
Joined: January 31st, 2017, 5:40 pm

Re: Entropy and HWRNG after core 122 update

Post by Lux73 » August 15th, 2018, 3:54 pm

my 64bit Installation had the same problem after core 122 update...

THX for the Solution!

Greetings from Germany
IPFire 2.21 (x86_64) - Core Update 127 | RGBO
APU2c4|mSATA i530 120GB|Compex WLE600-VX@ac|PRG310-51

datamorgana
Posts: 53
Joined: May 16th, 2014, 7:51 am

Re: [SOLVED] Entropy and HWRNG after core 122 update

Post by datamorgana » August 20th, 2018, 11:52 am

BTW the hardware solution for TrueRNG that I'm using with IPfire is described here: https://ubld.it/products/truerng-hardwa ... generator/
Image

extrasolar
Posts: 51
Joined: October 30th, 2016, 11:24 am

Re: [SOLVED] Entropy and HWRNG after core 122 update

Post by extrasolar » August 20th, 2018, 2:19 pm

I'm also interested in this device, but I couldn't find a local online shop yet to avoid high shipping costs to Germany.
Home: VF VDSL 109↓ 33↑, AVM FB: 7590 [07.01], RPi: Pi-hole [4.2.1], VPN: IPsec
Office: VF Cable 400↓ 25↑, Modem: CBN CH7466CE, IPFire-HW: Jetway NC9C-550-LF, VPN: IPsec

Image

datamorgana
Posts: 53
Joined: May 16th, 2014, 7:51 am

Re: [SOLVED] Entropy and HWRNG after core 122 update

Post by datamorgana » August 20th, 2018, 2:38 pm

Sadly enough there seems to be no local shop in Germany. When I bought this item back in 2015, I ordered 4 pieces to justify the high (but compared to 2018 still much lower) shipping costs. After some shipments got lost on the way to Germany, Tindie now ships with insurance which makes it more expensive. I have no experiences with Amazon.com shipment from the USA.
Image

Lux73
Posts: 26
Joined: January 31st, 2017, 5:40 pm

Re: [SOLVED] Entropy and HWRNG after core 122 update

Post by Lux73 » August 20th, 2018, 4:30 pm

@ extrasolar

this is similar from Germany: http://www.ibbergmann.org/ZUFALLSGENERA ... ce/PRG310/

this works for me 8)
IPFire 2.21 (x86_64) - Core Update 127 | RGBO
APU2c4|mSATA i530 120GB|Compex WLE600-VX@ac|PRG310-51

Post Reply