Entropy fail with NanoPI R2S?

Hardware Single Board Computers
1

Hi.

I have installed the core161 on a NanoPI R2S and it seems to work OK, but I seem to have a problem.

imagen
imagen964Ă—540 34.9 KB

The operation is erratic and from SSH it tells me this:

[root@bs ~]# rngd -l
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
4: NIST Network Entropy Beacon (nist)
Available and enabled entropy sources:
Available entropy sources that failed initalization:
0: Hardware RNG Device (hwrng)
[root@bs ~]#

[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.
[root@bs ~]#

If I delete the pid:

imagen
imagen970Ă—113 4.64 KB 

[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running.
[root@bs ~]#

If I start it:

[root@bs ~]# /etc/init.d/rngd start
Starting Random Number Generator Daemon...                             [  OK  ]
[root@bs ~]#

But:

[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.
[root@bs ~]#

Something is wrong. What can be?

Thanks.

Regards.

2

Hi,

this looks like rngd crashes right after it started, leaving the (orphaned) PID file in place.

Do you observe anything in /var/log/messages at the time you try to start rngd?

Thanks, and best regards,
Peter MĂĽller

3

I am see the same error with status:

[root@ipfireR2S ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.

With /etc/init.d/rngd stopped and pid removed I ran:

[root@ipfireR2S ~]# /etc/init.d/rngd start
Starting Random Number Generator Daemon...                                                                                                                                        [  OK  ]

[root@ipfireR2S ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.

but there are no errors in /var/log/messages!


If I added a -d (Enable debug output):

[root@ipfireR2S ~]# /usr/sbin/rngd -d -r /dev/hwrng

Then there are errors in /var/log/messages:

Dec  4 11:29:03 ipfireR2S rngd: Initializing available sources 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: read error 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: No available rng device 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: Initialization Failed 
Dec  4 11:29:03 ipfireR2S rngd: can't open any entropy source
Dec  4 11:29:03 ipfireR2S rngd: Maybe RNG device modules are not loaded
4

I added in an the 4: NIST Network Entropy Beacon (nist) and it seemed to like that:

Screen Shot 2021-12-04 at 12.25.24 PM
Screen Shot 2021-12-04 at 12.25.24 PM2000Ă—1162 168 KB


But it doesn’t like the /dev/hwrng for a rng-device…

Dec  4 12:04:06 ipfireR2S rngd: Initializing available sources 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: read error 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: No available rng device 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: Initialization Failed 
Dec  4 12:04:06 ipfireR2S rngd: [nist  ]: Getting new record 
Dec  4 12:04:21 ipfireR2S rngd: [nist  ]: Initialization Failed 
Dec  4 12:04:21 ipfireR2S rngd: can't open any entropy source
Dec  4 12:04:21 ipfireR2S rngd: Maybe RNG device modules are not loaded
1 Like
5

The hwrng of the R2S seems to be buggy. It fails the FIPS randomness test and should not used.

2 Likes
6

What should be used? hwrng and hwrngtty both fail.

7

Hello Roberto - it may help to open a bugzilla bug report for the Entropy issue.

Jon

1 Like
8

Hi @jon.

I didn’t know if it was cause to open a “Bugzilla”.

It is already open: 12744 – Entropy fail with NanoPI R2S

Greetings.

2 Likes
9

Hello everyone.

It has been like this for several days:

imagen
imagen965Ă—540 35.4 KB

Without doing anything, with the same problems, it appears like this. Seem right. :grinning:

A bit weird though. It’s not like that?.

Regards.

10

it took a few days for the vacuum tubes to warm up…

:grin:

11

Perhaps it was a false alarm with its corresponding false belief of correct operation :slightly_frowning_face:

imagen
imagen964Ă—538 35.1 KB

Yesterday I had to restart the IPFire and it has worked herratically again. I will try to reproduce the steps to see if it works correctly again (in case it worked correctly).

Regards.

12

I just installed CU 162 (testing) on the NanoPi R2S and it seems to have the same Entropy issue.

Screen Shot 2021-12-17 at 7.09.49 PM
Screen Shot 2021-12-17 at 7.09.49 PM2000Ă—1310 204 KB

IPFire 2.27 (aarch64) - Core Update 162 Development Build: master/65d5ec52

System versions

IPFire version IPFire 2.27 (aarch64) - core162 Development Build: master/65d5ec52
Pakfire version 2.27.1-aarch64
Kernel version Linux ipfireR2S.localdomain 5.15.6-ipfire #1 SMP Sun Dec 12 17:34:13 GMT 2021 aarch64 GNU/Linux
13

Hi all,

to prevent some confusions: On systems without any or without a useable HWRNG, network activity increases the entropy, as the kernel is able to get some random numbers from timers, offsets, etc.

Perhaps there was high network activity during the timespans you observed more entropy… :slight_smile:

Thanks, and best regards,
Peter MĂĽller