Entropy fail with NanoPI R2S?

Hi.

I have installed the core161 on a NanoPI R2S and it seems to work OK, but I seem to have a problem.

The operation is erratic and from SSH it tells me this:

[root@bs ~]# rngd -l
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
4: NIST Network Entropy Beacon (nist)
Available and enabled entropy sources:
Available entropy sources that failed initalization:
0: Hardware RNG Device (hwrng)
[root@bs ~]#
[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.
[root@bs ~]#

If I delete the pid:

[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running.
[root@bs ~]#

If I start it:

[root@bs ~]# /etc/init.d/rngd start
Starting Random Number Generator Daemon...                             [  OK  ]
[root@bs ~]#

But:

[root@bs ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.
[root@bs ~]#

Something is wrong. What can be?

Thanks.

Regards.

Hi,

this looks like rngd crashes right after it started, leaving the (orphaned) PID file in place.

Do you observe anything in /var/log/messages at the time you try to start rngd?

Thanks, and best regards,
Peter Müller

I am see the same error with status:

[root@ipfireR2S ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.

With /etc/init.d/rngd stopped and pid removed I ran:

[root@ipfireR2S ~]# /etc/init.d/rngd start
Starting Random Number Generator Daemon...                                                                                                                                        [  OK  ]

[root@ipfireR2S ~]# /etc/init.d/rngd status
/usr/sbin/rngd is not running but /var/run/rngd.pid exists.

but there are no errors in /var/log/messages!


If I added a -d (Enable debug output):

[root@ipfireR2S ~]# /usr/sbin/rngd -d -r /dev/hwrng

Then there are errors in /var/log/messages:

Dec  4 11:29:03 ipfireR2S rngd: Initializing available sources 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: read error 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: No available rng device 
Dec  4 11:29:03 ipfireR2S rngd: [hwrng ]: Initialization Failed 
Dec  4 11:29:03 ipfireR2S rngd: can't open any entropy source
Dec  4 11:29:03 ipfireR2S rngd: Maybe RNG device modules are not loaded 

I added in an the 4: NIST Network Entropy Beacon (nist) and it seemed to like that:


But it doesn’t like the /dev/hwrng for a rng-device…

Dec  4 12:04:06 ipfireR2S rngd: Initializing available sources 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: read error 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: No available rng device 
Dec  4 12:04:06 ipfireR2S rngd: [hwrng ]: Initialization Failed 
Dec  4 12:04:06 ipfireR2S rngd: [nist  ]: Getting new record 
Dec  4 12:04:21 ipfireR2S rngd: [nist  ]: Initialization Failed 
Dec  4 12:04:21 ipfireR2S rngd: can't open any entropy source
Dec  4 12:04:21 ipfireR2S rngd: Maybe RNG device modules are not loaded 
1 Like

The hwrng of the R2S seems to be buggy. It fails the FIPS randomness test and should not used.

2 Likes

What should be used? hwrng and hwrngtty both fail.

Hello Roberto - it may help to open a bugzilla bug report for the Entropy issue.

Jon

1 Like

Hi @jon.

I didn’t know if it was cause to open a “Bugzilla”.

It is already open: 12744 – Entropy fail with NanoPI R2S

Greetings.

2 Likes

Hello everyone.

It has been like this for several days:

Without doing anything, with the same problems, it appears like this. Seem right. :grinning:

A bit weird though. It’s not like that?.

Regards.

it took a few days for the vacuum tubes to warm up…

:grin:

Perhaps it was a false alarm with its corresponding false belief of correct operation :slightly_frowning_face:

Yesterday I had to restart the IPFire and it has worked herratically again. I will try to reproduce the steps to see if it works correctly again (in case it worked correctly).

Regards.

I just installed CU 162 (testing) on the NanoPi R2S and it seems to have the same Entropy issue.

IPFire 2.27 (aarch64) - Core Update 162 Development Build: master/65d5ec52

System versions

IPFire version IPFire 2.27 (aarch64) - core162 Development Build: master/65d5ec52
Pakfire version 2.27.1-aarch64
Kernel version Linux ipfireR2S.localdomain 5.15.6-ipfire #1 SMP Sun Dec 12 17:34:13 GMT 2021 aarch64 GNU/Linux

Hi all,

to prevent some confusions: On systems without any or without a useable HWRNG, network activity increases the entropy, as the kernel is able to get some random numbers from timers, offsets, etc.

Perhaps there was high network activity during the timespans you observed more entropy… :slight_smile:

Thanks, and best regards,
Peter Müller