Hi,
Just noticed from web admin menu Status > Entropy that Random Number Generator Daemon is shown as running on my firewalls that don’t have CPU hardware support for it.
Logged into CLI to verify not just a web interface problem, and confirmed that rngd process running.
Appears in 2.25 CU 158 and 159 (testing). Not sure if in 157 as have upgraded all my units.
Regards
Hi,
looking at the corresponding initscript, rngd gets started either way:
if [ -e /dev/hwrngtty ]; then
HWRNG=/dev/hwrngtty
else
HWRNG=/dev/hwrng
fi
boot_mesg "Starting Random Number Generator Daemon..."
loadproc /usr/sbin/rngd -r $HWRNG --quiet
You should see one of these files on your IPFire machine:
[root@maverick ~]# file /dev/hwrngtty
/dev/hwrngtty: cannot open `/dev/hwrngtty' (No such file or directory)
[root@maverick ~]# file /dev/hwrng
/dev/hwrng: character special (10/183)
The following commits are related to the status quo:
- git.ipfire.org Git - ipfire-2.x.git/commit
- git.ipfire.org Git - ipfire-2.x.git/commit
- git.ipfire.org Git - ipfire-2.x.git/commit
To cut it short: We cannot reliably determine whether an IPFire machine comes with a true HWRNG or a PRNG, so we just start rngd either way and let it deal with whatever comes. It cannot hurt. 
Thanks, and best regards,
Peter Müller
2 Likes
That didn’t used to be the case.
Thanks for clarifying change in operation.
