New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change poolsize definition for recent Linux kernels? #195
Comments
I argued that this should not have happened as they were completely breaking the ABI for rngd. That said, yes, it should be changed. Do you want to submit a patch? |
I'm working on a patch. Whilst testing the patch I found another issue, this code also has no effect in recent kernels. This is indicated in recent kernel docs: "This file is writable for compatibility purposes, but writing to it has no effect on any RNG behavior." This seems like the kernel PR (not sure which kernel versions this applies to) from March 2022 that made it read-only: torvalds/linux@77553cf Testing even on the command line with This renders the above rngd code, and also the --fill-watermark / -W option irrelevant. As a side-note, when testing on Virtualbox x86_64 I notice that jitter gives the following error:
unless I set the (new to 6.16) "-O jitter:timeout" option to "20". |
yeah, I really hate how the kernel changed this interface. IMHO while they adhered to the "don't break the ABI" rule in the strictest sense, they completely broke rngd functionally with the changes they made. In truth, the kernel doesn't really accept exernal entropy in the way it used to (because they have an internal jitter source that attempts to reduce/prevent blocking in read from /dev/random. I've thought about ways to keep rngd "working" with newer kernels, but doing so would be at the cost of potentially breaking older kernels that will still be around for some time. You're welcome to propose a patch for it, but if the kernel doesn't want user space input to the random pool, so be it, rngd still has lots of use in monte-carlo testing, and other non-kernel use cases. |
So are you saying that with recent kernels there is no real point in using rngd to improve /dev/random entropy? For machines without a hwrng/TPM or CPU rdrand/darn/rndr instructions available for the kernel to directly use how does the kernel's current jitter code compare to rngd with jitterentropy library? Is there any benefit in using rngd + JITTER in such scenarios? I assume rngd can still provide additional entropy to the kernel if the PKCS11 and/or RTLSDR sources are used. |
| So are you saying that with recent kernels there is no real point in using rngd to improve /dev/random entropy? As for weather or not the kernel has any external requirement on entropy, I can't say for certain. I can say that reading /dev/random should no longer ever block, and I believe the kernel guys doing these updates have done the math to prove the relative security of that implementation, but if you are an individual that wants to say, add entropy of an external source, you're kind of out of luck | For machines without a hwrng/TPM or CPU ... As for advantages to using rngd + JITTER, its kind of a moot point because if you do the latter, it just doesn't work on recent kenrels. | I assume rngd can still provide additional entropy to the kernel if the PKCS11 and/or RTLSDR sources are used. |
not blocking anymore (5.6+) and the standard kernel provied entropy pool is strong enough (5.10+) so that tools like rng-tools or haveged are not required anymore and just unnecessarily consume CPU time. (cf. nhorman/rng-tools#195 (comment), https://forum.manjaro.org/t/low-entropy-on-my-system/119233)
not blocking anymore (5.6+) and the standard kernel provied entropy pool is strong enough (5.10+) so that tools like rng-tools or haveged are not required anymore and just unnecessarily consume CPU time. (cf. nhorman/rng-tools#195 (comment), https://forum.manjaro.org/t/low-entropy-on-my-system/119233)
Recent Linux kernels have changed the entropy poolsize from 4096 to 256.
However rngd_linux.c contains:
#define DEFAULT_WATERMARK_GUESS 4096
and rngd.8.in and rngd.c also refer to a poolsize of 4096.Shouldn't this be changed, at least in rngd_linux.c, to be 256 instead?
The text was updated successfully, but these errors were encountered: