Created attachment 963 [details] imagen1 I have installed the core161 on a NanoPI R2S and it seems to work OK, but I seem to have a problem. imagen1 The operation is erratic and from SSH it tells me this: [root@bs ~]# rngd -l Entropy sources that are available but disabled 1: TPM RNG Device (tpm) 4: NIST Network Entropy Beacon (nist) Available and enabled entropy sources: Available entropy sources that failed initalization: 0: Hardware RNG Device (hwrng) [root@bs ~]# [root@bs ~]# /etc/init.d/rngd status /usr/sbin/rngd is not running but /var/run/rngd.pid exists. [root@bs ~]# If I delete the pid: imagen2 [root@bs ~]# /etc/init.d/rngd status /usr/sbin/rngd is not running. [root@bs ~]# If I start it: [root@bs ~]# /etc/init.d/rngd start Starting Random Number Generator Daemon... [ OK ] [root@bs ~]# But: [root@bs ~]# /etc/init.d/rngd status /usr/sbin/rngd is not running but /var/run/rngd.pid exists. [root@bs ~]# Something is wrong. What can be?
Created attachment 964 [details] imagen2
It looks like this device does not have a HWRNG or the kernel driver does not work. Is there anything in dmesg? You can safely run this system even without it working.
Hi. Forcing the start of each one, this appears: [root@bs ~]# rngd -l Entropy sources that are available but disabled 1: TPM RNG Device (tpm) 4: NIST Network Entropy Beacon (nist) Available and enabled entropy sources: Available entropy sources that failed initalization: 0: Hardware RNG Device (hwrng) [root@bs ~]# --- [root@bs ~]# rngd -f -i -n tpm Enabling 1: TPM RNG Device (tpm) Initializing available sources [hwrng ]: Initialization Failed [tpm ]: The TPM entropy source only supports TPM1.2 hardware and is deprecated. TPM2.0 and later hardware exports entropy via /dev/hwrng, which can be collected via the hwrng entropy source in rngd [tpm ]: Initialization Failed can't open any entropy sourceMaybe RNG device modules are not loaded [root@bs ~]# --- [root@bs ~]# rngd -f -i -n nist Enabling 4: NIST Network Entropy Beacon (nist) Initializing available sources [hwrng ]: Initialization Failed [nist ]: WARNING: NIST Randomness beacon is sent in clear text over the internet. Do not use this source in any entropy pool which generates cryptographic objects! [nist ]: Initialized ^C[nist ]: Shutting down [root@bs ~]# --- [root@bs ~]# rngd -f -i -n hwrng Enabling 0: Hardware RNG Device (hwrng) Initializing available sources [hwrng ]: Initialization Failed can't open any entropy sourceMaybe RNG device modules are not loaded [root@bs ~]# --- the "nist" I have read is not recommended. In /var/log/messages, only something (the same) appears for the "tpm". Thanks.
You cannot force starting any of them if the hardware isn't there. Which kernel modules are loaded?
for more info see: https://community.ipfire.org/t/entropy-fail-with-nanopi-r2s/6750
Hi Michael. The loaded modules I think are these: [root@bs ~]# lsmod Module Size Used by ledtrig_netdev 20480 0 tun 57344 2 nfnetlink_queue 28672 4 nfnetlink 20480 5 nfnetlink_queue xt_NFQUEUE 16384 8 xt_connlimit 16384 1 nf_conncount 24576 1 xt_connlimit xt_time 16384 1 xt_MASQUERADE 20480 1 xt_geoip 20480 305 xt_ipp2p 20480 1 compat_xtables 16384 1 xt_ipp2p xt_multiport 20480 2 xt_hashlimit 28672 2 xt_nat 16384 1 xt_policy 16384 5 xt_TCPMSS 16384 1 xt_conntrack 16384 7 xt_comment 16384 9 ipt_REJECT 16384 1 nf_reject_ipv4 16384 1 ipt_REJECT xt_LOG 20480 9 xt_limit 20480 10 xt_mark 16384 7 xt_connmark 20480 2 nf_log_ipv4 16384 9 nf_log_common 20480 1 nf_log_ipv4 iptable_raw 16384 1 iptable_mangle 16384 1 iptable_nat 16384 1 nf_nat 49152 3 xt_nat,iptable_nat,xt_MASQUERADE iptable_filter 16384 1 vfat 28672 2 fat 86016 1 vfat cdc_ether 20480 0 usbnet 53248 1 cdc_ether r8152 81920 0 mii 20480 2 usbnet,r8152 sch_fq_codel 24576 3 xhci_plat_hcd 20480 0 realtek 24576 1 dwmac_rk 28672 0 stmmac_platform 24576 1 dwmac_rk stmmac 204800 2 stmmac_platform,dwmac_rk pcs_xpcs 20480 1 stmmac dwc3 139264 0 ptp 32768 1 stmmac pps_core 28672 1 ptp processor 32768 0 fan 20480 0 button 20480 0 [root@bs ~]# Regards.
Yes they are, but there is nothing with "rng" on that list.
Is this bug still valid?
Created attachment 1019 [details] Entropy graph low Entropy still exists as of CU 164 and today...
With Core Update 169, the kernel has been updated, containing an upstream change regarding the handling of entropy. This change should cause a sufficient amount of entropy available under any circumstances, and since Linux now always reports to have 256 bits of entropy available, I guess this ticket can be resolved as being - indirectly - fixed. https://blog.ipfire.org/post/ipfire-2-27-core-update-169-released
Closing this as fixed, see comment #10 for the rationale.