rngd - Man Page

Check and feed random data from hardware device to kernel random device

Synopsis

rngd [-b, --background] [-f, --foreground] [-d, --debug] [-l, --list] [-x, --exclude] [-n, --include] [-O, --option] [-i, --ignorefail] [-o, --random-device=file] [-p, --pid-file=file] [-r, --rng-device=file] [-s, --random-step=nnn] [-t, --test] [-W, --fill-watermark=nnn] [-R, --force-reseed=nnn] [-u, --use-slow-sources] [-D, --drop-privileges=user:group] [-q, --quiet] [-?, --help] [-v, --version]

Description

This daemon feeds data from a random number generator to the kernel's random number entropy pool, after first checking the data to ensure that it is properly random.

The -f or --foreground options can be used to tell rngd to avoid forking on startup.  This is typically used for debugging.  The -b or --background options, which fork and put rngd into the background automatically, are the default.

The -r or --rng-device options can be used to select an alternate source of input, besides the default /dev/hwrng. The -o or --random-device options can be used to select an alternate entropy output device, besides the default /dev/random. Note that this device must support the Linux kernel /dev/random ioctl API.

Options

-b,  --background

Become a daemon (default)

-f,  --foreground

Do not fork and become a daemon

-d,  --debug

Enable debug messages

-l,  --list

List the indexes and names of available entropy sources. Exit code when listing sources is 0 if at least 1 entropy source was found and initialized, 1 otherwise.

-x,  --exclude

Disable entropy sources based on index or (shortname) reported from --list option

-n,  --include

Enable entropy sources based on index or (shortname) reported from --list option

-O,  --option

Provide specific config options to individual entropy sources, in the format --option [index|shortname]:key:value.  See Entropy Sources section below for indices and source specific options.  Note that specifying -O [<index>|<shortname>] will print the available options for that index to the console.

-p file, --pid-file=file

File used for recording daemon PID, and multiple exclusion (default: /var/run/rngd.pid)

-i,  --ignorefail

Ignore repeated fips failures

-o file, --random-device=file

Kernel device used for random number output (default: /dev/random)

-r file, --rng-device=file

Kernel device used for random number input (default: /dev/hwrng)

-s nnn, --random-step=nnn

Number of bytes written to random-device at a time (default: 64)

-t,  --test

Enter test mode.  In this mode (which implies -f), all generated entropy is discarded and rngd reports the amount of entropy generated every second.

-e nnn, --entropy-count=nnn

Number of bits to consider random when adding entropy. 1<=e<=8 (default: 8)

-W n, --fill-watermark=nnn

Once we start doing it, feed entropy to random-device until at least fill-watermark bits of entropy are available in its entropy pool. By default, this value is set to 75% of the entropy pool size or 2048 bits if the entropy pool size couldn't be determined. Setting this too high will cause rngd to dominate the contents of the entropy pool.  Low values will hurt system performance during entropy starves.  Do not set fill-watermark above the size of the entropy pool (usually 256 bits).  A value of 0 to this option will cause no watermark to be set.

-R n, --force-reseed=nnn

For newer kernels which support non-blocking entropy pools, it is still beneficial to periodically add fresh entropy as a reseeding event. --force-reseed defines the number of seconds between which fresh entropy is added to the kernel entropy pool.  Defaults to 5 minutes.

-u,  --use-slow-sources

The entropy sources nist, jitter and pkcs11 are considered to be slow in providing entropy. By default their data is only used after all other sources failed to provide valid entropy  a 100 times over. With this option rngd always tries to gather entropy from these sources too.

-D,  --drop-privileges=user:group

Drop privileges to a user and a group specified after initialization. A user and a group can be specified as a name or as a numerical id and must be separated with a colon. A user and a group must exist. A default is not to drop privileges.

-q,  --quiet

Suppress all messages

-?,  --help

Give a short summary of all program options

-v,  --version

Print program version

Entropy Sources

Rngd is made up of multiple entropy sources, the data from which is aggregated and fed into the kernels entropy pool.  Note that not all entropy sources are available on all systems, and if an entropy source is enabled for a system on which it is not appropriate (or possible) to use, it may fail initialization.  It is not fatal to rngd for any single entropy source to fail during startup.  Only a single entropy sources is needed for rngd to operate. The following entropy sources are currently defined in rngd

Hardware RNG (hwrng)

The Hardware RNG is a generic entropy source that draws entropy from a hardware rng attached by default to /dev/hwrng

TPM (tpm)

Entropy drawn from on board TPM device.  Note this entropy source is deprecated and will be removed soon, as newer tpm devices export entropy via /dev/hwrng, which is collected by the hwrng source above

RDRAND/RDSEED (rdrand)

Entropy drawn from the RDRAND and RDSEED instructions (x86 only)

Options

use_aes - select if rdrand is used to seed a cprng to produce entropy, or if all entropy is drawn directly from rdrand instruction (default 0)

DARN (darn)

Entropy drawn from the DARN instruction (ppc64 only)

Options

use_aes - select if the power darn instruction is used to directly fill the entropy poll, or if it is used as a periodic seed to an aes based cprng (default 1)

RNDR (rndr)

Entropy drawn from the RNDR instruction (aarch64 only)

Options

use_aes - select if the arm rndr instruction is used to directly fill the entropy poll, or if it is used as a periodic seed to an aes based cprng (default 0)

NIST Entropy Beacon (nist)

Entropy gathered from the NIST network entropy beacon.  Note that this entropy source is disabled by default as it should never be used for cryptographic purposes, or any use case in which random data should be known only by a single entity.

Qrypt Entropy Beacon (qrypt)

Entropy gathered from the qrypt entropy beacon.  Note this beacon provides entropy to remote clients over a TLS connection.  As such this source should not be used for cryptographic operations unless the security of the network can be guaranteed against man in the middle and other network based attacks.

Options

tokenfile - Specify the file containing the access token to the Qrypt beacon

delay - Specify the maximum delay (in seconds) that the source will wait when there are temporary conditions preventing entropy retrieval before trying to fetch entropy again. The default maximum delay is eight hours, exponentially counting up from one second upwards, in powers of two.

JITTER (jitter)

Entropy gathered by measuring timing variance of operations on the local cpu

Options

thread_count - Set the number of threads that the jitter entropy source will spawn

buffer_size - Set the size of the buffer cache that each thread maintains

refill_thresh - Set the low watermark for the cache that triggers its corresponding thread to start refill operations

retry_count - If all entropy buffers are empty, retry this many times before giving up.  Note that jitterentropy can take several seconds to refill a buffer, and so retries after a delay may be preferable to repeatedly spining on an empty buffer (default 1)

retry_delay - between each retry for retry_count above, sleep for this many seconds. May also be the special value -1, representing adaptive sleep, where each retry delay will be half the recorded execution time of the last entropy gathering round (default -1)

force_soft_timer - on platforms with a hardware timer that is too coarse to sample jitter, we can instead use a software based timer loop.  Detection and use of this mechanism is automatic, but this can be useful for testing purposes

PKCS11 (pkcs11)

Entropy gathered via the opensc openssl engine, which can extract entropy from various smart card readers. Install a package for your distribution containing pkcs11 endpoint library to gather smartcard entropy. This is opensc for Fedora, opensc-pkcs11 for Debian/Ubuntu or another package containing opensc-pkcs11.so.

Options

engine_path - Set the patch for the pkcs11 engine DSO to load

chunk_size - Some pkcs11 engines have restrictions on how much data can be requested at a time, this option allows for the request to be subdivided into smaller chunks to be satisfied

RTLSDR (rtlsdr)

Entropy gathered via the rtl software defined radio library, which can gather entropy using various usb software defined radios listening to random radio static

Options

devid - When multiple devices are available the integer index of the device to use

freq_min - The minimum frequence range to scan in

freq_max - The maximum frequency range to scan in

sample_min - The minimum sample rate of the radio

sample_max - The maximum sample rate of the radio

Named pipe (namedpipe)

Reads entropy from a named pipe (aka FIFO). Another program, for example a driver reading and preparing data from an external hardware RNG, is expected to feed entropy into this named pipe. Should the named pipe be closed, rngd will try to reopen it.

Options

path - Path of the named pipe. Required.

timeout - Maximum time in seconds rngd waits until a full FIPS test buffer of entropy can be read. Defaults to 5.

Authors

Philipp Rumpf
Jeff Garzik - jgarzik@pobox.com
Matt Sottek
Brad Hill
Neil Horman - nhorman@tuxdriver.com

Referenced By

ipsec-ecdsasigkey(8), ipsec-rsasigkey(8), rngd_selinux(8), rngtest(1).

March 2001 rng-tools 6.17