Hi,
Comments below.
Using Fedora 29 on Raspberry Pi 3 I seem to have a problem using
rndg:
uname -a
Linux replica.blabla.bla 4.18.16-300.fc29.aarch64 #1 SMP Sat Oct 20 23:12:22 UTC 2018
aarch64 aarch64 aarch64 GNU/Linux
cat /etc/redhat-release
Fedora release 29 (Twenty Nine)
rngd is running:
ps -ef | grep rng
root 4710 4409 13 10:57 pts/1 00:00:47 rngd -f -r /dev/hwrng -o /dev/random
The module to support bcm2835 hardware is loaded:
lsmod | grep rng
bcm2835_rng 16384 0
However, rng is painfully slow:
time rngtest -c 10 < /dev/random
rngtest 6
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not
even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.201; avg=5.458; max=380.585)Kibits/s
rngtest: FIPS tests speed: (min=28.132; avg=28.328; max=28.468)Mibits/s
rngtest: Program run time: 35792670 microseconds
real 0m35.801s
user 0m0.001s
sys 0m0.071s
Running CentOS 7.5 on an older Raspberry Pi 2 will do much much faster:
ps -ef | grep rngd
root 14024 1 1 10:54 ? 00:00:14 /sbin/rngd -f -r /dev/hwrng -o
/dev/random
time rngtest -c 10 < /dev/random
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not
even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=135.793; avg=166.586; max=191.200)Kibits/s
rngtest: FIPS tests speed: (min=22.076; avg=22.243; max=22.334)Mibits/s
rngtest: Program run time: 1181718 microseconds
real 0m1.192s
user 0m0.002s
sys 0m0.141s
Whatś happening here? It seems like the bcm2835_rng is not picked up; despite the module
is loaded.
So running the above test on my RPi3 with ARMv7 (so 32 bit mode) I see
the following output that it detects and is using the HW RNG:
# rngd -l
Entropy sources that are available but disabled
4: NIST Network Entropy Beacon
Available and enabled entropy sources:
0: Hardware RNG Device
5: JITTER Entropy generator
And the test is running faster for me than your one on CentOS:
# time rngtest -c 10 < /dev/random
rngtest 6
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.430; avg=6.029; max=444.518)Kibits/s
rngtest: FIPS tests speed: (min=51.690; avg=53.941; max=54.967)Mibits/s
rngtest: Program run time: 32397649 microseconds
real 0m32.408s
user 0m0.004s
sys 0m0.056s
I wonder if this is an issue with aarch64, the CentOS image on the
RPi2 is obviously ARMv7, could you test a Fedora 29 ARMv7 image on the
Raspberry Pi 3 to see if that might be the issue?
Peter