<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
oh, I then saw entropy drop down to 900 and now it is back up to
1023. Obviously some process wants randomness everysooften and
drains the random pool. You might have something hitting you hard.<br>
<br>
<div class="moz-cite-prefix">On 04/21/2017 09:32 AM, Robert
Moskowitz wrote:<br>
</div>
<blockquote
cite="mid:29a47aa3-1c12-0684-1869-46ed904a78ab@htt-consult.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
I find this very interesting point. I have done a bit of research
into entropy_avail and for example,<br>
<br>
Cat /dev/random can empty it. I went for > 2080 on my
Cubieboard2 to Zero, it is now back up to 870.<br>
<br>
<div class="moz-cite-prefix">On 04/17/2017 11:39 AM, SW@EU wrote:<br>
</div>
<blockquote
cite="mid:tCybeRbgQFO4hGBYz6bk71UfOP7CCB_c7nR2_LcwlBW9ydxNp1qGGaHPlEFKo9zAgfrAcsceBh0vfb1qsftGNdwQuGdlNe2ojkbe0vSBBhk=@protonmail.com"
type="cite">
<div><span class="colour" style="color:rgb(0, 0, 0)"><span
class="font" style="font-family:Helvetica"><span
class="size" style="font-size:12px">Hi,</span></span></span><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">today I will report a problem that is
released to ipa-server. This server contains a certificate
authority and such service need many entropy. The default on
CentOS 7 on a Banana PI is not enough, i.e. $(cat
/proc/sys/kernel/random/entropy_avail) is less than 1000.<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">I have solved this in meantime by installing
and enabling of haveged from the EPEL repository. Normally it
would be done by installing the rng-tools. But there are two
problems:<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">1. The rng-tools was not in the
repositories, so I have
downloaded rng-tools-5-8.fc24.armv7hl.rpm because this are the
same version which is included in CentOS 7.3 for x86_64.<br>
</div>
</blockquote>
<br>
You can find the Centos rng-tools at:<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://armv7.dev.centos.org/repodir/c7-pass-1/rng-tools/5-2.el7/armv7hl/rng-tools-5-2.el7.armv7hl.rpm">https://armv7.dev.centos.org/repodir/c7-pass-1/rng-tools/5-2.el7/armv7hl/rng-tools-5-2.el7.armv7hl.rpm</a><br>
<br>
Unfortunately, there are a lot of EPEL rpms that did not make it
into the repo.<br>
<br>
<blockquote
cite="mid:tCybeRbgQFO4hGBYz6bk71UfOP7CCB_c7nR2_LcwlBW9ydxNp1qGGaHPlEFKo9zAgfrAcsceBh0vfb1qsftGNdwQuGdlNe2ojkbe0vSBBhk=@protonmail.com"
type="cite">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">2. This rng-tools are usable but the daemon
starts and stops immediately with the following error message:<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">
<div># rngd -v<br>
</div>
<div>/dev/hwrng: No such device<br>
</div>
<div>/dev/tpm0: No such file or directory<br>
</div>
<div>No entropy sources found, exiting<br>
</div>
</div>
</blockquote>
<br>
I now get:<br>
<br>
# rngd -v<br>
read error<br>
<br>
read error<br>
<br>
Available entropy sources:<br>
Intel/AMD hardware rng<br>
<br>
Wow, entropy_avail is now up to 1052! Looks like since I added
rng-tools things are looking up. I am going to add this to my
howto...<br>
<br>
<blockquote
cite="mid:tCybeRbgQFO4hGBYz6bk71UfOP7CCB_c7nR2_LcwlBW9ydxNp1qGGaHPlEFKo9zAgfrAcsceBh0vfb1qsftGNdwQuGdlNe2ojkbe0vSBBhk=@protonmail.com"
type="cite">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">This is not the problem of this binary it is
a problem of the Kernel. /dev/hwrng exists and if I remove it
then it reappears after reboot, but<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">
<div># ls -l /dev/hwrng<br>
</div>
<div>crw-------. 1 root root 10, 183 1. Jan 1970 /dev/hwrng<br>
</div>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;"># udevadm
info -a -n /dev/hwrng</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal; min-height: 13px;"><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">Udevadm
info starts with the device specified by the devpath
and then</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">walks
up the chain of parent devices. It prints for every
device</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">found,
all possible attributes in the udev rules key format.</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">A
rule to match, can be composed by the attributes of
the device</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">and
the attributes from one single parent device.</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal; min-height: 13px;"><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;"> looking
at device '/devices/virtual/misc/hw_random':</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">
KERNEL=="hw_random"</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">
SUBSYSTEM=="misc"</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">
DRIVER==""</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">
ATTR{rng_current}=="none"</span></span></span><br>
</p>
<p style="margin: 0px; line-height: normal;"><span
class="font" style="font-family:Menlo"><span class="size"
style="font-size:11px"><span
style="font-variant-ligatures: no-common-ligatures;">
ATTR{rng_available}==""</span></span></span><br>
</p>
</div>
</blockquote>
<br>
I get the same results. Try the Centos rng-tools and see if it
makes a difference on your BPi.<br>
<br>
<blockquote
cite="mid:tCybeRbgQFO4hGBYz6bk71UfOP7CCB_c7nR2_LcwlBW9ydxNp1qGGaHPlEFKo9zAgfrAcsceBh0vfb1qsftGNdwQuGdlNe2ojkbe0vSBBhk=@protonmail.com"
type="cite">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><span style="font-variant-ligatures:
no-common-ligatures;"> </span><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><span style="font-variant-ligatures:
no-common-ligatures;">there is no driver for this device. I
have searched and found this link <a moz-do-not-send="true"
href="http://forum.lemaker.org/thread-23618-1-1.html">http://forum.lemaker.org/thread-23618-1-1.html</a>
which includes a link to the full story. If I read all right
then on bananian </span>/dev/hwrng appears only if the
adapted or a more actual sun4i-ss.ko module is loaded (there
is written: "module author has indicated this will be going
into the mainline kernel shortly“). This module is also loaded
on a Banana PI with current CentOS 7. So does the kernel of
CentOS 7.3 for ARM32 include this patch and if yes why it does
not work or otherwise why this device appears but has no
driver?<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">TIA,<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;">Silvio<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px;"><br>
</div>
<div class="protonmail_signature_block ">
<div class="protonmail_signature_block-user
protonmail_signature_block-empty"><br>
</div>
<div class="protonmail_signature_block-proton ">Sent with <a
moz-do-not-send="true" href="https://protonmail.com">ProtonMail</a>
Secure Email. <br>
</div>
</div>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Arm-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Arm-dev@centos.org">Arm-dev@centos.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/arm-dev">https://lists.centos.org/mailman/listinfo/arm-dev</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Arm-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Arm-dev@centos.org">Arm-dev@centos.org</a>
<a class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/arm-dev">https://lists.centos.org/mailman/listinfo/arm-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>