Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: nothing contributing entropy in Xen domUs? or dom0!!!
On Wed, 31 Mar 2021, Greg A. Woods wrote:
collect and "estimate" _and_ despite the fact there's a valid-looking
$random_file that was saved and reloaded by /etc/rc.d/random_seed (and
saved again every day by /etc/security):
# ls -l /etc/entropy-file
-rw------- 1 root wheel 536 Mar 31 04:15 /etc/entropy-file
# rndctl -l
Source Bits Type Flags
/dev/random 0 ??? estimate, collect, v
seed 0 ??? estimate, collect, v
Does this /etc/entropy-file match what's there in your /boot.cfg?
On my laptop $random_file is left at the default which is:
/var/db/entropy-file
The kernel loads this file as directed by /boot.cfg:
$ cat /boot.cfg
menu=Boot normally:rndseed /var/db/entropy-file;boot
menu=Boot single user:rndseed /var/db/entropy-file;boot -s
menu=Drop to boot prompt:prompt
default=1
timeout=5
clear=1
$ fgrep seed /var/run/dmesg.boot
entropy: entering seed from bootloader with 256 bits of entropy
$
You can see this as `seed':
$ sudo rndctl -l | egrep 'Source|/random|seed'
Source Bits Type Flags
/dev/random 0 ??? estimate, collect, v
seed 256 ??? estimate, collect, v
$
And after running a script to feed true RNs into /dev/random,
that, too, is seeded:
$ rndseed.sh
$ sudo rndctl -l | egrep 'Source|/random|seed'
Source Bits Type Flags
/dev/random 1024 ??? estimate, collect, v
seed 256 ??? estimate, collect, v
$
$ cat ~/bin/rndseed.sh
#!/bin/sh
set -eu
sudo -v
curl -G -s -S -d nbytes=128 -d fmt=bin \
-d apikey=HB16tJ1vyL8SG3BGaN0bFXG6znB \
https://www.fourmilab.ch/cgi-bin/Hotbits.api |
sudo dd of=/dev/random msgfmt=quiet
if [ $(expr $(uname -r) : '\([0-9.][0-9.]*\)') != 9.1 ]
then sudo sysctl -w kern.entropy.consolidate=1
fi
$
Hope that helps.
-RVP
PS. Generate an API key here: https://fourmilab.ch/hotbits/
Home |
Main Index |
Thread Index |
Old Index