06-04-2018, 02:05 AM
(This post was last modified: 06-04-2018, 02:38 AM by scalextrix.)
(06-04-2018, 12:42 AM)MichaelRock Wrote: I've tried on my DietPi. I took my shovel and dig dig and dig again
Quote:cat /etc/debian_version
9.4
apt-cache search rng-tool
rng-tools - Daemon to use a Hardware TRNG
rng-tools5 - Daemon to use a Hardware TRNG
after install of rng-tools package:
Quote:Job for rng-tools.service failed because the control process exited with error code.
See "systemctl status rng-tools.service" and "journalctl -xe" for details.
invoke-rc.d: initscript rng-tools, action "start" failed.
● rng-tools.service
Loaded: loaded (/etc/init.d/rng-tools; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2018-06-03 18:55:19 BST; 29ms ago
Docs: manystemd-sysv-generator(8)
Process: 3134 ExecStart=/etc/init.d/rng-tools start (code=exited, status=1/FAILURE)
Jun 03 18:55:19 DietPi systemd[1]: Starting rng-tools.service...
Jun 03 18:55:19 DietPi rng-tools[3134]: Starting Hardware RNG entropy gather…d).
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Control process exite…us=1
Jun 03 18:55:19 DietPi systemd[1]: Failed to start rng-tools.service.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Unit entered failed state.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Failed with result 'e…de'.
Hint: Some lines were ellipsized, use -l to show in full.
Processing triggers for systemd (232-25+deb9u3) ...
random number generator devices:
Quote:using /dev/random:If it has hardware support, cat should print random characters on the terminal as it does with /dev/random.
dietpi@DietPi:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: rngd.
using /dev/hwrng:
dietpi@DietPi:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: (failed).
sudo cat /dev/hwrng
cat: /dev/hwrng: No such device
Kernel stuff:
Quote:kernel config:
/boot/config-4.4.77-rockchip-ayufan-136
inside the file, there are only these two about random stuff:
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TPM=y
modules:
find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname 'hw_random'
dietpi@DietPi:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*hw_random*'
dietpi@DietPi:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*random*'
dietpi@DietPi:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*rng*'
=> no related module found
in config file on github:
no support for RK3328 chip HRNG
didn't found anything which shows Linux Kernel actually support Cortex A53 H/TRNG
dietpi@DietPi:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/
842.ko lz4hc.ko pcrypt.ko
async_tx/ lz4.ko poly1305_generic.ko
chacha20_generic.ko lzo.ko rsa_generic.ko
chacha20poly1305.ko md4.ko zlib.ko
dietpi@DietPi:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/async_tx/
async_memcpy.ko async_pq.ko async_raid6_recov.ko async_tx.ko async_xor.ko
Perhaps one of these related to HRNG, need more investigations.
Bad thing with ayufan work:
source:
linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
linux-source - Linux kernel source (meta-package)
linux-source-4.16 - Linux kernel source for version 4.16 with Debian patches
???
dpkg -l '*linux*image*'|grep ii
ii linux-image-4.4.77-rockchip-ayufan-136 0.5.15 arm64 Linux kernel, version 4.4.77-rockchip-ayufan-136
He did not make proper debianized package of sourcesvery very unfortunate for us, despite it's not that hard, all work has been already done and it's just a matter of few commands to run. Looks like we've got to deal with source trunk only and binary package.
I've also did some research on Cortex A53 support in Linux, there are not that much avaialble
An interesting link to check on kernel config: https://cateee.net/lkddb/web-lkddb/HW_RANDOM.html
So, unless you ABSOLUTELY need HRNG, I believe you'd better move on and try alternatives like pandom. Hope this help.
Thanks for your work. Im using my ROCK 64 to run cryprocurrency wallets, the private keys should be generated from a very strong source of entropy, to prevent them being computed by an attacker. In reality this is highly unlikley and for now the PRNG is probably fine.
Its a little unfortunate to have a hardware RNG available, but for it to be un-usable, hopefully it gets fixed, raised a github issue so perhaps in time it will be resolved.
