Hi all, Using Fedora 29 on Raspberry Pi 3 I seem to have a problem using rndg:
uname -aLinux replica.blabla.bla 4.18.16-300.fc29.aarch64 #1 SMP Sat Oct 20 23:12:22 UTC 2018 aarch64 aarch64 aarch64 GNU/Linuxcat /etc/redhat-release Fedora release 29 (Twenty Nine) rngd is running:ps -ef | grep rngroot 4710 4409 13 10:57 pts/1 00:00:47 rngd -f -r /dev/hwrng -o /dev/random The module to support bcm2835 hardware is loaded:lsmod | grep rngbcm2835_rng 16384 0 However, rng is painfully slow: time rngtest -c 10 < /dev/randomrngtest 6Copyright (c) 2004 by Henrique de Moraes HolschuhThis is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests...rngtest: bits received from input: 200032rngtest: FIPS 140-2 successes: 10rngtest: FIPS 140-2 failures: 0rngtest: FIPS 140-2(2001-10-10) Monobit: 0rngtest: FIPS 140-2(2001-10-10) Poker: 0rngtest: FIPS 140-2(2001-10-10) Runs: 0rngtest: FIPS 140-2(2001-10-10) Long run: 0rngtest: FIPS 140-2(2001-10-10) Continuous run: 0rngtest: input channel speed: (min=2.201; avg=5.458; max=380.585)Kibits/srngtest: FIPS tests speed: (min=28.132; avg=28.328; max=28.468)Mibits/srngtest: Program run time: 35792670 microseconds real 0m35.801suser 0m0.001ssys 0m0.071s
Running CentOS 7.5 on an older Raspberry Pi 2 will do much much faster: ps -ef | grep rngdroot 14024 1 1 10:54 ? 00:00:14 /sbin/rngd -f -r /dev/hwrng -o /dev/random
time rngtest -c 10 < /dev/randomrngtest 5Copyright (c) 2004 by Henrique de Moraes HolschuhThis is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests...rngtest: bits received from input: 200032rngtest: FIPS 140-2 successes: 10rngtest: FIPS 140-2 failures: 0rngtest: FIPS 140-2(2001-10-10) Monobit: 0rngtest: FIPS 140-2(2001-10-10) Poker: 0rngtest: FIPS 140-2(2001-10-10) Runs: 0rngtest: FIPS 140-2(2001-10-10) Long run: 0rngtest: FIPS 140-2(2001-10-10) Continuous run: 0rngtest: input channel speed: (min=135.793; avg=166.586; max=191.200)Kibits/srngtest: FIPS tests speed: (min=22.076; avg=22.243; max=22.334)Mibits/srngtest: Program run time: 1181718 microseconds real 0m1.192suser 0m0.002ssys 0m0.141s Whatś happening here? It seems like the bcm2835_rng is not picked up; despite the module is loaded. Hope someone can help! Winfried
Hi,
Comments below.
Using Fedora 29 on Raspberry Pi 3 I seem to have a problem using rndg:
uname -a Linux replica.blabla.bla 4.18.16-300.fc29.aarch64 #1 SMP Sat Oct 20 23:12:22 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux cat /etc/redhat-release Fedora release 29 (Twenty Nine)
rngd is running: ps -ef | grep rng root 4710 4409 13 10:57 pts/1 00:00:47 rngd -f -r /dev/hwrng -o /dev/random
The module to support bcm2835 hardware is loaded: lsmod | grep rng bcm2835_rng 16384 0
However, rng is painfully slow:
time rngtest -c 10 < /dev/random rngtest 6 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests... rngtest: bits received from input: 200032 rngtest: FIPS 140-2 successes: 10 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=2.201; avg=5.458; max=380.585)Kibits/s rngtest: FIPS tests speed: (min=28.132; avg=28.328; max=28.468)Mibits/s rngtest: Program run time: 35792670 microseconds
real 0m35.801s user 0m0.001s sys 0m0.071s
Running CentOS 7.5 on an older Raspberry Pi 2 will do much much faster:
ps -ef | grep rngd root 14024 1 1 10:54 ? 00:00:14 /sbin/rngd -f -r /dev/hwrng -o /dev/random
time rngtest -c 10 < /dev/random rngtest 5 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests... rngtest: bits received from input: 200032 rngtest: FIPS 140-2 successes: 10 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=135.793; avg=166.586; max=191.200)Kibits/s rngtest: FIPS tests speed: (min=22.076; avg=22.243; max=22.334)Mibits/s rngtest: Program run time: 1181718 microseconds
real 0m1.192s user 0m0.002s sys 0m0.141s
Whatś happening here? It seems like the bcm2835_rng is not picked up; despite the module is loaded.
So running the above test on my RPi3 with ARMv7 (so 32 bit mode) I see the following output that it detects and is using the HW RNG:
# rngd -l Entropy sources that are available but disabled 4: NIST Network Entropy Beacon Available and enabled entropy sources: 0: Hardware RNG Device 5: JITTER Entropy generator
And the test is running faster for me than your one on CentOS: # time rngtest -c 10 < /dev/random rngtest 6 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests... rngtest: bits received from input: 200032 rngtest: FIPS 140-2 successes: 10 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=2.430; avg=6.029; max=444.518)Kibits/s rngtest: FIPS tests speed: (min=51.690; avg=53.941; max=54.967)Mibits/s rngtest: Program run time: 32397649 microseconds
real 0m32.408s user 0m0.004s sys 0m0.056s
I wonder if this is an issue with aarch64, the CentOS image on the RPi2 is obviously ARMv7, could you test a Fedora 29 ARMv7 image on the Raspberry Pi 3 to see if that might be the issue?
Peter
Hi all,
I will give it a try on ARMv7; I'll come back to this soon.
Winfried
Peter Robinson schreef op di 13-11-2018 om 12:00 [+0000]:
I wonder if this is an issue with aarch64, the CentOS image on the RPi2 is obviously ARMv7, could you test a Fedora 29 ARMv7 image on the Raspberry Pi 3 to see if that might be the issue?