1RNGD(8)                     System Manager's Manual                    RNGD(8)
2
3
4

NAME

6       rngd - Check and feed random data from hardware device to kernel random
7       device
8
9

SYNOPSIS

11       rngd [-b, --background] [-f, --foreground] [-d, --debug]  [-l,  --list]
12       [-x,  --exclude] [-n, --include] [-O, --option] [-i, --ignorefail] [-o,
13       --random-device=file]  [-p,  --pid-file=file]  [-r,  --rng-device=file]
14       [-s,  --random-step=nnn]  [-t,  --test] [-W, --fill-watermark=nnn] [-q,
15       --quiet] [-?, --help] [-V, --version]
16
17

DESCRIPTION

19       This daemon feeds data from a random number generator to  the  kernel's
20       random  number  entropy  pool,  after first checking the data to ensure
21       that it is properly random.
22
23       The -f or --foreground options can be used to tell rngd to avoid  fork‐
24       ing  on  startup.   This  is  typically  used for debugging.  The -b or
25       --background options, which fork and put rngd into the background auto‐
26       matically, are the default.
27
28       The  -r  or  --rng-device  options  can  be used to select an alternate
29       source of input, besides the default /dev/hwrng.  The -o  or  --random-
30       device  options  can  be  used  to  select  an alternate entropy output
31       device, besides the default /dev/random.  Note that  this  device  must
32       support the Linux kernel /dev/random ioctl API.
33

OPTIONS

35       -b, --background
36              Become a daemon (default)
37
38       -f, --foreground
39              Do not fork and become a daemon
40
41       -d, --debug
42              Enable debug messages
43
44       -l, --list
45              List  the  indexes  and names of available entropy sources. Exit
46              code when listing sources is 0 if at least 1 entropy source  was
47              found and initialized, 1 otherwise.
48
49       -x, --exclude
50              Disable  entropy  sources based on index or (shortname) reported
51              from --list option
52
53       -n, --include
54              Enable entropy sources based on index  or  (shortname)  reported
55              from --list option
56
57       -O, --option
58              Provide  specific  config options to individual entropy sources,
59              in the format --option [index|shortname]:key:value.  See Entropy
60              Sources  section below for indicies and source specific options.
61              Note that specifying -O  [<index>|<shortname>]  will  print  the
62              available options for that index to the console
63
64       -p file, --pid-file=file
65              File  used  for  recording  daemon  PID,  and multiple exclusion
66              (default: /var/run/rngd.pid)
67
68       -i, --ignorefail
69              Ignore repeated fips failures
70
71       -o file, --random-device=file
72              Kernel device used for random number output (default:  /dev/ran‐
73              dom)
74
75       -r file, --rng-device=file
76              Kernel device used for random number input (default: /dev/hwrng)
77
78       -s nnn, --random-step=nnn
79              Number of bytes written to random-device at a time (default: 64)
80
81       -t, --test
82              Enter test mode.  In this mode (which implies -f), all generated
83              entropy is discarded and rngd reports the amount of entropy gen‐
84              erated every second
85
86       -e nnn, --entropy-count=nnn
87              Number  of  bits to consider random when adding entropy. 1<=e<=8
88              (default: 8)
89
90       -W n, --fill-watermark=nnn
91              Once we start doing it, feed entropy to random-device  until  at
92              least  fill-watermark  bits  of  entropy  are  available  in its
93              entropy pool.  By default, this value  is  set  to  75%  of  the
94              entropy pool size or 2048 bits if the entropy pool size couldn't
95              be determined.  Setting this too high will cause rngd  to  domi‐
96              nate  the  contents  of  the entropy pool.  Low values will hurt
97              system performance during entropy starves.   Do  not  set  fill-
98              watermark  above  the  size  of  the  entropy pool (usually 4096
99              bits).
100
101       -q, --quiet
102              Suppress all messages
103
104       -?, --help
105              Give a short summary of all program options.
106
107       -V, --version
108              Print program version
109
110

ENTROPY SOURCES

112       Hardware RNG (hwrng) [Index 0]
113              The Hardware RNG is a generic entropy source that draws  entropy
114              from a hardware rng attached by default to /dev/hwrng
115
116
117       TPM (tpm) [Index 1]
118              Entropy  drawn  from  on  board  TPM  device.  Note this entropy
119              source is deprecated and will be  removed  soon,  as  newer  tpm
120              devices export entropy via /dev/hwrng, which is collected by the
121              hwrng source above
122
123
124       RDRAND/RDSEED (rdrand) [Index 2]
125              Entropy drawn from the RDRAND and RDSEED instructions (x86 only)
126
127       Options
128
129              use_aes -  select if rdrand is used to seed a cprng  to  produce
130              entropy,  or  if  all  entropy  is  drawn  directly  from rdrand
131              instruction (default 0)
132
133
134       DARN (darn) [Index 3]
135              Entropy drawn from the DARN instruction (ppc64 only)
136
137       Options
138
139              use_aes -  select if the  power  darn  instruction  is  used  to
140              directly  fill  the entropy poll, or if it is used as a periodic
141              seed to an aes based cprng (default 1)
142
143
144       NIST Entropy Beacon (nist) [Index 4]
145              Entropy gathered from the NIST  network  entropy  beacon.   Note
146              that  this  entropy  source  is disabled by default as it should
147              never be used for cryptographic purposes, or  any  use  case  in
148              which random data should be known only by a single entity.
149
150
151       JITTER (jitter) [Index 5]
152              Entropy  gathered  by measuring timing variance of operations on
153              the local cpu
154
155       Options
156              thread_count -  Set  the  number  of  threads  that  the  jitter
157              entropy source will spawn
158
159              buffer_size -  Set the size of the buffer cache that each thread
160              maintains
161
162              refill_thresh -  Set the low watermark for the cache that  trig‐
163              gers its corresponding thread to start refill operations
164
165              retry_count -  If all entropy buffers are empty, retry this many
166              times before giving up.  Note that jitterentropy can  take  sev‐
167              eral  seconds  to  refill a buffer, and so retries after a delay
168              may be preferable to  repeatedly  spining  on  an  empty  buffer
169              (default 1)
170
171              retry_delay  -   between each retry for retry_count above, sleep
172              for this many seconds. May also be the special value -1,  repre‐
173              senting  adaptive sleep, where each retry delay will be half the
174              recorded execution time of  the  last  entropy  gathering  round
175              (default -1)
176
177
178       PKCS11 (pkcs11) [Index 6]
179              Entropy  gathered  via  the  opensc  openssl  engine,  which can
180              extract entropy from various smart card readers
181
182       Options
183              engine_path -  Set the patch for the pkcs11 engine DSO to load
184
185              chunk_size -  Some pkcs11 engines have restrictions on how  much
186              data  can  be  requested  at  a time, this option allows for the
187              request to be subdivided into smaller chunks to be satisfied
188
189

AUTHORS

191       Philipp Rumpf
192       Jeff Garzik - jgarzik@pobox.com
193       Matt Sottek
194       Brad Hill
195       Neil Horman - nhorman@tuxdriver.com
196
197
198
199rng-tools 6.7                     March 2001                           RNGD(8)
Impressum