1RNGD(8) System Manager's Manual RNGD(8)
2
6 rngd - Check and feed random data from hardware device to kernel random
7 device
8
11 rngd [-b, --background] [-f, --foreground] [-d, --debug] [-l, --list]
12 [-x, --exclude] [-n, --include] [-O, --option] [-i, --ignorefail] [-o,
13 --random-device=file] [-p, --pid-file=file] [-r, --rng-device=file]
14 [-s, --random-step=nnn] [-t, --test] [-W, --fill-watermark=nnn] [-R,
15 --force-reseed=nnn] [-D, --drop-privileges=user:group] [-q, --quiet]
16 [-?, --help] [-v, --version]
17
20 This daemon feeds data from a random number generator to the kernel's
21 random number entropy pool, after first checking the data to ensure
22 that it is properly random.
23 The -f or --foreground options can be used to tell rngd to avoid fork‐
25 ing on startup. This is typically used for debugging. The -b or
26 --background options, which fork and put rngd into the background auto‐
27 matically, are the default.
28 The -r or --rng-device options can be used to select an alternate
30 source of input, besides the default /dev/hwrng. The -o or --random-
31 device options can be used to select an alternate entropy output de‐
32 vice, besides the default /dev/random. Note that this device must sup‐
33 port the Linux kernel /dev/random ioctl API.
34
36 -b, --background
37 Become a daemon (default)
38 -f, --foreground
40 Do not fork and become a daemon
41 -d, --debug
43 Enable debug messages
44 -l, --list
46 List the indexes and names of available entropy sources. Exit
47 code when listing sources is 0 if at least 1 entropy source was
48 found and initialized, 1 otherwise.
49 -x, --exclude
51 Disable entropy sources based on index or (shortname) reported
52 from --list option
53 -n, --include
55 Enable entropy sources based on index or (shortname) reported
56 from --list option
57 -O, --option
59 Provide specific config options to individual entropy sources,
60 in the format --option [index|shortname]:key:value. See Entropy
61 Sources section below for indices and source specific options.
62 Note that specifying -O [<index>|<shortname>] will print the
63 available options for that index to the console.
64 -p file, --pid-file=file
66 File used for recording daemon PID, and multiple exclusion (de‐
67 fault: /var/run/rngd.pid)
68 -i, --ignorefail
70 Ignore repeated fips failures
71 -o file, --random-device=file
73 Kernel device used for random number output (default: /dev/ran‐
74 dom)
75 -r file, --rng-device=file
77 Kernel device used for random number input (default: /dev/hwrng)
78 -s nnn, --random-step=nnn
80 Number of bytes written to random-device at a time (default: 64)
81 -t, --test
83 Enter test mode. In this mode (which implies -f), all generated
84 entropy is discarded and rngd reports the amount of entropy gen‐
85 erated every second.
86 -e nnn, --entropy-count=nnn
88 Number of bits to consider random when adding entropy. 1<=e<=8
89 (default: 8)
90 -W n, --fill-watermark=nnn
92 Once we start doing it, feed entropy to random-device until at
93 least fill-watermark bits of entropy are available in its en‐
94 tropy pool. By default, this value is set to 75% of the entropy
95 pool size or 2048 bits if the entropy pool size couldn't be de‐
96 termined. Setting this too high will cause rngd to dominate the
97 contents of the entropy pool. Low values will hurt system per‐
98 formance during entropy starves. Do not set fill-watermark
99 above the size of the entropy pool (usually 4096 bits). A value
100 of 0 to this option will cause no watermark to be set.
101 -R n, --force-reseed=nnn
103 For newer kernels which support non-blocking entropy pools, it
104 is still beneficial to periodically add fresh entropy as a re‐
105 seeding event. --force-reseed defines the number of seconds be‐
106 tween which fresh entropy is added to the kernel entropy pool.
107 Defaults to 5 minutes.
108 -D, --drop-privileges=user:group
110 Drop privileges to a user and a group specified after initial‐
111 ization. A user and a group can be specified as a name or as a
112 numerical id and must be separated with a colon. A user and a
113 group must exist. A default is not to drop privileges.
114 -q, --quiet
116 Suppress all messages
117 -?, --help
119 Give a short summary of all program options
120 -v, --version
122 Print program version
123
126 Rngd is made up of multiple entropy sources, the data from which is
127 aggregated and fed into the kernels entropy pool. Note that not all
128 entropy sources are available on all systems, and if an entropy source
129 is enabled for a system on which it is not appropriate (or possible) to
130 use, it may fail initialization. It is not fatal to rngd for any sin‐
131 gle entropy source to fail during startup. Only a single entropy
132 sources is needed for rngd to operate. The following entropy sources
133 are currently defined in rngd
134 Hardware RNG (hwrng)
137 The Hardware RNG is a generic entropy source that draws entropy
138 from a hardware rng attached by default to /dev/hwrng
139 TPM (tpm)
142 Entropy drawn from on board TPM device. Note this entropy
143 source is deprecated and will be removed soon, as newer tpm de‐
144 vices export entropy via /dev/hwrng, which is collected by the
145 hwrng source above
146 RDRAND/RDSEED (rdrand)
149 Entropy drawn from the RDRAND and RDSEED instructions (x86 only)
150 Options
152 use_aes - select if rdrand is used to seed a cprng to produce
154 entropy, or if all entropy is drawn directly from rdrand in‐
155 struction (default 0)
156 DARN (darn)
159 Entropy drawn from the DARN instruction (ppc64 only)
160 Options
162 use_aes - select if the power darn instruction is used to di‐
164 rectly fill the entropy poll, or if it is used as a periodic
165 seed to an aes based cprng (default 1)
166 RNDR (rndr)
169 Entropy drawn from the RNDR instruction (aarch64 only)
170 Options
173 use_aes - select if the arm rndr instruction is used to di‐
175 rectly fill the entropy poll, or if it is used as a periodic
176 seed to an aes based cprng (default 0)
177 NIST Entropy Beacon (nist)
180 Entropy gathered from the NIST network entropy beacon. Note
181 that this entropy source is disabled by default as it should
182 never be used for cryptographic purposes, or any use case in
183 which random data should be known only by a single entity.
184 Qrypt Entropy Beacon (qrypt)
187 Entropy gathered from the qrypt entropy beacon. Note this bea‐
188 con provides entropy to remote clients over a TLS connection.
189 As such this source should not be used for cryptographic opera‐
190 tions unless the security of the network can be guaranteed
191 against man in the middle and other network based attacks.
192 Options
195 tokenfile - Specify the file containing the access token to the
196 Qrypt beacon
197 delay - Specify the maximum delay (in seconds) that the source
199 will wait when there are temporary conditions preventing entropy
200 retrieval before trying to fetch entropy again. The default max‐
201 imum delay is eight hours, exponentially counting up from one
202 second upwards, in powers of two.
203 JITTER (jitter)
206 Entropy gathered by measuring timing variance of operations on
207 the local cpu
208 Options
210 thread_count - Set the number of threads that the jitter en‐
211 tropy source will spawn
212 buffer_size - Set the size of the buffer cache that each thread
214 maintains
215 refill_thresh - Set the low watermark for the cache that trig‐
217 gers its corresponding thread to start refill operations
218 retry_count - If all entropy buffers are empty, retry this many
220 times before giving up. Note that jitterentropy can take sev‐
221 eral seconds to refill a buffer, and so retries after a delay
222 may be preferable to repeatedly spining on an empty buffer (de‐
223 fault 1)
224 retry_delay - between each retry for retry_count above, sleep
226 for this many seconds. May also be the special value -1, repre‐
227 senting adaptive sleep, where each retry delay will be half the
228 recorded execution time of the last entropy gathering round (de‐
229 fault -1)
230 force_soft_timer - on platforms with a hardware timer that is
232 too coarse to sample jitter, we can instead use a software based
233 timer loop. Detection and use of this mechanism is automatic,
234 but this can be useful for testing purposes
235 PKCS11 (pkcs11)
238 Entropy gathered via the opensc openssl engine, which can ex‐
239 tract entropy from various smart card readers
240 Options
242 engine_path - Set the patch for the pkcs11 engine DSO to load
243 chunk_size - Some pkcs11 engines have restrictions on how much
245 data can be requested at a time, this option allows for the re‐
246 quest to be subdivided into smaller chunks to be satisfied
247 RTLSDR (rtlsdr)
250 Entropy gathered via the rtl software defined radio library,
251 which can gather entropy using various usb software defined ra‐
252 dios listening to random radio static
253 Options
255 devid - When multiple devices are available the integer index
256 of the device to use
257 freq_min - The minimum frequence range to scan in
259 freq_max - The maximum frequency range to scan in
261 sample_min - The minimum sample rate of the radio
263 sample_max - The maximum sample rate of the radio
265
268 Philipp Rumpf
269 Jeff Garzik - jgarzik@pobox.com
270 Matt Sottek
271 Brad Hill
272 Neil Horman - nhorman@tuxdriver.com
273rng-tools 6.15 March 2001 RNGD(8)