How can I know whether my machine have RNG hardware support?

random-number-generator

I came across a blog concerning entropy pool problem and learn that there are a special hardware called RNG. I have read this kernel RNG page but I still wonder whether there is a way to find out if my server support hardware RNG or not.


There are two likely types of "real" hardware RNG: a CPU based one, and a chipset or PCI based one. (There are also a few USB hardware RNGs, but I suspect you'd have noticed one of those ;-)

The following is Linux specific.

For CPU based ones, you can check /proc/cpuinfo for clues, assuming your kernel is new enough to detect them. For Intel CPUs the flag is rdrand, more info here: https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean

For chipset ones, if you have CONFIG_HW_RANDOM enabled in your kernel and the per-vendor support CONFIG_HW_RANDOM_INTEL ..._AMD etc. then your boot messages should indicate if any were found (e.g. "Intel 82802 RNG detected"). If they are present as modules you can try (modprobe intel-rng) to see if it loads, "No such device" indicates no detected hardware. Not all drivers consistently print "RNG detected" or "not detected", so you may end up reading the sources (/drivers/char/hw_random/ directory of the kernel source).

For others, you can check lspci -v to see what's recognised.


To find out you have RNG do the following:

1) List all modules having "rng" in its name:

cat /proc/modules | grep -i rng

2) If you have any you will get a result like this 

tpm_rng 16384 0 - Live 0xffffff......

3) Make sure to enable or load it using modprobe at this time:

modprobe tpm_rng

UPDATE: Regarding step (1), for me modprobe -l was not working in ubuntu 16 that's why I tried to look for inside "/proc/modules" but if it works with you then it's fine .. Recently I've searched and get to know all modules are resident inside /lib/modules/$(uname -r) so you could also use the following which is better:

cat /lib/modules/$(uname -r)/modules.dep | grep -i rng.*.ko

On recent kernels, you can check here:

$ cat /sys/devices/virtual/misc/hw_random/rng_current 
virtio_rng.0

If that file exists and doesn't say none, then basically you have an rng present. (in this case, it is a virtual machine where the host provides a random source)

Also to see what is available (this example from a modern intel machine, also with a ChaosKey hardware rng connected)

$ cat /sys/devices/virtual/misc/hw_random/rng_available 
ChaosKey-hw-1.0-sw-1.9-001900375346430b20333632 tpm-rng-0

So both the ChaosKey and the tpm available.

There is some interesting background at https://daniel-lange.com/archives/152-hello-buster.html

Related

How can I get zsh to display international characters properly?
Skipping parts of a video that contains adult content
Transparent background in Visio 2013
How to list hardware in DOS?
Disable discrete graphics card on MacBook Pro Early 2011
Turn off screen saver in MobaXterm
How to change Windows machine IP without being an admin?
Mounting a remote filesystem on Windows 10 using Bash
Firefox: restore all default font settings
Moving chrome window to another monitor turns it black
How do I edit a JPEG's EXIF data with Gimp?
Windows 10 task manager shows 0% cpu under vmware