rngd

Originally created by Tails on #5650 (Redmine)

In his talk at LinuxCon Europe 2012 about random number generation on Linux, H. Peter Anvin strongly advises to run rngd (from rng-tools.

rngd acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel’s PRNG.

About haveged: "So, while I can’t really recommend it, I can’t not recommend it either." If you are going to run HAVEGE, Peter strongly recommended running it together with rngd, rather than as a replacement for it.

Roadmap

How to convince haveged and rngd to play together nicely. Can we just install both and be done with it?

According to H. Peter Anvin’s slides, haveged "can be run in parallel with rngd".

Let’s try that.

Debian package need some care, call for co-maintainer on Debian bug #542599. The package is actually a bit behind the ubuntu one, doesn’t include support for TPM hardware, which is the only one I could try. In a Tails VM, once installed the rngd daemon fail to start given there’s no hardware available.

Feature Branch: feature/5650-rngd

Related issues

Related to #7102
Related to #6116
Related to #7675 (closed)
Related to #7687 (closed)
Related to #11758 (closed)
Related to #17154

_Originally created by Tails on [#5650 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5650)_

In his talk at LinuxCon Europe 2012 about random number generation on
Linux, H. Peter Anvin [strongly
advises](https://lwn.net/Articles/525459/) to run `rngd` (from
[rng-tools](http://packages.debian.org/rng%2Dtools\)).

rngd acts as a bridge between a Hardware TRNG (true random number
generator) such as the ones in some Intel/AMD/VIA chipsets, and the
kernel’s PRNG.

About haveged: "So, while I can’t really recommend it, I can’t not
recommend it either." If you are going to run HAVEGE, Peter strongly
recommended running it together with rngd, rather than as a replacement
for it.

# Roadmap

How to convince haveged and rngd to play together nicely. Can we just
install both and be done with it?

According to [H. Peter Anvin’s
slides](https://events.linuxfoundation.org/images/stories/pdf/lceu2012_anvin.pdf),
haveged "can be run in parallel with rngd\&quot;.

Let’s try that.

> Debian package need some care, call for co-maintainer on [Debian bug
> #542599](http://bugs.debian.org/542599). The package is actually a
> bit behind the ubuntu one, doesn’t include support for TPM hardware,
> which is the only one I could try. In a Tails VM, once installed the
> rngd daemon fail to start given there’s no hardware available.

Feature Branch: feature/5650-rngd

### Related issues

- **Related to** tails/tails#7102
  - **Related to** tails/tails#6116
  - **Related to** tails/tails#7675
  - **Related to** tails/tails#7687
  - **Related to** tails/tails#11758
  - **Related to** tails/tails#17154

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information