The best answers to the question “How can I know whether my machine have RNG hardware support?” in the category Super User.
I came across a blog concerning entropy pool problem and learn that there are a special hardware called RNG. I have read this kernel RNG page but I still wonder whether there is a way to find out if my server support hardware RNG or not.
On recent kernels, you can check here:
$ cat /sys/devices/virtual/misc/hw_random/rng_current virtio_rng.0
If that file exists and doesn’t say none, then basically you have an rng present. (in this case, it is a virtual machine where the host provides a random source)
Also to see what is available (this example from a modern intel machine, also with a ChaosKey hardware rng connected)
$ cat /sys/devices/virtual/misc/hw_random/rng_available ChaosKey-hw-1.0-sw-1.9-001900375346430b20333632 tpm-rng-0
So both the ChaosKey and the tpm available.
There is some interesting background at https://daniel-lange.com/archives/152-hello-buster.html
There are two likely types of “real” hardware RNG: a CPU based one, and a chipset or PCI based one. (There are also a few USB hardware RNGs, but I suspect you’d have noticed one of those 😉
The following is Linux specific.
For CPU based ones, you can check
/proc/cpuinfo for clues, assuming your kernel is new enough to detect them. For Intel CPUs the flag is
rdrand, more info here: https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean
For chipset ones, if you have
CONFIG_HW_RANDOM enabled in your kernel and the per-vendor support
..._AMD etc. then your boot messages should indicate if any were found (e.g. “Intel 82802 RNG detected”). If they are present as modules you can try (
modprobe intel-rng) to see if it loads, “No such device” indicates no detected hardware.
Not all drivers consistently print “RNG detected” or “not detected”, so you may end up reading the sources (
/drivers/char/hw_random/ directory of the kernel source).
For others, you can check
lspci -v to see what’s recognised.
To find out you have
RNG do the following:
1) List all modules having “rng” in its name:
cat /proc/modules | grep -i rng
2) If you have any you will get a result like this
tpm_rng 16384 0 - Live 0xffffff......
3) Make sure to enable or load it using
modprobe at this time:
UPDATE: Regarding step (1), for me
modprobe -l was not working in ubuntu 16 that’s why I tried to look for inside “/proc/modules” but if it works with you then it’s fine .. Recently I’ve searched and get to know all modules are resident inside
/lib/modules/$(uname -r) so you could also use the following which is better:
cat /lib/modules/$(uname -r)/modules.dep | grep -i rng.*.ko