How can I know whether my machine have RNG hardware support? – Super User

The best answers to the question “How can I know whether my machine have RNG hardware support?” in the category Super User.

QUESTION:

I came across a blog concerning entropy pool problem and learn that there are a special hardware called RNG. I have read this kernel RNG page but I still wonder whether there is a way to find out if my server support hardware RNG or not.

ANSWER:

On recent kernels, you can check here:

$ cat /sys/devices/virtual/misc/hw_random/rng_current 
virtio_rng.0

If that file exists and doesn’t say none, then basically you have an rng present. (in this case, it is a virtual machine where the host provides a random source)

Also to see what is available (this example from a modern intel machine, also with a ChaosKey hardware rng connected)

$ cat /sys/devices/virtual/misc/hw_random/rng_available 
ChaosKey-hw-1.0-sw-1.9-001900375346430b20333632 tpm-rng-0 

So both the ChaosKey and the tpm available.

There is some interesting background at https://daniel-lange.com/archives/152-hello-buster.html

ANSWER:

There are two likely types of “real” hardware RNG: a CPU based one, and a chipset or PCI based one. (There are also a few USB hardware RNGs, but I suspect you’d have noticed one of those 😉

The following is Linux specific.

For CPU based ones, you can check /proc/cpuinfo for clues, assuming your kernel is new enough to detect them. For Intel CPUs the flag is rdrand, more info here: https://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean

For chipset ones, if you have CONFIG_HW_RANDOM enabled in your kernel and the per-vendor support CONFIG_HW_RANDOM_INTEL ..._AMD etc. then your boot messages should indicate if any were found (e.g. “Intel 82802 RNG detected”). If they are present as modules you can try (modprobe intel-rng) to see if it loads, “No such device” indicates no detected hardware.
Not all drivers consistently print “RNG detected” or “not detected”, so you may end up reading the sources (/drivers/char/hw_random/ directory of the kernel source).

For others, you can check lspci -v to see what’s recognised.

ANSWER:

To find out you have RNG do the following:

1) List all modules having “rng” in its name:

cat /proc/modules | grep -i rng

2) If you have any you will get a result like this

tpm_rng 16384 0 - Live 0xffffff......

3) Make sure to enable or load it using modprobe at this time:

modprobe tpm_rng

UPDATE: Regarding step (1), for me modprobe -l was not working in ubuntu 16 that’s why I tried to look for inside “/proc/modules” but if it works with you then it’s fine .. Recently I’ve searched and get to know all modules are resident inside /lib/modules/$(uname -r) so you could also use the following which is better:

cat /lib/modules/$(uname -r)/modules.dep | grep -i rng.*.ko