I read from this page https://www.turris.cz/en/omnia/#features that Omnia has a chip to generate random numbers increasing the “healthy” entropy. I have an Omnia with Turris OS 4.0.1 and the presence of haveged is known among the active processes, which I know as an app that generates entropy “no very healthy” via software. So I wonder: if Omnia has a formidable chip (hardware stuff), why rely on a piece of software that is dated and unreliable?
So I try to install rng-tools and I do it by following the guide on the OpenWRT site [OpenWrt Wiki] Random generator
The fact is that I run the configuration to use the entropic hardware, I get an error, because rngd tells me that there is no dedicated hardware.
Definitely mistaken some passage or I don’t see the hidden functioning. However with cat /proc/sys/kernel/random/entropy_aviable I don’t read an appreciable value (just over a thousand).
Can anyone clarify this?
The subject has been discussed in this forum several times, short of it
- ATSHA204 (that is the crypto chip) does not store seeds in /dev/hwrng but in its EEPROM (slots)
- it provides userland
atsha204cmdthat feeds/dev/urandomand gets invoked at boot time once [1] - the statement exhibited [2]
dedicated chip into Omnia, which can serve as a high quality entropy source.
could be confusing as user might assume that the chip is (constantly) providing entropy to the kernel which however is only the case at boot time once.
The chip is more of a secure crypto provider than really an entropy provider and the text chosen to be exhibited [2] seems a bit misleading.
The apparent caveat seems to be the chip’s EEPROM which is prone to wear:
EEPROM endurance specification that limits the number of times the EEPROM seed can be updated, the Host system should manage power cycles to minimize the number of required updates.
[1] package/base-files/files/etc/init.d/boot · master · Turris / openwrt · GitLab
[2] https://www.turris.cz/en/omnia/#features
Put simply? Why is haveged active? Many words are of little use. Few words are often more effective. On this forum the literary prize of justifications could be won.
To provide a reasonable amount of entropy to the kernel.
There is no entropy daemon present in the OpenWrt | TOS repo that utilizes the ATSHA204 chip as source however.
Probably misinterpreted (infered) something that it is not (entropy prodiver to the kernel).
There is a difference between entropy source (seed) and entropy provider.
Unfortunately this never been responded to