Comment 3 for bug 1564675
Revision history for this message
| Tyler Hicks (tyhicks) wrote Re: [Bug 1564675] Re: [MIR] rng-tools | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On 2016-04-01 13:34:45, Marc Deslauriers wrote:
> The kernel already feeds the hwrng into /dev/random. The user-space
> daemon is no longer necessary, and may in fact be a bad idea.
>
> https:/
Thanks for pointing out this commit. I've spent some time looking into
whether we should use rng-tools or the hwrng kthread. My conclusion is
that the hwrng kthread is the best choice for Snappy Ubuntu Core
devices.
The hwrng kthread allows us to tune the quality of the hwrng on a
per-board basis. Actually, we're forced to do so because most hwrng
kernel drivers do not set the quality member of struct hwrng. Gadget
snap authors will need to determine the best hwrng quality value for
their hardware.
One downside of using the hwrng kthread instead of rngd is that we lose
the FIPS 140-2 tests that help to give some level of assurance that the
hwrng device is outputting random looking values. The kernel thread does
not run the bits through any tests. However, the rngtest program from
rng-tools could still be used by gadget snap authors to manually verify
their boards.
I'm marking this MIR as invalid since we're not going forward with
seeding rng-tools in Snappy Ubuntu Core.