User Tools

Site Tools


raspi_rng

Making use of the BCM2708 hardware RNG

Introduction

This page explains how to make use of the hardware RNG found on RASPBERRY PI's BCM2708 chip. The RNG seems to make use of thermal noise amplification to gather entropy. The Debian rng-tools package is used to feed the gathered entropy to the kernels random device. If you're unsure what all this is about, then this document clearly is not for you.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. The author shall have no liability for any error or damages of any kind resulting from the use of this document. There is no warranty; not even for merchantability or fitness for a particular purpose.

Changes to the system

Kernel

Add the bcm2708-rng kernel module to your /etc/modules. Load it manually:

# modprobe bcm2708-rng

Device file

Replace the 'old' /dev/urandom using these commands:

# cd /dev
# mv urandom urandom.old
# mknod urandom c 1 8 

This will make the /dev/urandom device use the /dev/random 'driver' in the kernel which is fed by the rng-tools rngd(8) (see below).

RNG-Tools

Installation

Install the rng-tools using apt-get:

# apt-get install -y rng-tools

Configuration

Edit your /etc/default/rng-tools to look like this:

HRNGDEVICE=/dev/hwrng
RNGDOPTIONS="--fill-watermark=90% --feed-interval=1"

Per default, rngd will seed the /dev/random device. We want the on-board RNG to dominate the contents of the entropy pool (= generate all the entropy contained in the pool) so we use a high value for the fill watermark and a low feed interval. Then restart the rng-tools:

# /etc/init.d/rng-tools restart

Verification

Let me remind you of my disclaimer above!

# cat /dev/urandom | rngtest -c 1000
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.431; avg=31.378; max=2724.784)Mibits/s
rngtest: FIPS tests speed: (min=843.318; avg=6155.429; max=9182.534)Kibits/s
rngtest: Program run time: 3824706 microseconds

Sources

raspi_rng.txt · Last modified: 2015/01/18 12:22 by flo