Hi, on a couple of arm boxes I have I've been observing the development of the entropy estimate, what "rndctl -s" calls "bits currently stored in pool" over time.
I've also tried to read some of the code to understand the behaviour. If I understand correctly, randomness sources come in two basic flavours: those which offer up randomness samples based on (possibly external) events, and those which only provide samples when "asked" to do so. The hardware randomness generator on my amlogic arm boards appears to fall into the last category. On a system with little other active randomness sources (e.g. FS activity or keyboard / mouse activity), it appears that the "bits currently stored in pool" will be allowed to decrease quite close to zero (or even *to* zero) before the polled sources are queried, via e.g. rnd_extract() only triggering a rnd_getmore() if it could not initially fulfill the request. The same also appears to hold for rnd_tryextract(). Meanwhile the hardware random generator sits there unused. I would have thought it would make more sense to keep the "bits currently stored in pool" more "topped up", and that a re-fill could with benefit be done before the estimate crept down towards zero? Especially if you have a half-way decent hardware random generator at hand? (This has been observed with both 7.99.47 and 7.99.58, fwiw.) Regards, - HÃ¥vard
