> Date: Wed, 22 Mar 2023 17:18:45 +0100
> From: Manuel Bouyer <bou...@antioche.eu.org>
>
> I did this but it didn't unblock the python process. It did tell me:
> #rndctl -L /tmp/foo
> rndctl: no entropy in seed
> Also I had a /var/db/entropy-file, but maybe without entropy.
> But /tmp/foo should have some, it was generated on a host with a hardware RNG:
> rdrand 1024 2 rng estimate, collect, v
Can you please share a complete transcript?
Say the machine with rdrand is called foo, and the machine without any
HWRNG is called bar.
foo# rndctl -l
...
foo# rndctl -S /tmp/seed
foo# head -c 4 </tmp/seed | hexdump -C
00000000 00 01 00 00 |....|
00000004
Now copy foo:/tmp/seed to bar:/var/seed. On bar, run:
bar# sysctl kern.securelevel
kern.securelevel = -1
bar# head -c 4 </tmp/seed | hexdump -C
00000000 00 01 00 00 |....|
00000004
bar# rndctl -L /tmp/seed
...
bar# /etc/rc.d/random_seed stop
...
bar# rndctl -l
...
The transcript will show:
(a) whether the seed starts with a nonzero count,
(b) what securelevel is on bar (note: at securelevel>1, userland
cannot affect the entropy count),
(c) what `rndctl -l' printed before saving the seed on foo and after
loading the seed on bar,
(d) what rndctl -L printed,
(e) what writing a new seed to disk on bar printed, and
(f) how much entropy and how many samples each source has contributed
on bar after loading the seed.
