rng-tools does not perform as expected on a Beaglebone Black. The
dev-board has a built-in rng, and the kernel driver loads as expected.
/dev/hwrng is full, but /dev/random is suffering depletion. After
draining /dev/random, it takes 646 seconds to read 10 bytes in
The problem seems to be the wrapper script of systemd around the old
sysinit script. Or maybe the wrapper is OK but systemd is the problem.
I don't know what the problem is at the moment.
Manually running '/etc/init.d/rng-tools start' and things work as
expected. /dev/random has a bountiful stream of bits.
This may be CVE worthy. It is effectively a security related DoS due
to a configuration problem.
At this point I think it would be wise to provide a proper systemd
service file for rng-tools.
I am happy to manually install and test an updated *.deb package for
rng-tools. Just point me to a download.
Some hardware information.
$ cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 2 (v7l)
BogoMIPS : 996.14
Features : half thumb fastmult vfp edsp thumbee neon vfpv3 tls vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc08
CPU revision : 2
$ apt-cache show systemd
Maintainer: Debian systemd Maintainers
Pre-Depends: libc6 (>= 2.8), libgcc1 (>= 1:4.4.0)
Depends: libacl1 (>= 2.2.51-8), libapparmor1 (>= 2.9.0-3+exp2),
libaudit1 (>= 1:2.2.1), libblkid1 (>= 2.19.1), libc6 (>= 2.17),
libcap2 (>= 1:2.10), libcryptsetup4 (>= 2:1.4.3), libgcrypt20 (>=
1.6.1), libgpg-error0 (>= 1.14), libidn11 (>=1.13), libkmod2 (>= 5~),
liblzma5 (>= 5.1.1alpha+20120614), libmount1 (>= 2.20.1), libpam0g (>=
0.99.7.1), libseccomp2 (>= 2.1.0), libselinux1 (>= 2.1.9), libsystemd0
(= 230-7~bpo8+2), util-linux (>= 2.25.2-6), mount (>= 2.25.2-6),
Recommends: libpam-systemd, dbus
Suggests: systemd-ui, systemd-container, policykit-1
Breaks: apparmor (<< 2.9.2-1), ifupdown (<< 0.8.5~), laptop-mode-tools
(<< 1.68~), lsb-base (<< 4.1+Debian4), lvm2 (<< 2.02.104-1),
systemd-shim (<< 8-2), udev(<< 228-5)
Replaces: udev (<< 228-5)
Homepage: http://www.freedesktop.org/wiki/Software/systemd Priority: important
Description: system and service manager
systemd is a system and service manager for Linux. It provides aggressive
parallelization capabilities, uses socket and D-Bus activation for starting
services, offers on-demand starting of daemons, keeps track of processes
using Linux control groups, supports snapshotting and restoring of the system
state, maintains mount and automount points and implements an elaborate
transactional dependency-based service control logic.
systemd is compatible with SysV and LSB init scripts and can work as a
drop-in replacement for sysvinit.
Installing the systemd package will not switch your init system unless you
boot with init=/bin/systemd or install systemd-sysv in addition.
Bug#911043: rng-tools does not perform as expected ...
Here is the workaround.
I don't know what the fix is. I was never able to get systemd to
enable the service (or subsequently start the service). Nothing I
attempted would get the service out of the "generated" status.
$ cat /etc/rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# By default this script does nothing.
if [ -e /usr/sbin/rngd ]; then
/usr/sbin/rngd -r /dev/hwrng -f
Attached is a rng-tools.service that tested well on two BeagleBoards.
The service file avoids the logger dependencies, avoids udev rules,
and tries to recover from failure on startup.
The recovery part was important on the Beagleboards. The service
failed during startup because the udev /dev/hwrng device was not
online when rng-tools started. By adding a small delay and retry count
we could side-step udev rules to support rng-tools.
The Conflicts was needed because the Beagleboards were hanging on
shutdowns and reboots. It seems the Restart was restarting the service
The unit file can be dropped in /etc/systemd/system without deleting
the old service. 'systemctl enable rng-tools.service' will actually
enable the unit file even though systemd reports something about the
old service file.
I have other ARM dev-boards without a RNG. I did not test rng-tools on
them because haveged runs on them.
Robert, you may want to grab this for the images you build for the
4.1.15-ti-rt-r40 kernel. It is an improvement over the old service
file. The old service actually fails to run but no one realized it.