On Tue, Jan 04, 2011 at 11:38:24PM +1100, Herbert Xu wrote: > On Tue, Jan 04, 2011 at 01:19:57PM +0100, Mario 'BitKoenig' Holbe wrote: > > > > Hmmm, yes - the patch fixes the crashes, i.e. no more crashes with > > either sequence of module-loading, cat rng_available works as well, > > but... > > > > Having this patch active rngd complains: > > rngd[1435]: rngd 2-unofficial-mt.13 starting up... > > rngd[1435]: block failed FIPS test: 0x1f > > rngd[1435]: block failed FIPS test: 0x1f > > ... > > rngd[1435]: stats: entropy added to kernel pool: 0 > > rngd[1435]: stats: FIPS 140-2 successes: 0 > > rngd[1435]: stats: FIPS 140-2 failures: 10 > > > > It doesn't do this without the patch. > > The only available rng was via, I did blacklist the others just to be > > sure. > > Hmm, can you print out what it's actually producing (e.g., by > stracing rngd)? # ps -ef | grep 'rng[d]' # cat /sys/devices/virtual/misc/hw_random/rng_available via # hexdump -n 512 -C /dev/hwrng 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 00000010 ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 # hexdump -n 512 -C /dev/hwrng 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 # hexdump -n 1024 -C /dev/hwrng 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 00000060 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400 # hexdump -n 1024 -C /dev/hwrng 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| * 00000070 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400 # > Can you also double-check that this doesn't happen with Larry's > patch? Nope, it doesn't do this with Larry's patch. Mario -- The Encyclopedia Galactica, in its chapter on Love states that it is far too complicated to define. The Hitchhiker's Guide to the Galaxy has this to say on the subject of love: Avoid, if at all possible.
Attachment:
signature.asc
Description: Digital signature
