> On Nov 16, 2019, at 1:40 AM, Stephan Müller <smueller@xxxxxxxxxx> wrote: > > The True Random Number Generator (TRNG) provides a random number > generator with prediction resistance (SP800-90A terminology) or an NTG.1 > (AIS 31 terminology). > ... > The secondary DRNGs seed from the TRNG if it is present. In addition, > the /dev/random device accesses the TRNG. > > If the TRNG is disabled, the secondary DRNGs seed from the entropy pool > and /dev/random behaves like getrandom(2). As mentioned before, I don’t like this API. An application that, for some reason, needs a TRNG, should have an API by which it either gets a TRNG or an error. Similarly, an application that wants cryptographically secure random numbers efficiently should have an API that does that. With your design, /dev/random tries to cater to both use cases, but one of the use cases fails depending on kernel config. I think /dev/random should wait for enough entropy to initialize the system but should not block after that. A TRNG should have an entirely new API that is better than /dev/random.