Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-107502

[Azure][RHEL-9][ARM]rngd service fail: Can't open any entropy source

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • rhel-9.7
    • rng-tools
    • No
    • Low
    • rhel-kernel-security
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • aarch64
    • None

      What were you trying to do that didn't work?

      rngd service fails in ARM64 VM  in Azure, because can't open any entropy source:

      Disabling 10: Named pipe entropy input (namedpipe)
Disabling 6: JITTER Entropy generator (jitter)
[hwrng ]: Initialization Failed
[rndr  ]: No HW SUPPORT
[rndr  ]: Initialization Failed
Can't open any entropy source
Maybe RNG device modules are not loaded

       

      Not see this issue in x86_64. x86_64 has rdrand CPU flag which doesn't exist in ARM64 VM.

      ARM64 VM has aes CPU flag, and can see /dev/hwrng exists.

      See the jitter is disabled in rngd config in RHEL-9.7, which is not disabled in RHEL-9.6:

      RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -x namedpipe -x jitter -D daemon:daemon"

      Affect by this patch: https://gitlab.com/redhat/centos-stream/rpms/rng-tools/-/merge_requests/20/diffs#7f3ff4ae69fc7774465ebe90b9083b2472e2e2d2 

      What is the impact of this issue to you?

      rngd.service failed

      Please provide the package NVR for which the bug is seen:

      rng-tools-6.17-2.el9.aarch64

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1.  Create an ARM64 VM on Azure(Standard_D2pds_v6 size)
      2.  Check rngd.service status

      Expected results

      rngd.service is running

      Actual results

      Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Disabling 7: PKCS11 Entropy generator (pkcs11)
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Disabling 5: NIST Network Entropy Beacon (nist)
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Disabling 9: Qrypt quantum entropy beacon (qrypt)
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Disabling 10: Named pipe entropy input (namedpipe)
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Disabling 6: JITTER Entropy generator (jitter)
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Initializing available sources
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: [hwrng ]: Initialization Failed
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: [rndr  ]: No HW SUPPORT
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: [rndr  ]: Initialization Failed
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Can't open any entropy source
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 rngd[29263]: Maybe RNG device modules are not loaded
Aug 06 04:01:32 LISAv2-walaauto2500-BF94-0805172619-role-0 systemd[1]: rngd.service: Main process exited, code=exited, status=1/FAILURE
░░ An ExecStart= process belonging to unit rngd.service has exited.

              rhn-support-vdronov Vladislav Dronov
              yuxisun@redhat.com Yuxin Sun
              Vladislav Dronov Vladislav Dronov
              Security Kernel Security Kernel
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: