Include rng-tools5 by default to copy random bits from TPM to /dev/random

trekkinjuju · September 4, 2023, 9:16am

TPMs are becoming ubiquitous in new computers, especially with fTPM, so this might be worth it.

Kernel docs indicate rng-tools is the best way to make use of trng entropy (writes from /dev/hwrng to /dev/random)
docs.kernel.org/admin-guide/hw_random.html

Seems to be the currently most popular package:

Considerations to test:
How does this behave with devices that do not have hardware rngs?

Does xen provide virtio-rng to guests by default?

Patrick · September 4, 2023, 2:56pm

First blocker, horribly outdated in Debian as per Debian upstream bug report:
Please consider using rng-tools >= 6

Not that I can find.

search term:
site:xen.org virtio-rng

That’s why Qubes has this:

github.com

[Unit]
After=qubes-db.service
Before=sysinit.target

[Service]
ExecStartPre=/usr/lib/qubes/init/qubes-random-seed.sh