This guide documents the main method for optimizing RNG availability on OpenWrt.
It may help to minimize overall system startup time on lower-performance devices, or on devices without a HWRNG.
Since OpenWrt 15.05, hwrng output is automatically added to the kernel's entropy pool, so devices with a HWRNG may not necessarily benefit from rng-tools.1)2)
AMD/Intel processors that have a HWRNG will return text when running cat /proc/cpuinfo | grep rdrand.
To check whether a HWRNG is being used, run cat /sys/class/misc/hw_random/rng_current.
Provide fast RNG with rng-tools.
# Install packages opkg update opkg install rng-tools # Configure RNG uci set system.@rngd[0].enabled="1" uci commit system service rngd restart
Test the entropy pool size.
sysctl kernel.random.entropy_avail
Use rngtest to check the randomness of data.
RNG_DEV="$(uci get system.@rngd[0].device)" rngtest -c 1000 < ${RNG_DEV}
Collect and analyze the following information.
# Restart services service log restart; service rngd restart # Log and status logread -e rngd; pgrep -f -a rngd # Persistent configuration uci show system
Use software RNG by default.
# Use software RNG uci set system.@rngd[0].device="/dev/urandom" uci commit system service rngd restart
Use hardware RNG if available.
# Use hardware RNG uci set system.@rngd[0].device="/dev/hwrng" uci commit system service urngd disable && service urngd stop service rngd restart