rngd taking all CPU cycles for a long time on reboot imx6ul Yocto kernel 5.4

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

rngd taking all CPU cycles for a long time on reboot imx6ul Yocto kernel 5.4

6,598 Views
RayC
Contributor II

On imx6ul reboot, I notice rngd is taking up virtually 100% CPU cycles for a few minutes.

Since we care about security rngd is beneficial.

I just would like to know if this is normal? What is the  /dev/hwrng device? Is it the CAAM crypto? Why is it so slow? 

My yocto built kernel is 5.4.70.

 

Thanks

 

 

 

0 Kudos
Reply
4 Replies

6,305 Views
rsm4
Contributor II

Hi,

Also I monitored the behaviour of 100% CPU usage at imx6ul with default settings of rngd.
So I have removed the jitterlibrary as mentioned with the -x jitter option.
As mentioned above, the CPU usage is no longer an issue BUT in general the boot time has incereased by around +10sec.
Can you explain this?
It seems as the entropy, which is only derived from hwrng grows to slow without the jitter entropy source.
To you have any idea?
Is the hwrng as single source for entropy generation that slow?

Thanks!

0 Kudos
Reply

6,566 Views
igorpadykov
NXP Employee
NXP Employee

Hi Ray

 

When system boot, especially the first boot up, we can see some RNG related process(like random: crng init) will take some minutes to finish. This it related to Linux RNG framework.

We exposed CAAM’s TRNG through the “hwrng” framework. Please note that we can use hwrng to get “entropy” instead of “randomness”, it is backend by CAAM, we reseed the DRBG every time to get entropy from TRNG inside of CAAM. so it is slower than the non-reseed case is expected.

 

Best regards
igor

0 Kudos
Reply

6,587 Views
RayC
Contributor II

The problem goes away if I exclude "jitter".

Could someone help me understand this?

Thanks

 

root@imx6ulevk:~# cat /etc/default/rng-tools
EXTRA_ARGS="-r /dev/hwrng -x jitter"

0 Kudos
Reply

6,561 Views
igorpadykov
NXP Employee
NXP Employee

>The problem goes away if I exclude "jitter"

 

answer from team:

----------

rng-tools is not from our NXP, and is from 3rd party which can download from Github, and also is integrated into our Yocto BSP.

By checking its code, we can see CPU jitter is a RNG entropy source which is based on running multi-threads on CPUs. and it is tagged as a slow source in rng-tools.

After customer add "-x jitter", it seems like that the jitter entropy source is disabled. So the customer's observation is reasonable.

----------

Best regards
igor

0 Kudos
Reply