[Whonix-devel] How to confirm jitter .ko was loaded

Stephan Mueller smueller at chronox.de
Fri Apr 26 15:59:39 CEST 2019 

Am Mittwoch, 24. April 2019, 20:32:59 CEST schrieb procmem at riseup.net:

Hi,

> On 4/24/19 6:21 PM, Stephan Mueller wrote:
> > Am Mittwoch, 24. April 2019, 19:30:28 CEST schrieb procmem at riseup.net:
> > 
> > Hi,
> > 
> >> Hi Stephan. Whonix dev here. We are a VM based privacy distro and so are
> >> very interested in jitter for our RNG needs.
> >> 
> >> I was wondering how we can confirm jitterentropy's kernel module was
> >> successfully loaded during boot so we can be sure it works on some
> >> platforms.
> > 
> > cat /proc/crypto | grep jitter
> 
> Thanks for your great input. I'm not going to turn this into a support
> thread, but I wanted to get to the bottom of this. This command doesn't
> return anything for me.

On Fedora 29:

name         : jitterentropy_rng
driver       : jitterentropy_rng
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : rng
seedsize     : 0

Kernel config: CONFIG_CRYPTO_JITTERENTROPY=y


> We have jitterentropy-rngd installed with a 4.19
> kernel for Debian Buster. The service reports it's up and running though.

This is good :-)

I will check the measurement results now.
> 
> >> Do you know if it should be functional on the Xen hypervisor where Linux
> >> does not have full control over bare-metal?
> > 
> > Yes, definitely. Besides, the Jitter RNG will not initialize if it finds
> > that the platform does not provide the correct properties for the RNG.
> > The Jitter RNG has also a runtime check. If that runtime check identifies
> > platform failures, you will see that in dmesg :-)
> 
> I see. No such errors though.

If you do not have this listing above, the question is whether it is enabled 
in the kernel :-)
> 
> > Though, please note that the Jitter RNG in the kernel ONLY seeds the
> > kernel
> > DRBG and NOT /dev/random or /dev/urandom. If you want to seed them, you
> > need either the jitterentropy-rngd (which seems to be currently tested)
> > or the latest version of rngd which contains the JitterRNG as one noise
> > source.> 
> >> cc/ our mailing list do our users can benefit.
> > 
> > Ciao
> > Stephan



Ciao
Stephan

More information about the Whonix-devel mailing list