Archive for January, 2014

Annoying Keychain bug on Mavericks

Monday, January 27th, 2014

Just been bitten by this annoying bug on Mavericks after a seemingly innocuous reboot whereby I’m prompted repeatedly to unlock my “Local Items” keychain. No password I’m aware of works and mashing Cancel just puts you in an endless loop cycling through each application or framework that wants to access said keychain.

The solution is simple as outlined in the linked support document; just nuke the UUID-named folder in ~/Library/Keychains and reboot. The same folder will reappear afterwards but it’s fine to leave it if you’re not prompted to unlock it again. Obviously something got corrupted, possibly related to iCloud.

HP Microserver TPM

Friday, January 10th, 2014

I’ve been dabbling with DNSSEC which involves creating a few zone- and key-signing keys, and it became immediately apparent that my headless HP Microserver has very poor entropy generation for /dev/random. After poking and prodding it became apparent there’s no dormant hardware RNG that I can just enable to fix it.

Eventually I stumbled on this post which suggests you can install and make use of the optional TPM as a source of entropy.

I picked up one cheaply and installed it following the above instructions to install and configure it; I found I only needed to remove the power cord for safety’s sake, the TPM connector on the motherboard is right at the front so I didn’t need to pull the tray out.

Also, since that blog post, the rng-tools package on RHEL/CentOS 6.x now includes an init script so it’s just a case of doing the following final step:

# chkconfig rngd on
# service rngd start

It should then be possible to pass this up to any KVM guests using the virtio-rng.ko module.