I’ve been dabbling with DNSSEC which involves creating a few zone- and key-signing keys, and it became immediately apparent that my headless HP Microserver has very poor entropy generation for /dev/random
. After poking and prodding it became apparent there’s no dormant hardware RNG that I can just enable to fix it.
Eventually I stumbled on this post which suggests you can install and make use of the optional TPM as a source of entropy.
I picked up one cheaply and installed it following the above instructions to install and configure it; I found I only needed to remove the power cord for safety’s sake, the TPM connector on the motherboard is right at the front so I didn’t need to pull the tray out.
Also, since that blog post, the rng-tools
package on RHEL/CentOS 6.x now includes an init script so it’s just a case of doing the following final step:
# chkconfig rngd on # service rngd start |
It should then be possible to pass this up to any KVM guests using the virtio-rng.ko
module.