OPNsense Forum

English Forums => Hardware and Performance => Topic started by: ChargerDad on January 13, 2022, 03:52:11 pm

Title: 'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware
Post by: ChargerDad on January 13, 2022, 03:52:11 pm

Booting from install image, the console was bombarded with the following line:
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

I was able to get past that by adding the following boot loader option:
set random.trust_cpu=off

That enabled me to do the install. After the install, I continue to get those errors, and believed that if I created a similar entry in System->Settings->Tunables, that would take care of the issue, so I created the following setting there:

Tunable: random.trust_cpu
Value: off

If I look at /boot/loader.conf the entry shows up as:

random.trust_cpu="off"

So, it LOOKS like the entry from Tunables is there, but the message continues to flood the console.

Title: Re: 'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware
Post by: ChargerDad on January 13, 2022, 03:52:35 pm

I noticed that if you look at the output of "sysctl -a", the following is set:
kern.random.random_sources: 'Intel Secure Key RNG'
Not sure if changing that is an option if the boot loader for random.trust_cpu doesn't work

Title: Re: 'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware
Post by: franco on January 13, 2022, 03:55:00 pm

What version are we talking about? If I look for "trust_cpu" in the kernel I get nothing for 21.7 or 22.1.


Cheers,
Franco

Title: Re: 'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware
Post by: ChargerDad on January 13, 2022, 09:13:34 pm

21.7.7

That would explain why it doesn't work, though interestingly it was there in the install image, and resolved the issue during installation.