'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware

ChargerDad · January 13, 2022, 03:52:11 PM

Booting from install image, the console was bombarded with the following line:
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

I was able to get past that by adding the following boot loader option:
set random.trust_cpu=off

That enabled me to do the install. After the install, I continue to get those errors, and believed that if I created a similar entry in System->Settings->Tunables, that would take care of the issue, so I created the following setting there:

Tunable: random.trust_cpu
Value: off

If I look at /boot/loader.conf the entry shows up as:

random.trust_cpu="off"

So, it LOOKS like the entry from Tunables is there, but the message continues to flood the console.

ChargerDad · January 13, 2022, 03:52:35 PM

I noticed that if you look at the output of "sysctl -a", the following is set:
kern.random.random_sources: 'Intel Secure Key RNG'
Not sure if changing that is an option if the boot loader for random.trust_cpu doesn't work

franco · January 13, 2022, 03:55:00 PM

What version are we talking about? If I look for "trust_cpu" in the kernel I get nothing for 21.7 or 22.1.

Cheers,
Franco

ChargerDad · January 13, 2022, 09:13:34 PM

21.7.7

That would explain why it doesn't work, though interestingly it was there in the install image, and resolved the issue during installation.

'Intel Secure Key RNG' returned no entropy on Sophos XG 135 Rev 3 hardware

ChargerDad

January 13, 2022, 03:52:11 PM

ChargerDad

January 13, 2022, 03:52:35 PM #1

franco

January 13, 2022, 03:55:00 PM #2

ChargerDad

January 13, 2022, 09:13:34 PM #3