I run a Raspberry Pi with a custom Yocto Linux. There's an
rng-tools.service which runs rngd .
On my Pi, it shows high CPU usage sometimes and others complain about its excessive logging.
Before trying to fix those issues, I considered to simply remove the service. However, there's very sparse information on the tool and consequences of removing it available online.
Why do I need to have rngd running? What consequences do I face, when removing it?
#### Research and Assumptions
Most online man pages are outdated, but having a look in the code repository I find the following:
> This is a random number generator daemon.
>
> It monitors a set of entropy sources, and supplies entropy from them to the system kernel's /dev/random machinery. Operation is fully documented in the man page, and should be fairly intuitive
While the current man page is easy to follow, understanding it requires domain knowledge that exceeds mine.
I know that I need "good" entropy to generate secure cryptographic keys (e.g. for SSH); there's another question that explains the details. But why do the system's entropy sources need "monitoring" and feeding into /dev/random? If I stop the service, cat /dev/random still works. On an Ubuntu host with Intel processor, rngd isn't even installed by default. Assuming Ubuntu is secure, some hardware seems to do fine without rngd.
The most useful information I found in this Red Hat article . Accordingly rngd is _"capable of using both environmental noise and hardware random number generators for extracting entropy"_ and _"checks whether the data supplied by the source of randomness is sufficiently random"_. To me this means that rngd improves the randomness of /dev/random. With the prior observation of rngd missing on Intel based systems, I assume that the Pi's hardware random number generator is not "good" enough and rngd is there to improve the situation.
I'll probably disable the service anyways, because the Pi is on a LAN with my Desktop PC only. Still, I'm curios to learn if I should do this on a more exposed device and wanted to document my findings for others.
#### Try it out
In order to test the quality of the randomness, the article mentions rngtest. Hence, I run the test a few times, each block with rng-tools.service either enabled or disabled (see below).
The values vary a little, but among runs they stay in the same ball park. To me this does not like there's any significant difference. There are some timing statistics, but they don't show any significant difference as well.
Collect the data:
for i in $(seq 0 4); do cat /dev/random | rngtest -c 10000 2>> ./run_enabled; done
systemctl stop rng-tools
for i in $(seq 0 4); do cat /dev/random | rngtest -c 10000 2>> ./run_disabled; done# grep failure run_disabled
rngtest: FIPS 140-2 failures: 7
rngtest: FIPS 140-2 failures: 6
rngtest: FIPS 140-2 failures: 8
rngtest: FIPS 140-2 failures: 5
rngtest: FIPS 140-2 failures: 2
# grep failure run_enabled
rngtest: FIPS 140-2 failures: 9
rngtest: FIPS 140-2 failures: 8
rngtest: FIPS 140-2 failures: 8
rngtest: FIPS 140-2 failures: 7
rngtest: FIPS 140-2 failures: 5
# grep "input channel speed" run_disabled
rngtest: input channel speed: (min=22.842; avg=2846.662; max=9536.743)Mibits/s
rngtest: input channel speed: (min=27.845; avg=2778.812; max=6357.829)Mibits/s
rngtest: input channel speed: (min=28.425; avg=2886.991; max=6357.829)Mibits/s
rngtest: input channel speed: (min=51.273; avg=2530.815; max=4768.372)Mibits/s
rngtest: input channel speed: (min=42.292; avg=2509.867; max=4768.372)Mibits/s
# grep "input channel speed" run_enabled
rngtest: input channel speed: (min=23.812; avg=2853.049; max=6357.829)Mibits/s
rngtest: input channel speed: (min=27.643; avg=2704.117; max=6357.829)Mibits/s
rngtest: input channel speed: (min=27.444; avg=2722.567; max=9536.743)Mibits/s
rngtest: input channel speed: (min=28.383; avg=2815.690; max=6357.829)Mibits/s
rngtest: input channel speed: (min=28.049; avg=2844.284; max=6357.829)Mibits/s
# grep "tests speed" run_disabled
rngtest: FIPS tests speed: (min=25.130; avg=54.219; max=55.446)Mibits/s
rngtest: FIPS tests speed: (min=27.093; avg=53.990; max=55.285)Mibits/s
rngtest: FIPS tests speed: (min=20.056; avg=48.995; max=55.285)Mibits/s
rngtest: FIPS tests speed: (min=32.493; avg=51.283; max=55.285)Mibits/s
rngtest: FIPS tests speed: (min=26.676; avg=51.326; max=55.285)Mibits/s
# grep "tests speed" run_enabled
rngtest: FIPS tests speed: (min=48.165; avg=54.621; max=55.446)Mibits/s
rngtest: FIPS tests speed: (min=19.443; avg=49.054; max=55.285)Mibits/s
rngtest: FIPS tests speed: (min=24.803; avg=54.375; max=55.446)Mibits/s
rngtest: FIPS tests speed: (min=20.035; avg=49.008; max=55.285)Mibits/s
rngtest: FIPS tests speed: (min=30.469; avg=54.625; max=55.446)Mibits/s
Asked by Mo_
(257 rep)
Jun 19, 2025, 09:39 AM
Last activity: Jun 24, 2025, 10:12 PM
Last activity: Jun 24, 2025, 10:12 PM