Stir the entropy pool in FreeBSD 4

January 16, 2004

Entropy is used by the random number generator on your system for things like SSL, SSH and GPG, put simply encryption. On FreeBSD 4 it is possible to increase the inputs to generate entropy for your system (usefull if you are generating a large GPG key over the network).

1. Find the irqs of devices on your system.
# dmesg | grep irq


pci0: at 29.0 irq 7
pci0: at 29.1 irq 11
pci0: at 29.2 irq 9
pci0: at 29.7 irq 11
em0: port 0xc000-0xc03f mem 0xe2000000-0xe201ffff irq 10 at device 5.0 on pci2
fxp0: port 0xc400-0xc43f mem 0xe2020000-0xe203ffff,0xe2041000-0xe2041fff irq 11 at device 6.0 on pci2
pci2: at 7.0 irq 5
atapci0: port 0xf000-0xf00f,0-0x3,0-0x7,0-0x3,0-0x7 irq 0 at device 31.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
pci0: (vendor=0x8086, dev=0x24c3) at 31.3 irq 10
fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
atkbd0: flags 0x1 irq 1 on atkbdc0
psm0: irq 12 on atkbdc0
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio1 at port 0x2f8-0x2ff irq 3 on isa0
uhci0: port 0xd800-0xd81f irq 7 at device 29.0 on pci0
uhci1: port 0xd000-0xd01f irq 11 at device 29.1 on pci0
uhci2: port 0xd400-0xd41f irq 9 at device 29.2 on pci0

This can also be done with pciconf which will list all of the pci information on your system.
# pciconf -l


agp0@pci0:0:0: class=0x060000 card=0x1a308086 chip=0x1a308086 rev=0x11 hdr=0x00
pcib1@pci0:1:0: class=0x060400 card=0x00000000 chip=0x1a318086 rev=0x11 hdr=0x01
uhci0@pci0:29:0: class=0x0c0300 card=0x12901462 chip=0x24c28086 rev=0x02 hdr=0x00
uhci1@pci0:29:1: class=0x0c0300 card=0x12901462 chip=0x24c48086 rev=0x02 hdr=0x00
uhci2@pci0:29:2: class=0x0c0300 card=0x12901462 chip=0x24c78086 rev=0x02 hdr=0x00
none0@pci0:29:7: class=0x0c0320 card=0x12901462 chip=0x24cd8086 rev=0x02 hdr=0x00
pcib2@pci0:30:0: class=0x060400 card=0x00000000 chip=0x244e8086 rev=0x82 hdr=0x01
isab0@pci0:31:0: class=0x060100 card=0x00000000 chip=0x24c08086 rev=0x02 hdr=0x00
atapci0@pci0:31:1: class=0x01018a card=0x12901462 chip=0x24cb8086 rev=0x02 hdr=0x00
none1@pci0:31:3: class=0x0c0500 card=0x12901462 chip=0x24c38086 rev=0x02 hdr=0x00
em0@pci2:5:0: class=0x020000 card=0x002e8086 chip=0x100e8086 rev=0x02 hdr=0x00
fxp0@pci2:6:0: class=0x020000 card=0x02071014 chip=0x12298086 rev=0x10 hdr=0x00
none2@pci2:7:0: class=0x030000 card=0x00081002 chip=0x47521002 rev=0x27 hdr=0x00

2. One you have identified the devices you are going to use to generate entropy from (you should use network cards, harddrives, keyboard and mouse if you have them), configure your system to use them (I am using the em0, fxp0, and ata0 devices).
# rndcontrol -s 10
# rndcontrol -s 11
# rndcontrol -s 14
# rndcontrol
rndcontrol: interrupts in use: 10 11 14

3. Add the irqs to /etc/rc.conf so that they are set when the system reboots.
rand_irqs=”10 11 14″ # Stir the entropy pool (like “5 11” or NO).

And that’s it. For more information see Prepping /dev/random in FreeBSD, and man rndcontrol.

Transform your business without wasting money.

We help you identify, audit and implement technology changes within your business to create leverage points to scale your company faster.