Re: entropy: pid 17200 (python) blocking due to lack of entropy

[Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>]

> Date: Wed, 22 Mar 2023 17:18:45 +0100
> From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> 
> I did this but it didn't unblock the python process. It did tell me:
> #rndctl -L /tmp/foo 
> rndctl: no entropy in seed
> Also I had a /var/db/entropy-file, but maybe without entropy.
> But /tmp/foo should have some, it was generated on a host with a hardware RNG:
> rdrand                 1024          2 rng    estimate, collect, v

Can you please share a complete transcript?

Say the machine with rdrand is called foo, and the machine without any
HWRNG is called bar.

foo# rndctl -l
...
foo# rndctl -S /tmp/seed
foo# head -c 4 </tmp/seed | hexdump -C
00000000  00 01 00 00                                       |....|
00000004

Now copy foo:/tmp/seed to bar:/var/seed.  On bar, run:

bar# sysctl kern.securelevel
kern.securelevel = -1
bar# head -c 4 </tmp/seed | hexdump -C
00000000  00 01 00 00                                       |....|
00000004
bar# rndctl -L /tmp/seed
...
bar# /etc/rc.d/random_seed stop
...
bar# rndctl -l
...

The transcript will show:
(a) whether the seed starts with a nonzero count,
(b) what securelevel is on bar (note: at securelevel>1, userland
    cannot affect the entropy count),
(c) what `rndctl -l' printed before saving the seed on foo and after
    loading the seed on bar,
(d) what rndctl -L printed,
(e) what writing a new seed to disk on bar printed, and
(f) how much entropy and how many samples each source has contributed
    on bar after loading the seed.