The Pi has a hardware random number generator. Source. Hat tip.

This is running Centos 7.

It presents as /dev/hwrng.

yum install rng-tools
systemctl enable rngd
systemctl start rngd

# rngd -l
Entropy sources that are available but disabled
1: TPM RNG Device
4: NIST Network Entropy Beacon

Oh. It’s running as a daemon on my command line.

No!   Don’t press ctrl-c yet. The command will return the prompt when done. There’s a clue in the startup timings of the systemd service.

May 13 20:03:53 systemd[1]: Started Hardware RNG Entropy Gatherer Daemon.
May 13 20:03:53 rngd[21131]: Initalizing available sources
May 13 20:04:19 rngd[21131]: Enabling JITTER rng support

After a while, it’ll complete, telling you the active sources.

# rngd -l
Entropy sources that are available but disabled
1: TPM RNG Device
4: NIST Network Entropy Beacon
Available and enabled entropy sources:
0: Hardware RNG Device
5: JITTER Entropy generator

Note that the hardware RNG device is not logged as a source during initialisation (only JITTER). This should get fixed in 7.7.

Given that the Pi has a hardware RNG, I will configure the daemon to only use that.  I’ve made the daemon parameters more descriptive, and added debugging, not that this seems to make any difference.

mkdir /etc/systemd/system/rngd.service.d
cat > /etc/systemd/system/rngd.service.d/params.conf <<EOF
# disable jitter source
[Service]
ExecStart=
ExecStart=/sbin/rngd --foreground --debug --exclude 5
EOF
systemctl daemon-reload
systemctl restart rng

Monitor the kernel entropy cache with something like the following. It will not exceed 4096.

while true ; do echo "$(date) $(cat /proc/sys/kernel/random/entropy_avail)"; sleep 1 ; done

My headless pi was running at around 6-700 before, and jumped immediately to over 3,000.