diff options
| author | Alexander Kjeldaas <ak@formalprivacy.com> | 2013-08-21 11:12:04 +0200 |
|---|---|---|
| committer | Alexander Kjeldaas <ak@formalprivacy.com> | 2014-04-22 14:05:09 +0200 |
| commit | 64311899db7c455c5f07f7ff30c5a52c50b8fbae (patch) | |
| tree | 884ff13c65d4360fb64754fed4eb63a876cfca16 /nixos/modules/security/rngd.nix | |
| parent | e5ccb41f6fa74e4b4b83a953d5178823171262ff (diff) | |
| download | nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar.gz nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar.bz2 nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar.lz nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar.xz nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.tar.zst nixlib-64311899db7c455c5f07f7ff30c5a52c50b8fbae.zip | |
Don't let rngd read /dev/tpm0.
Only one process can interact with the TPM module and that process should be tcsd. The tpm_rng kernel module should instead be loaded and /dev/hwrnd be used to read the TPM random generator. Also, log which random generator devices are used by rngd on startup.
Diffstat (limited to 'nixos/modules/security/rngd.nix')
| -rw-r--r-- | nixos/modules/security/rngd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index c31e57e6f6f8..c47c1b2a67e6 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -30,7 +30,7 @@ with lib; description = "Hardware RNG Entropy Gatherer Daemon"; - serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f"; + serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v --no-tpm=1"; restartTriggers = [ pkgs.rng_tools ]; }; |