Displaying PRNG information

Red Hat Enterprise Linux 9.2 LPAR mode z/VM guest KVM guest

Read the attributes of the prandom device in sysfs.

About this task

The sysfs representation of a PRNG device is a directory: /sys/devices/virtual/misc/prandom. This sysfs directory contains a number of attributes with information about the device.

Table 1. Attributes with PRNG information
Attribute Explanation
chunksize The size, in bytes, of the random-data bytes buffer that is used to generate new random numbers. The value can be in the range 64 bytes - 64 KB. The default is 256 bytes. It is rounded up to the next 64-byte boundary and can be adjusted as a module parameter when you start the module.
byte_counter The number of random bytes generated since the PRNG device driver was started. You can reset this value only by removing and reloading the kernel module, or rebooting Linux (if PRNG was compiled into the kernel). This attribute is read-only.
errorflag SHA512 mode only: 0 if the PRNG device driver is instantiated and running well. Any other value indicates a problem. If there is an error indication other than 0:
  • The DRBG does not provide random data bytes to user space
  • The read() function fails
  • The error code errno is set to EPIPE (broken pipe)
This attribute is read-only.
mode SHA512 if the PRNG device driver runs in SHA512 mode, TDES if the PRNG device driver runs in TDES mode. This attribute is read-only.
reseed SHA512 mode only: An integer, writable only by root. Write any integer to this attribute to trigger an immediate reseed of the PRNG. See Reseeding the PRNG.
reseed_limit SHA512 mode only: An integer, writable only by root to query or set the reseed counter limit. Valid values are in the range 10000 - 100000. The default is 100000. See Setting the reseed limit.
strength SHA512 mode only: A read-only integer that shows the security strength according to NIST SP800-57. Returns the integer value of 256 in SHA512 mode.

Procedure

Issue a command of this form to read an attribute:
# cat /sys/devices/virtual/misc/prandom/<attribute>
where <attribute> is one of the attributes of Table 1.

Example

This example shows a prandom device that is running in SHA512 mode, set to reseed after 2.56 MB:
# cat /sys/devices/virtual/misc/prandom/chunksize
256
# cat /sys/devices/virtual/misc/prandom/mode
2
# cat /sys/devices/virtual/misc/prandom/reseed_limit
10000