The rngd service fails to start after enabling FIPS crypto-policy
Environment
- Red Hat Enterprise Linux 8
Issue
-
Below error messages are reported in the system for rngd service
rngd[X]: Process privileges have been dropped to 2:2 rngd[X]: too many FIPS failures, disabling entropy source rngd[X]: too many FIPS failures, disabling entropy source rngd[X]: No entropy sources working, exiting rngd -
rngd.service start failed
Resolution
-
We can't enable
rngddaemon whilefipsenabled in RHEL 8.4 or later. -
If you are booting in FIPS mode on 8.4 or later, you get the jitterentropy source instead of the interrupt driven LRNG. Rngd cannot seed the jitterentropy source, so Rngd is not needed.
-
Further issue is still in analysis phase by Red Hat engineering team as per private bugzilla:
BZ#2154804
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments