Press "Enter" to skip to content

Uninitialized urandom read

(Please correct me if my understanding is incorrect.)

Today I checked the log of my system and noticed this line of warning.

random: lvm: uninitialized urandom read

After googling it, I learned /dev/urandom is a pseudo-random number generator that is used by many programs. An introduction can be found through the man page of urandom:

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.

Also, here’s the reason (from my understanding) for the warning message:

A read from the /dev/urandom device will not block waiting for more entropy.

The system gathers random noises from hardware into an entropy pool for urandom to use.  That means if the system uptime is not long enough, there may not be enough entropy in the pool. So when urandom requests data from the pool and when the pool is depleted, urandom can not generate good random numbers and hence the warning message. In my case, this happened when lvm requested a random number from urandom during the booting time.

Upon googling, there are three ways [1] to make sure there’s enough entropy in the pool during the booting time (though I only tried the third one and resolved the warning):

  1. Use systemd-boot as the boot manager, which initializes an entropy pool that can be used by programs during a booting period [2].
  2. Use some other pseudo-random number generators, such as haveged[3], to increase the entropy in the pool.
  3. Use CPU’s hardware random number generator (if the CPU has RDRAND [4] instruction) by setting the kernel parameter `random.trust_cpu=on`.

Reference:

[1] https://bbs.archlinux.org/viewtopic.php?id=249430
[2] https://systemd.io/RANDOM_SEEDS/
[3] http://www.issihosts.com/haveged/
[4] https://en.wikipedia.org/wiki/RDRAND

Be First to Comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.