From 64311899db7c455c5f07f7ff30c5a52c50b8fbae Mon Sep 17 00:00:00 2001 From: Alexander Kjeldaas Date: Wed, 21 Aug 2013 11:12:04 +0200 Subject: [PATCH] Don't let rngd read /dev/tpm0. Only one process can interact with the TPM module and that process should be tcsd. The tpm_rng kernel module should instead be loaded and /dev/hwrnd be used to read the TPM random generator. Also, log which random generator devices are used by rngd on startup. --- nixos/modules/security/rngd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index c31e57e6f6f..c47c1b2a67e 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -30,7 +30,7 @@ with lib; description = "Hardware RNG Entropy Gatherer Daemon"; - serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f"; + serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v --no-tpm=1"; restartTriggers = [ pkgs.rng_tools ]; };