Q: I got FST-01 with NeuG, that is, the NeuG standalone device. How can I use it on my PC (with Debian installed)?
Description from NeuG doc
How to use NeuG
NeuG runs as USB CDC/ACM (Communication Device Class / Abstract Control Model) device.
No special driver is required on GNU/Linux. You can just access /dev/ttyACM? (e.g., /dev/ttyACM0) to get random byte stream.
The USB CDC/ACM (Communication Device Class / Abstract Control Model) is used primarily for modems. If you are using some control program for your modems, you need to configure it, so that it won't interfere NeuG device.
If you are not using modems with such a control program, you may simply remove modem management package from your system to avoid interference. For example, remove the package "modemmanager", when you are using Debian GNU/Linux.
UPDATE (2015-12-04): It seems that recent version of "modemmanager" only control registered devices. In this case, you don't need to remove the "modemmanager" package.
Alternatively, when you don't want to remove modemmanager, you can add the line:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", ENV{ID_MM_DEVICE_IGNORE}="1"
in your /etc/udev/rules.d/90-neug.rules, so that modemmanager won't try to control NeuG Device.
Configuration of tty line discipline
Don't forget to configure tty line disciple to get correct data. Between the device and application, there is "tty line discipline" which might interpret and translate the stream (newline, eof, etc.). This functionality should be disabled.
Using stty command, please configure the line discipline with no echo and raw mode.:
$ stty -F /dev/ttyACM0 -echo raw -parenb
You can select filter by parity settings.
Even parity (parenb -parodd) means: Raw ADC sample data
$ stty -F /dev/ttyACM0 parenb -parodd
Odd parity (parenb parodd) means: Only CRC32 filter
$ stty -F /dev/ttyACM0 parenb parodd
No parity (-parenb): CRC32 filter + SHA256 filter
$ stty -F /dev/ttyACM0 -parenb
Example command to get random output
For example, you can get random bytes of 1MiB to the file "output" by typing:
$ dd bs=1024 if=/dev/ttyACM0 iflag=fullblock count=1024 of=output
Answers for rng-tools
Please note that following examples assumes Debian GNU/Linux, where the rng-tools in Debian is a kind of fork. The syntax such as --fill-watermark is different and it supports --feed-interval option.
Systemd 2014-01-12 15:13:54 +0900 -- gniibe
With systemd, here are settings for rng-tools. /etc/udev/rules.d/90-neug.rules:
# Given 60-persistent-serial.rules, this should be > 60. KERNEL=="ttyACM[0-9]*", SUBSYSTEMS=="usb", ACTION=="add", \ ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", \ TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd@%k.service"
and /etc/systemd/system/rngd@.service:
[Unit] Description=rngd service on %I [Service] Type=simple ExecStartPre=/bin/stty -F /dev/%I raw -echo -parenb ExecStart=/usr/sbin/rngd -f --fill-watermark=90% --feed-interval=1 --rng-device=/dev/%I
Start on boot 2012-11-07 15:42:35 +0900 -- gniibe
You can use NeuG standalone device with rng-tools to feed entropy to kernel.
You can just
# apt-get install rng-tools
to install rng-tools on Debian.
Edit /etc/default/rng-tools so that it has a content like:
HRNGDEVICE=/dev/ttyACM0 if [ -c $HRNGDEVICE ]; then until stty -F $HRNGDEVICE -parenb raw echo; do sleep 5 echo "Try another invocation of stty" done else exit 0 fi RNGDOPTIONS="--fill-watermark=90% --feed-interval=1"
Then, please invoke rng-tools:
# /etc/init.d/rng-tools start
It would be good that system supports plug-and-play for the device, though.
You can check the status of entropy pool by:
$ watch cat /proc/sys/kernel/random/entropy_avail
You will see the value of 3840 or something like that.
Plug-and-play 2012-11-08 11:56:01 +0900 -- gniibe
Alternatively (not by /etc/init.d/rng-tools), we could have settings for udev to invoke rng-tools.
I tested with /etc/udev/rules.d/90-neug.rules:
KERNEL=="ttyACM[0-9]*", SUBSYSTEMS=="usb", ACTION=="add", \ ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", \ RUN+="/etc/udev/ctrl_rng.sh" KERNEL=="ttyACM[0-9]*", SUBSYSTEMS=="usb", ACTION=="remove", \ ATTRS{idVendor}=="234b", ATTRS{idProduct}=="0001", \ RUN+="/etc/udev/ctrl_rng.sh"
And a script which control rng-tools as /etc/udev/ctrl_rng.sh:
#! /bin/sh PIDFILE=/var/run/rngd.pid case "$ACTION" in add) stty -F $DEVNAME raw -echo -parenb /usr/sbin/rngd --fill-watermark=90% --feed-interval=1 --rng-device=$DEVNAME ;; remove) # This will be called twice, since there are two interfaces for the device. # Called once for 10/0/0, another for 2/2/1. if [ x$INTERFACE = x"2/2/1" -a -f $PIDFILE ]; then kill -SIGTERM `cat $PIDFILE` rm -f $PIDFILE else exit 0 fi ;; esac exit 0
With these settings, rngd automatically will be invoked upon plug-in of NeuG device, and it will be killed upon removal of the device.
It seems that rngd doesn't accept SIGTERM to shutdown cleanly (as written in the manual), but it will eventually finish anyway when there will be no /dev/ttyACM0.
-H option for rngd
You can add an option of -H n.n (or a floadint point number 0.0 betwen 1.0) to specify entropy per bit. For example, with -H 0.5, you need to put twice. This could be a safe factor.
Please see rngd(8) for detail.
Acknowledgment
Thanks to Arthur W. Green for the information of modem manager, its udev rules, and rng-tools on other distros.
Francois Berenger also informed me about rng-tools and suggested to invoke rng by rc.local script.
Answer for experimental GIGO
While this is early experimental stage, you can try to join Kun9be4, the random pool network, by running its program, named GIGO.
If you want to join the network to serve random byte stream to other machines, your host requires to open UDP port 10646. You need "port forwarding" setting if your host is behind firewall.
When UDP port is not available from the network, NeuG standalone device only feeds to /dev/random of your machine locally. It still works, but it would not be that interesting.