Image of the glider from the Game of Life by John Conway
Skip to content

Haveged Continued

I noticed that on my machine, my entropy was staying high, then falling off. Then, at what appeared to be some arbitrary point, it would fill back up, in a very periodic manner. This is, of course, after running haveged in the background. Curious, I started looking into it. It took a while to find. Then noticed it. It was obvious. The "write_wakeup_threshold" is what is telling the daemon to fill the entropy pool with more data.

$ cat /proc/sys/kernel/random/write_wakeup_threshold
1024

This is default, after installing haveged. But, the poolsize is 4096. It sure would be nice if the write_wakeup_threshold was 4096, rather than 1024. Well, you have two options to set it: you can use sysctl, or you can use haveged. Let's look at both (I prefer the latter). With sysctl, you just need to edit the /etc/sysctl.conf file, and add the following lines:

## Keep the entropy at full up
kernel.random.write_wakeup_threshold = 4096

Then run:

# sysctl -p
kernel.random.write_wakeup_threshold = 4096

Or, haveged ships with a configuration file to set this automatically when the daemon starts, and this should probably be the preferred way for setting it. Change the /etc/default/haveged file to use 4096 instead of 1024:

# Configuration file for haveged

# Options to pass to haveged:
#   -w sets low entropy watermark (in bits)
DAEMON_ARGS="-w 4096"

Then restart haveged:

# /etc/init.d/haveged restart
 * Restarting entropy daemon haveged
    ...done.

Now, check your Munin graphs (or whatever), and notice that your entropy never deviates from full up. Rawk.

{ 4 } Comments

  1. Yorokobi using Google Chrome 21.0.1180.89 on GNU/Linux 64 bits | September 21, 2012 at 8:51 am | Permalink

    Did you notice -w is only effective in run level 0? From haveged(8):

    -w nnn, --write=nnn
    Set write_wakeup_threshold of daemon interface to nnn bits. Applies only to run level 0.

  2. Yorokobi using Google Chrome 21.0.1180.89 on GNU/Linux 64 bits | September 21, 2012 at 8:54 am | Permalink

    And reading further I see that the run level context is for haveged itself, not the OS. haveged run level 0: daemon mode. Doh!

  3. Aaron Toponce using Debian IceWeasel 10.0.7 on GNU/Linux 64 bits | September 22, 2012 at 12:27 pm | Permalink

    :)

  4. Natrinicle using Google Chrome 33.0.1707.0 on GNU/Linux 64 bits | November 18, 2013 at 4:47 pm | Permalink

    Found a slight modification to the configuration when using systemd and the testing or above version (as of writing 1.7c) or above. The systemd service doesn't honor /etc/default/haveged and instead uses /lib/systemd/system/haveged.service. After modifying the file from "-w 1024" to "-w 4096" you will want to issue "systemctl --system daemon-reload" and restart the service to see the changes.

Post a Comment

Your email is never published nor shared.

Switch to our mobile site