Or, How I Learned to Stop Worrying and Feed the Kernel Entropy
#!/bin/bash # mount_rng.sh — Bind hardware entropy to /dev/random if [ ! -c /dev/hwrng ]; then echo "No hardware RNG found." exit 1 fi rngd -r /dev/hwrng -o /dev/random --fill-watermark=2048 mount rng script
# Advanced version: mount_rng_secure.sh HWRNG=/dev/hwrng POOL=/dev/random WATERMARK=4096 dd if=$HWRNG bs=64 count=1 2>/dev/null | rngtest -c 64 || echo "CRITICAL: RNG source failing statistical tests." exit 2 Feed with rate-limiting (don't starve the hardware) while true; do need=$(cat /proc/sys/kernel/random/entropy_avail) if [ $need -lt $WATERMARK ]; then dd if=$HWRNG bs=512 count=1 2>/dev/null | cat > $POOL fi sleep 0.1 done Why "Mount"? The term is a beautiful anthropomorphism. In Unix, mounting makes a resource visible at a path. An RNG script mounts randomness into the system’s expectant void. It says: Here, kernel. Drink from this source of quantum tremors, of thermal noise, of diode avalanche. Be unpredictable again. The Philosophical Edge There is a deeper irony. We run mount RNG scripts to make our deterministic machines non -deterministic. We crave entropy for crypto, for secure boot, for lottery drawings. Yet the script itself—a sequence of predictable instructions—remains frozen. It is a spell cast by a clockwork mage. Or, How I Learned to Stop Worrying and
When /dev/random blocks, applications weep. gpg --gen-key stalls. ssh takes seven seconds to handshake. You check cat /proc/sys/kernel/random/entropy_avail . It reads 112 . You mutter a sysadmin curse. A hardware random number generator—an RNG—is a small silicon oracle. It might be a dedicated chip (TPM, Intel RDRAND), a USB dongle (OneRNG, ChaosKey), or even a Raspberry Pi’s noisy diode. The kernel sees it as a character device, typically /dev/hwrng . But that device does nothing on its own. It sits, unused, like a library of solutions to problems no one has asked. In Unix, mounting makes a resource visible at a path
You must mount the entropy source. The "mount rng script" isn't literally mounting a filesystem. It's a ritual of redirection: feeding the hardware RNG’s output into the kernel’s entropy pool. The classic incantation lives in rng-tools :