From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephan Mueller Subject: Re: (none) Date: Wed, 01 Jun 2016 07:53:38 +0200 Message-ID: <3022334.qkucHDndN1@tauon.atsec.com> References: <20160601045943.GA31881@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: noloader@gmail.com, linux-crypto@vger.kernel.org To: Herbert Xu Return-path: Received: from mail.eperm.de ([89.247.134.16]:35620 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757287AbcFAFxl (ORCPT ); Wed, 1 Jun 2016 01:53:41 -0400 In-Reply-To: <20160601045943.GA31881@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Am Mittwoch, 1. Juni 2016, 12:59:43 schrieb Herbert Xu: Hi Herbert, > Jeffrey Walton wrote: > > Please forgive my ignorance here... > > > > I have test system with a VIA C7-M processor and PM-400 chipset. This > > is one of those Thin Client/Internet of Things processor and chipsets > > I test security libraries on (like OpenSSL, Cryptlib and Crypto++). > > > > The processor includes the Padlock extensions. Padlock is similar to > > Intel's RDRAND, RDSEED and AES-NI, and it predates Intel's > > instructions by about a decade. > > > > The Padlock Security Engine can produce a stream of random numbers at > > megabits per socond, so I've been kind of surprised it has been > > > > suffering entropy depletion. Here's what the audit trail looks like: > > Testing operating system provided blocking random number generator... > > FAILED: it took 74 seconds to generate 5 bytes > > passed: 5 generated bytes compressed to 7 bytes by DEFLATE > > > > Above, the blocking RNG is drained. Then, 16 bytes are requested. It > > appears to take over one minute to gather five bytes when effectively > > an endless stream is available. > > > > My question is, is this system expected to suffer entropy depletion > > out of the box? Or are users expected to do something special so the > > system does not fail? > > I don't think anybody has written either an hwrng driver or a rdrand > hook for padlock. Patches are welcome. I thought via-rng.c covers the VIA Padlock RNG? Ciao Stephan