From: hpas@zytor.com
To: Matt Mackall <mpm@selenic.com>
Cc: Jarod Wilson <jarod@redhat.com>,
linux-crypto@vger.kernel.org,
"Venkatesh Pallipadi (Venki)" <venki@google.com>,
Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
John Stultz <johnstul@us.ibm.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>,
Steve Grubb <sgrubb@redhat.com>,
Fenghua Yu <fenghua.yu@intel.com>
Subject: Re: [PATCH 0/5] Feed entropy pool via high-resolution clocksources
Date: Fri, 17 Jun 2011 12:48:05 -0700 [thread overview]
Message-ID: <4DFBAF75.30505@zytor.com> (raw)
In-Reply-To: <1308093142.15617.233.camel@calx>
On 06/14/2011 04:12 PM, Matt Mackall wrote:
>
> Various people have offered to spend some time fixing this; I haven't
> had time to look at it for a while.
>
So on my (long...) list of things to do for a while is enablement of
RDRAND, which is a new instruction in Ivy Bridge disclosed in the latest
few revisions of the AVX spec and is now in the SDM (the functional
description is in vol 1, section 7.3.18 of the May 2011 edition.)
Fenghua Yu did an initial enabling patch, but we have had to make some
changes.
>From the SDM:
"The random numbers that are returned by the RDRAND instruction are
supplied by a cryptographically secure Random Number Generator that
employs a hardware DRBG (Digital Random Bit Generator, also known as a
Pseudo Random Number Generator) seeded by a hardware NRBG
(Nondeterministic Random Bit Generator, also known as a TRNG or True
Random Number generator).
In order for the hardware design to meet its security goals, the random
number generator continuously tests itself and the random data it is
generating. Runtime failures in the random number generator circuitry or
statistically anomalous data occurring by chance will be detected by the
self test hardware and flag the resulting data as being bad. In such
extremely rare cases, the RDRAND instruction will return no data instead
of bad data."
Additionally, there is a software enabling guide containing a *lot* more
detail at:
http://tinyurl.com/6x6dmd2/
This basically means it is similar in behavior to our /dev/urandom in
that it may gracefully degrade to a PRNG for short stretches of time,
but will not degrade to a PRNG for an extended time, nor will it produce
guessable data, ever; instead it will "fail shut."
The one use case that it is cryptographically insufficient for is to
seed a new PRNG, which probably means it is unsuitable for being fed
as-is into /dev/random.
-hpa
next prev parent reply other threads:[~2011-06-17 19:48 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-13 22:06 [PATCH 0/5] Feed entropy pool via high-resolution clocksources Jarod Wilson
2011-06-13 22:06 ` [PATCH 1/5] random: add new clocksource entropy interface Jarod Wilson
2011-06-13 22:06 ` [PATCH 2/5] clocksource: add support for entropy-generation function Jarod Wilson
2011-06-17 20:52 ` Thomas Gleixner
2011-06-17 21:19 ` Jarod Wilson
2011-06-13 22:06 ` [PATCH 3/5] hpet: wire up entropy generation function Jarod Wilson
2011-06-13 22:06 ` [PATCH 4/5] tsc: " Jarod Wilson
2011-06-13 22:27 ` Venkatesh Pallipadi
2011-06-13 22:35 ` Jarod Wilson
2011-06-13 22:36 ` H. Peter Anvin
2011-06-13 23:10 ` Matt Mackall
2011-06-14 18:11 ` H. Peter Anvin
2011-06-14 0:39 ` Kent Borg
2011-06-14 1:47 ` H. Peter Anvin
2011-06-14 12:39 ` Kent Borg
2011-06-14 14:33 ` Matt Mackall
2011-06-14 17:48 ` Kent Borg
2011-06-14 18:00 ` Matt Mackall
2011-06-14 20:04 ` Kent Borg
2011-06-14 21:04 ` Matt Mackall
2011-06-14 14:02 ` Jarod Wilson
2011-06-13 23:55 ` Kent Borg
2011-06-17 20:58 ` Thomas Gleixner
2011-06-13 22:06 ` [PATCH 5/5] misc: add clocksource-based entropy generation driver Jarod Wilson
2011-06-17 21:01 ` Thomas Gleixner
2011-06-13 22:38 ` [PATCH 0/5] Feed entropy pool via high-resolution clocksources john stultz
2011-06-14 14:25 ` Jarod Wilson
2011-06-13 23:15 ` Matt Mackall
2011-06-14 15:18 ` Jarod Wilson
2011-06-14 15:22 ` Jarod Wilson
2011-06-14 17:13 ` Matt Mackall
2011-06-14 20:17 ` Jarod Wilson
2011-06-14 21:45 ` Matt Mackall
2011-06-14 22:51 ` Jarod Wilson
2011-06-14 23:12 ` Matt Mackall
2011-06-15 14:49 ` Jarod Wilson
2011-06-15 20:06 ` Matt Mackall
2011-06-17 18:51 ` Jarod Wilson
2011-06-17 19:29 ` Neil Horman
2011-06-17 20:46 ` Matt Mackall
2011-06-17 19:48 ` hpas [this message]
2011-06-17 20:28 ` Matt Mackall
2011-06-18 22:40 ` H. Peter Anvin
2011-06-19 13:38 ` Neil Horman
2011-06-19 15:07 ` Herbert Xu
2011-06-20 0:01 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DFBAF75.30505@zytor.com \
--to=hpas@zytor.com \
--cc=davem@davemloft.net \
--cc=fenghua.yu@intel.com \
--cc=herbert@gondor.hengli.com.au \
--cc=jarod@redhat.com \
--cc=johnstul@us.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=sgrubb@redhat.com \
--cc=tglx@linutronix.de \
--cc=venki@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).