[BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Diederik de Haas]

[-- Attachment #1: Type: text/plain, Size: 1414 bytes --]

Hi,

I recently bought an Asus ROG STRIX B550-F GAMING MB with an
AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
and it seems to work great.
I've been doing some (unrelated) tests with `rngtest` from the
`rng-tools5` package and wondered how it would fare on my AMD CPU.

And I found out it doesn't work at all!
But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
AMD Ryzen 1800X CPU) it works absolutely fine.

# dmesg | grep ccp
[    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
be running a broken BIOS.
[    5.401031] ccp 0000:07:00.2: tee enabled
[    5.401113] ccp 0000:07:00.2: psp enabled

Found an article [1] which could be relevant and downloaded and ran the
accompanying test program (written by Jason Donenfeld):
# ./amd-rdrand-bug
Your RDRAND() does not have the AMD bug.
# ./test-rdrand
RDRAND() = 0x47c993c0
RDRAND() = 0xec7c697d
... (more seemingly random numbers)
RDRAND() = 0xba858101

I tried it with the latest microcode dd 2024-07-10, but that didn't make
a difference.

So I'd like to know if this may actually be a bug on the kernel side.

Happy to provide additional information or run tests or try patches.

Cheers,
  Diederik

[1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Tom Lendacky]

On 8/15/24 08:56, Diederik de Haas wrote:
> Hi,
> 
> I recently bought an Asus ROG STRIX B550-F GAMING MB with an
> AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
> I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
> and it seems to work great.
> I've been doing some (unrelated) tests with `rngtest` from the
> `rng-tools5` package and wondered how it would fare on my AMD CPU.

I'm not very familiar with this test. What is the command line that you
are using to invoke it?

> 
> And I found out it doesn't work at all!
> But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
> AMD Ryzen 1800X CPU) it works absolutely fine.
> 
> # dmesg | grep ccp
> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> be running a broken BIOS.
> [    5.401031] ccp 0000:07:00.2: tee enabled
> [    5.401113] ccp 0000:07:00.2: psp enabled

Which system is this output from?

Can you provide the output from lspci -nn?

Thanks,
Tom

> 
> Found an article [1] which could be relevant and downloaded and ran the
> accompanying test program (written by Jason Donenfeld):
> # ./amd-rdrand-bug
> Your RDRAND() does not have the AMD bug.
> # ./test-rdrand
> RDRAND() =x47c993c0
> RDRAND() =xec7c697d
> ... (more seemingly random numbers)
> RDRAND() =xba858101
> 
> I tried it with the latest microcode dd 2024-07-10, but that didn't make
> a difference.
> 
> So I'd like to know if this may actually be a bug on the kernel side.
> 
> Happy to provide additional information or run tests or try patches.
> 
> Cheers,
>   Diederik
> 
> [1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Diederik de Haas]

[-- Attachment #1: Type: text/plain, Size: 6343 bytes --]

On Thu Aug 15, 2024 at 4:16 PM CEST, Tom Lendacky wrote:
> On 8/15/24 08:56, Diederik de Haas wrote:
> > I recently bought an Asus ROG STRIX B550-F GAMING MB with an
> > AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
> > I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
> > and it seems to work great.
> > I've been doing some (unrelated) tests with `rngtest` from the
> > `rng-tools5` package and wondered how it would fare on my AMD CPU.
>
> I'm not very familiar with this test. What is the command line that you
> are using to invoke it?

```
root@cs04:~# cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
cat: /dev/hwrng: No such device
rngtest: entropy source drained
```

Or when using ``dd`` you'd get a similar output:

```
root@cs04:~# dd if=/dev/hwrng bs%6 | rngtest -c 1000
rngtest 5
...

rngtest: starting FIPS tests...
dd: error reading '/dev/hwrng': No such device
0+0 records in
0+0 records out
rngtest: entropy source drained
0 bytes copied, 4.8214e-05 s, 0.0 kB/s
``

Debian package page: https://packages.debian.org/unstable/rng-tools5
Debian hasn't switched to the new upstream (yet?), but that can be found
here: https://github.com/nhorman/rng-tools

> > And I found out it doesn't work at all!
> > But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
> > AMD Ryzen 1800X CPU) it works absolutely fine.
> >
> > # dmesg | grep ccp
> > [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> > be running a broken BIOS.
> > [    5.401031] ccp 0000:07:00.2: tee enabled
> > [    5.401113] ccp 0000:07:00.2: psp enabled
>
> Which system is this output from?

My new system ("cs04") with AMD Ryzen 5 5500GT CPU/APU.

> Can you provide the output from lspci -nn?

```
root@cs04:~# lspci -nn
00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU [1022:1631]
00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
00:02.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus [1022:1635]
00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller [1022:790b] (rev 51)
00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge [1022:790e] (rev 51)
00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 [1022:166a]
00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 [1022:166b]
00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 [1022:166c]
00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 [1022:166d]
00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 [1022:166e]
00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 [1022:166f]
00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 [1022:1670]
00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 [1022:1671]
01:00.0 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset USB 3.1 XHCI Controller [1022:43ee]
01:00.1 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset SATA Controller [1022:43eb]
01:00.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset Switch Upstream Port [1022:43e9]
02:00.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
02:08.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
02:09.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
05:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 03)
06:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO [144d:a80a]
07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev c9)
07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
07:00.2 Encryption controller [1080]: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor [1022:15df]
07:00.3 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
07:00.4 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller [1022:15e3]
```

Cheers,
  Diederik

> Thanks,
> Tom
>
> >
> > Found an article [1] which could be relevant and downloaded and ran the
> > accompanying test program (written by Jason Donenfeld):
> > # ./amd-rdrand-bug
> > Your RDRAND() does not have the AMD bug.
> > # ./test-rdrand
> > RDRAND() =x47c993c0
> > RDRAND() =xec7c697d
> > ... (more seemingly random numbers)
> > RDRAND() =xba858101
> >
> > I tried it with the latest microcode dd 2024-07-10, but that didn't make
> > a difference.
> >
> > So I'd like to know if this may actually be a bug on the kernel side.
> >
> > Happy to provide additional information or run tests or try patches.
> >
> > Cheers,
> >   Diederik
> >
> > [1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Tom Lendacky]

On 8/15/24 09:40, Diederik de Haas wrote:
> On Thu Aug 15, 2024 at 4:16 PM CEST, Tom Lendacky wrote:
>> On 8/15/24 08:56, Diederik de Haas wrote:
>>> I recently bought an Asus ROG STRIX B550-F GAMING MB with an
>>> AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
>>> I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
>>> and it seems to work great.
>>> I've been doing some (unrelated) tests with `rngtest` from the
>>> `rng-tools5` package and wondered how it would fare on my AMD CPU.
>>
>> I'm not very familiar with this test. What is the command line that you
>> are using to invoke it?
> 
> ```
> root@cs04:~# cat /dev/hwrng | rngtest -c 1000
> rngtest 5
> Copyright (c) 2004 by Henrique de Moraes Holschuh
> This is free software; see the source for copying conditions.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS
> FOR A PARTICULAR PURPOSE.
> 
> rngtest: starting FIPS tests...
> cat: /dev/hwrng: No such device
> rngtest: entropy source drained

Ok, this makes sense since you are using /dev/hwrng. This device does
not exist because the CCP support in the ccp driver did not create one.
It appears that the BIOS has blocked access to the MMIO range for the
CCP so that during initialization, when attempting to read the number of
queues available, 0xffffffff is read instead of the actual number of
queues available, which as Jason noted, results in the "broken BIOS"
message.

This may not matter, though. I don't know if this version of the ASP/CCP
device (1022:15df) provides any queues to the OS to use.

The fact that there is no /dev/hwrng device is not a kernel bug, though.

Thanks,
Tom

> ```
> 
> Or when using ``dd`` you'd get a similar output:
> 
> ```
> root@cs04:~# dd if=ev/hwrng bs%6 | rngtest -c 1000
> rngtest 5
> ...
> 
> rngtest: starting FIPS tests...
> dd: error reading '/dev/hwrng': No such device
> 0+0 records in
> 0+0 records out
> rngtest: entropy source drained
> 0 bytes copied, 4.8214e-05 s, 0.0 kB/s
> ``
> 
> Debian package page: https://packages.debian.org/unstable/rng-tools5
> Debian hasn't switched to the new upstream (yet?), but that can be found
> here: https://github.com/nhorman/rng-tools
> 
>>> And I found out it doesn't work at all!
>>> But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
>>> AMD Ryzen 1800X CPU) it works absolutely fine.
>>>
>>> # dmesg | grep ccp
>>> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
>>> be running a broken BIOS.
>>> [    5.401031] ccp 0000:07:00.2: tee enabled
>>> [    5.401113] ccp 0000:07:00.2: psp enabled
>>
>> Which system is this output from?
> 
> My new system ("cs04") with AMD Ryzen 5 5500GT CPU/APU.
> 
>> Can you provide the output from lspci -nn?
> 
> ```
> root@cs04:~# lspci -nn
> 00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
> 00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU [1022:1631]
> 00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> 00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> 00:02.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> 00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> 00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> 00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus [1022:1635]
> 00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller [1022:790b] (rev 51)
> 00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge [1022:790e] (rev 51)
> 00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 [1022:166a]
> 00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 [1022:166b]
> 00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 [1022:166c]
> 00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 [1022:166d]
> 00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 [1022:166e]
> 00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 [1022:166f]
> 00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 [1022:1670]
> 00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 [1022:1671]
> 01:00.0 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset USB 3.1 XHCI Controller [1022:43ee]
> 01:00.1 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset SATA Controller [1022:43eb]
> 01:00.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset Switch Upstream Port [1022:43e9]
> 02:00.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> 02:08.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> 02:09.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> 05:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 03)
> 06:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO [144d:a80a]
> 07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev c9)
> 07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
> 07:00.2 Encryption controller [1080]: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor [1022:15df]
> 07:00.3 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> 07:00.4 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> 07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller [1022:15e3]
> ```
> 
> Cheers,
>   Diederik
> 
>> Thanks,
>> Tom
>>
>>>
>>> Found an article [1] which could be relevant and downloaded and ran the
>>> accompanying test program (written by Jason Donenfeld):
>>> # ./amd-rdrand-bug
>>> Your RDRAND() does not have the AMD bug.
>>> # ./test-rdrand
>>> RDRAND() =7c993c0
>>> RDRAND() =c7c697d
>>> ... (more seemingly random numbers)
>>> RDRAND() =a858101
>>>
>>> I tried it with the latest microcode dd 2024-07-10, but that didn't make
>>> a difference.
>>>
>>> So I'd like to know if this may actually be a bug on the kernel side.
>>>
>>> Happy to provide additional information or run tests or try patches.
>>>
>>> Cheers,
>>>   Diederik
>>>
>>> [1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
> 

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Diederik de Haas]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 8337 bytes --]

On Thu Aug 15, 2024 at 4:53 PM CEST, Tom Lendacky wrote:
> On 8/15/24 09:40, Diederik de Haas wrote:
> > On Thu Aug 15, 2024 at 4:16 PM CEST, Tom Lendacky wrote:
> >> On 8/15/24 08:56, Diederik de Haas wrote:
> >>> I recently bought an Asus ROG STRIX B550-F GAMING MB with an
> >>> AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
> >>> I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
> >>> and it seems to work great.
> >>> I've been doing some (unrelated) tests with `rngtest` from the
> >>> `rng-tools5` package and wondered how it would fare on my AMD CPU.
> >>
> >> I'm not very familiar with this test. What is the command line that you
> >> are using to invoke it?
> >
> > ```
> > root@cs04:~# cat /dev/hwrng | rngtest -c 1000
> > rngtest 5
> > Copyright (c) 2004 by Henrique de Moraes Holschuh
> > This is free software; see the source for copying conditions.
> > There is NO warranty; not even for MERCHANTABILITY or FITNESS
> > FOR A PARTICULAR PURPOSE.
> >
> > rngtest: starting FIPS tests...
> > cat: /dev/hwrng: No such device
> > rngtest: entropy source drained
>
> Ok, this makes sense since you are using /dev/hwrng. This device does
> not exist because the CCP support in the ccp driver did not create one.
> It appears that the BIOS has blocked access to the MMIO range for the
> CCP so that during initialization, when attempting to read the number of
> queues available, 0xffffffff is read instead of the actual number of
> queues available, which as Jason noted, results in the "broken BIOS"
> message.

Ok, so the BIOS is broken. Good to know. Thanks :)

> This may not matter, though. I don't know if this version of the ASP/CCP
> device (1022:15df) provides any queues to the OS to use.

But I don't know how to interpret this?

I initially contacted Asus (HQ) and they apparently had contact with AMD
about this. I was 'a bit' flabbergasted about the response though:

"We have confirmed with AMD that the Linux system supported by the customer's
CPU (AMD Ryzen 5 5500GT) is Ubuntu:20.04.x.
The corresponding Linux Kernel version is between 5.4 and 5.8, and the
customer's OS version is Linux Kernel version: 6.9.10.
The CPU is not supported."

I have no idea how Ubuntu 20.04 and kernel 5.4 got into that communication
as I clearly said I tested it with Debian and kernel 6.9 and 6.10.
Basically the same as here, except more extensive/detailed.

> The fact that there is no /dev/hwrng device is not a kernel bug, though.
>
> Thanks,
> Tom

Thanks for the responses, much appreciated :-)

Cheers,
  Diederik

> > ```
> >
> > Or when using ``dd`` you'd get a similar output:
> >
> > ```
> > root@cs04:~# dd if=/dev/hwrng bs%6 | rngtest -c 1000
> > rngtest 5
> > ...
> >
> > rngtest: starting FIPS tests...
> > dd: error reading '/dev/hwrng': No such device
> > 0+0 records in
> > 0+0 records out
> > rngtest: entropy source drained
> > 0 bytes copied, 4.8214e-05 s, 0.0 kB/s
> > ``
> >
> > Debian package page: https://packages.debian.org/unstable/rng-tools5
> > Debian hasn't switched to the new upstream (yet?), but that can be found
> > here: https://github.com/nhorman/rng-tools
> >
> >>> And I found out it doesn't work at all!
> >>> But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
> >>> AMD Ryzen 1800X CPU) it works absolutely fine.
> >>>
> >>> # dmesg | grep ccp
> >>> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> >>> be running a broken BIOS.
> >>> [    5.401031] ccp 0000:07:00.2: tee enabled
> >>> [    5.401113] ccp 0000:07:00.2: psp enabled
> >>
> >> Which system is this output from?
> >
> > My new system ("cs04") with AMD Ryzen 5 5500GT CPU/APU.
> >
> >> Can you provide the output from lspci -nn?
> >
> > ```
> > root@cs04:~# lspci -nn
> > 00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
> > 00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU [1022:1631]
> > 00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:02.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> > 00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> > 00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus [1022:1635]
> > 00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller [1022:790b] (rev 51)
> > 00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge [1022:790e] (rev 51)
> > 00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 [1022:166a]
> > 00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 [1022:166b]
> > 00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 [1022:166c]
> > 00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 [1022:166d]
> > 00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 [1022:166e]
> > 00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 [1022:166f]
> > 00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 [1022:1670]
> > 00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 [1022:1671]
> > 01:00.0 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset USB 3.1 XHCI Controller [1022:43ee]
> > 01:00.1 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset SATA Controller [1022:43eb]
> > 01:00.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset Switch Upstream Port [1022:43e9]
> > 02:00.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 02:08.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 02:09.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 05:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 03)
> > 06:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO [144d:a80a]
> > 07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev c9)
> > 07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
> > 07:00.2 Encryption controller [1080]: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor [1022:15df]
> > 07:00.3 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> > 07:00.4 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> > 07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller [1022:15e3]
> > ```
> >
> > Cheers,
> >   Diederik
> >
> >> Thanks,
> >> Tom
> >>
> >>>
> >>> Found an article [1] which could be relevant and downloaded and ran the
> >>> accompanying test program (written by Jason Donenfeld):
> >>> # ./amd-rdrand-bug
> >>> Your RDRAND() does not have the AMD bug.
> >>> # ./test-rdrand
> >>> RDRAND() |993c0
> >>> RDRAND() Çc697d
> >>> ... (more seemingly random numbers)
> >>> RDRAND() ¨58101
> >>>
> >>> I tried it with the latest microcode dd 2024-07-10, but that didn't make
> >>> a difference.
> >>>
> >>> So I'd like to know if this may actually be a bug on the kernel side.
> >>>
> >>> Happy to provide additional information or run tests or try patches.
> >>>
> >>> Cheers,
> >>>   Diederik
> >>>
> >>> [1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
> >


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Jason A. Donenfeld]

On Thu, Aug 15, 2024 at 03:56:26PM +0200, Diederik de Haas wrote:
> Found an article [1] which could be relevant and downloaded and ran the
> accompanying test program (written by Jason Donenfeld):
> # ./amd-rdrand-bug
> Your RDRAND() does not have the AMD bug.
> # ./test-rdrand
> RDRAND() = 0x47c993c0
> RDRAND() = 0xec7c697d
> ... (more seemingly random numbers)
> RDRAND() = 0xba858101

RDRAND isn't the same as CCP.

> # dmesg | grep ccp
> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> be running a broken BIOS.
> [    5.401031] ccp 0000:07:00.2: tee enabled
> [    5.401113] ccp 0000:07:00.2: psp enabled

Looks like the kernel reports CCP as broken. As the above RDRAND test
doesn't indicate anything about CCP, I don't see rationale for that
determination to be wrong.

Actual test code is in drivers/crypto/ccp/ccp-dev-v5.c:

        /* Find available queues */
        qmr = ioread32(ccp->io_regs + Q_MASK_REG);
        /*
         * Check for a access to the registers.  If this read returns
         * 0xffffffff, it's likely that the system is running a broken
         * BIOS which disallows access to the device. Stop here and fail
         * the initialization (but not the load, as the PSP could get                       * properly initialized).                                                           */
        if (qmr == 0xffffffff) {                                                                   dev_notice(dev, "ccp: unable to access the device: you might be running a broken BIOS.\n");                                                                           return 1;                                                                  }

Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

[Diederik de Haas]

[-- Attachment #1: Type: text/plain, Size: 2058 bytes --]

On Thu Aug 15, 2024 at 4:22 PM CEST, Jason A. Donenfeld wrote:
> On Thu, Aug 15, 2024 at 03:56:26PM +0200, Diederik de Haas wrote:
> > Found an article [1] which could be relevant and downloaded and ran the
> > accompanying test program (written by Jason Donenfeld):
> > # ./amd-rdrand-bug
> > Your RDRAND() does not have the AMD bug.
> > # ./test-rdrand
> > RDRAND() = 0x47c993c0
> > RDRAND() = 0xec7c697d
> > ... (more seemingly random numbers)
> > RDRAND() = 0xba858101
>
> RDRAND isn't the same as CCP.

Ok. I don't know/understand enough to make that distinction.

> > # dmesg | grep ccp
> > [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> > be running a broken BIOS.
> > [    5.401031] ccp 0000:07:00.2: tee enabled
> > [    5.401113] ccp 0000:07:00.2: psp enabled
>
> Looks like the kernel reports CCP as broken. As the above RDRAND test
> doesn't indicate anything about CCP, I don't see rationale for that
> determination to be wrong.

It could indeed be correct and that my BIOS is indeed broken.

> Actual test code is in drivers/crypto/ccp/ccp-dev-v5.c:
>
>         /* Find available queues */
>         qmr = ioread32(ccp->io_regs + Q_MASK_REG);
>         /*
>          * Check for a access to the registers.  If this read returns
>          * 0xffffffff, it's likely that the system is running a broken
>          * BIOS which disallows access to the device. Stop here and fail
>          * the initialization (but not the load, as the PSP could get
>          * properly initialized).
>          */
>         if (qmr == 0xffffffff) {
>             dev_notice(dev, "ccp: unable to access the device: you might be running a broken BIOS.\n");
>             return 1;
>         }

Yeah, I did find that and that's how I got to the recipient list.
In the linked article the author did receive all 0xffffffff, while I
didn't and that's why I wondered if there *could* be an issue there.
But as I don't understand this enough, I asked the experts.

Cheers,
  Diederik

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]