rng-tools and VIA chipsets with Padlock
Jeffrey Walton
noloader at gmail.com
Mon May 17 20:33:37 UTC 2021
Hi Everyone,
I have an old VIA C7-D machine I use for testing Padlock. Padlock is a
security engine provides AES, SHA and a RNG for some of the VIA
processors. (It predates Intel's gear by about 15 years).
With rng-tools installed I'm seeing failures in /dev/random. Draining
/dev/random and then trying to read from it is causing prolonged
blocking. Blocking should not occur since Padlock has a hardware RNG.
It also appears draining /dev/random is breaking /dev/urandom.
/dev/urandom is blocking on 1024 bytes. It took about 6 minutes to
read 1024 bytes from /dev/urandom after draining /dev/random.
I pinged Thorsten and Henrique but did not receive a response.
(Henrique is CC'd in case it fell off his radar).
I believe this is the package:
https://packages.ubuntu.com/bionic/rng-tools. But I may be mistaken.
My question is, is this something Ubuntu would like to investigate?
==========
$ lsb_release -a
No LSB modules are available.
Distributor ID: Peppermint
Description: Peppermint 10 Ten
Release: 10
Codename: bionic
$ apt-cache show rng-tools
Package: rng-tools
Architecture: i386
Version: 5-0ubuntu4
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 87
Provides: intel-rng-tools
Depends: libc6 (>= 2.4), libgcrypt20 (>= 1.8.0), udev (>= 0.053) |
makedev (>= 2.3.1-77)
Conflicts: intel-rng-tools
Replaces: intel-rng-tools
Filename: pool/universe/r/rng-tools/rng-tools_5-0ubuntu4_i386.deb
Size: 22424
MD5sum: 2d5fb50e664508b75cf5261a5ebd8257
SHA1: 229fd35e378f76f6a287a108d321e214602f2da5
SHA256: 946a8f199b1d9f392763871428cfd634702ef4640971a94d977f27fc8a9766bd
Description-en: Daemon to use a Hardware TRNG
The rngd daemon acts as a bridge between a Hardware TRNG (true random number
generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's
PRNG (pseudo-random number generator).
.
It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10)
tests to verify that it is indeed random, and feeds the random data to the
kernel entropy pool.
.
This increases the bandwidth of the /dev/random device, from a source that
does not depend on outside activity. It may also improve the quality
(entropy) of the randomness of /dev/random.
.
A TRNG kernel module such as hw_random, or some other source of true
entropy that is accessible as a device or fifo, is required to use this
package.
.
This is an unofficial version of rng-tools which has been extensively
modified to add multithreading and a lot of new functionality.
Description-md5: 6da2aca3dd07b55b609d9cf3d5d7cd57
More information about the Ubuntu-devel-discuss
mailing list