1*7a96be33SJonathan Neuschäfer================================= 2*7a96be33SJonathan NeuschäferHardware random number generators 3*7a96be33SJonathan Neuschäfer================================= 44f4cfa6cSMauro Carvalho Chehab 54f4cfa6cSMauro Carvalho ChehabIntroduction 64f4cfa6cSMauro Carvalho Chehab============ 74f4cfa6cSMauro Carvalho Chehab 84f4cfa6cSMauro Carvalho ChehabThe hw_random framework is software that makes use of a 94f4cfa6cSMauro Carvalho Chehabspecial hardware feature on your CPU or motherboard, 104f4cfa6cSMauro Carvalho Chehaba Random Number Generator (RNG). The software has two parts: 114f4cfa6cSMauro Carvalho Chehaba core providing the /dev/hwrng character device and its 124f4cfa6cSMauro Carvalho Chehabsysfs support, plus a hardware-specific driver that plugs 134f4cfa6cSMauro Carvalho Chehabinto that core. 144f4cfa6cSMauro Carvalho Chehab 154f4cfa6cSMauro Carvalho ChehabTo make the most effective use of these mechanisms, you 164f4cfa6cSMauro Carvalho Chehabshould download the support software as well. Download the 174f4cfa6cSMauro Carvalho Chehablatest version of the "rng-tools" package from the 184f4cfa6cSMauro Carvalho Chehabhw_random driver's official Web site: 194f4cfa6cSMauro Carvalho Chehab 204f4cfa6cSMauro Carvalho Chehab http://sourceforge.net/projects/gkernel/ 214f4cfa6cSMauro Carvalho Chehab 224f4cfa6cSMauro Carvalho ChehabThose tools use /dev/hwrng to fill the kernel entropy pool, 234f4cfa6cSMauro Carvalho Chehabwhich is used internally and exported by the /dev/urandom and 244f4cfa6cSMauro Carvalho Chehab/dev/random special files. 254f4cfa6cSMauro Carvalho Chehab 264f4cfa6cSMauro Carvalho ChehabTheory of operation 274f4cfa6cSMauro Carvalho Chehab=================== 284f4cfa6cSMauro Carvalho Chehab 294f4cfa6cSMauro Carvalho ChehabCHARACTER DEVICE. Using the standard open() 304f4cfa6cSMauro Carvalho Chehaband read() system calls, you can read random data from 314f4cfa6cSMauro Carvalho Chehabthe hardware RNG device. This data is NOT CHECKED by any 324f4cfa6cSMauro Carvalho Chehabfitness tests, and could potentially be bogus (if the 334f4cfa6cSMauro Carvalho Chehabhardware is faulty or has been tampered with). Data is only 344f4cfa6cSMauro Carvalho Chehaboutput if the hardware "has-data" flag is set, but nevertheless 354f4cfa6cSMauro Carvalho Chehaba security-conscious person would run fitness tests on the 364f4cfa6cSMauro Carvalho Chehabdata before assuming it is truly random. 374f4cfa6cSMauro Carvalho Chehab 384f4cfa6cSMauro Carvalho ChehabThe rng-tools package uses such tests in "rngd", and lets you 394f4cfa6cSMauro Carvalho Chehabrun them by hand with a "rngtest" utility. 404f4cfa6cSMauro Carvalho Chehab 414f4cfa6cSMauro Carvalho Chehab/dev/hwrng is char device major 10, minor 183. 424f4cfa6cSMauro Carvalho Chehab 434f4cfa6cSMauro Carvalho ChehabCLASS DEVICE. There is a /sys/class/misc/hw_random node with 444f4cfa6cSMauro Carvalho Chehabtwo unique attributes, "rng_available" and "rng_current". The 454f4cfa6cSMauro Carvalho Chehab"rng_available" attribute lists the hardware-specific drivers 464f4cfa6cSMauro Carvalho Chehabavailable, while "rng_current" lists the one which is currently 474f4cfa6cSMauro Carvalho Chehabconnected to /dev/hwrng. If your system has more than one 484f4cfa6cSMauro Carvalho ChehabRNG available, you may change the one used by writing a name from 494f4cfa6cSMauro Carvalho Chehabthe list in "rng_available" into "rng_current". 504f4cfa6cSMauro Carvalho Chehab 514f4cfa6cSMauro Carvalho Chehab========================================================================== 524f4cfa6cSMauro Carvalho Chehab 534f4cfa6cSMauro Carvalho Chehab 544f4cfa6cSMauro Carvalho ChehabHardware driver for Intel/AMD/VIA Random Number Generators (RNG) 554f4cfa6cSMauro Carvalho Chehab - Copyright 2000,2001 Jeff Garzik <jgarzik@pobox.com> 564f4cfa6cSMauro Carvalho Chehab - Copyright 2000,2001 Philipp Rumpf <prumpf@mandrakesoft.com> 574f4cfa6cSMauro Carvalho Chehab 584f4cfa6cSMauro Carvalho Chehab 594f4cfa6cSMauro Carvalho ChehabAbout the Intel RNG hardware, from the firmware hub datasheet 604f4cfa6cSMauro Carvalho Chehab============================================================= 614f4cfa6cSMauro Carvalho Chehab 624f4cfa6cSMauro Carvalho ChehabThe Firmware Hub integrates a Random Number Generator (RNG) 634f4cfa6cSMauro Carvalho Chehabusing thermal noise generated from inherently random quantum 644f4cfa6cSMauro Carvalho Chehabmechanical properties of silicon. When not generating new random 654f4cfa6cSMauro Carvalho Chehabbits the RNG circuitry will enter a low power state. Intel will 664f4cfa6cSMauro Carvalho Chehabprovide a binary software driver to give third party software 674f4cfa6cSMauro Carvalho Chehabaccess to our RNG for use as a security feature. At this time, 684f4cfa6cSMauro Carvalho Chehabthe RNG is only to be used with a system in an OS-present state. 694f4cfa6cSMauro Carvalho Chehab 704f4cfa6cSMauro Carvalho ChehabIntel RNG Driver notes 714f4cfa6cSMauro Carvalho Chehab====================== 724f4cfa6cSMauro Carvalho Chehab 734f4cfa6cSMauro Carvalho ChehabFIXME: support poll(2) 744f4cfa6cSMauro Carvalho Chehab 754f4cfa6cSMauro Carvalho Chehab.. note:: 764f4cfa6cSMauro Carvalho Chehab 774f4cfa6cSMauro Carvalho Chehab request_mem_region was removed, for three reasons: 784f4cfa6cSMauro Carvalho Chehab 794f4cfa6cSMauro Carvalho Chehab 1) Only one RNG is supported by this driver; 804f4cfa6cSMauro Carvalho Chehab 2) The location used by the RNG is a fixed location in 814f4cfa6cSMauro Carvalho Chehab MMIO-addressable memory; 824f4cfa6cSMauro Carvalho Chehab 3) users with properly working BIOS e820 handling will always 834f4cfa6cSMauro Carvalho Chehab have the region in which the RNG is located reserved, so 844f4cfa6cSMauro Carvalho Chehab request_mem_region calls always fail for proper setups. 854f4cfa6cSMauro Carvalho Chehab However, for people who use mem=XX, BIOS e820 information is 864f4cfa6cSMauro Carvalho Chehab **not** in /proc/iomem, and request_mem_region(RNG_ADDR) can 874f4cfa6cSMauro Carvalho Chehab succeed. 884f4cfa6cSMauro Carvalho Chehab 894f4cfa6cSMauro Carvalho ChehabDriver details 904f4cfa6cSMauro Carvalho Chehab============== 914f4cfa6cSMauro Carvalho Chehab 924f4cfa6cSMauro Carvalho ChehabBased on: 934f4cfa6cSMauro Carvalho Chehab Intel 82802AB/82802AC Firmware Hub (FWH) Datasheet 944f4cfa6cSMauro Carvalho Chehab May 1999 Order Number: 290658-002 R 954f4cfa6cSMauro Carvalho Chehab 964f4cfa6cSMauro Carvalho ChehabIntel 82802 Firmware Hub: 974f4cfa6cSMauro Carvalho Chehab Random Number Generator 984f4cfa6cSMauro Carvalho Chehab Programmer's Reference Manual 994f4cfa6cSMauro Carvalho Chehab December 1999 Order Number: 298029-001 R 1004f4cfa6cSMauro Carvalho Chehab 1014f4cfa6cSMauro Carvalho ChehabIntel 82802 Firmware HUB Random Number Generator Driver 1024f4cfa6cSMauro Carvalho Chehab Copyright (c) 2000 Matt Sottek <msottek@quiknet.com> 1034f4cfa6cSMauro Carvalho Chehab 1044f4cfa6cSMauro Carvalho ChehabSpecial thanks to Matt Sottek. I did the "guts", he 1054f4cfa6cSMauro Carvalho Chehabdid the "brains" and all the testing. 106