Hi,
while reading through the analysis of the Linux RNG by the BSI [1][2],
I was suprised by the lack of reflecting on the usage of HWRNGs except RDRAND/RDSEED.
In the paper it was mentioned that if the quality attribute of a regular hwrng is not set
(or specified via the module parameter default_quality for all hwrng) the HWRNG is not used at all.
Only very few set this attribute explictly, and the default is 0,
so even if we enable these HWRNGs in the kernel config, they are not used?
I read through the hw_random code and came to the same conclusion - but is this correct and desired?
Specifically since you can set the 'default value' only for every hwrng but not overwrite the quality for a specific device.
e.g. the quite good tpm hwrng of my ifx tpm would not be used and
if I set the default_quality to something other than 0, other devices would be used, which I would not want to.
Is this understanding correct?
Thanks,
Peter
(tpm maintainer)
[1] https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html
[2] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Am Dienstag, 5. September 2017, 15:54:02 CEST schrieb Peter Huewe:
Hi Peter,
> Hi,
>
> while reading through the analysis of the Linux RNG by the BSI [1][2],
> I was suprised by the lack of reflecting on the usage of HWRNGs except
> RDRAND/RDSEED.
Sure, the study is about assessing entropy. How can one assess entropy when no
access to noise sources is possible?
>
> In the paper it was mentioned that if the quality attribute of a regular
> hwrng is not set (or specified via the module parameter default_quality for
> all hwrng) the HWRNG is not used at all. Only very few set this attribute
> explictly, and the default is 0,
> so even if we enable these HWRNGs in the kernel config, they are not used?
Yes, see drivers/char/hw_random/core.c:
if (current_quality == 0 && hwrng_fill)
kthread_stop(hwrng_fill);
if (current_quality > 0 && !hwrng_fill)
start_khwrngd();
>
> I read through the hw_random code and came to the same conclusion - but is
> this correct and desired?
If the quality is marked as 0, it is considered to provide no entropy. Thus,
it will not change the blocking behavior of /dev/random.
As the in-kernel path in core.c with add_hwgenerator_randomness shall
eliminate the need for rngd for those hardware RNGs, the current approach
makes sense.
Though, the current implementation cannnot be used to simply mix the
input_pool with a hardware RNG that is assumed to provide no entropy.
>
> Specifically since you can set the 'default value' only for every hwrng but
> not overwrite the quality for a specific device. e.g. the quite good tpm
> hwrng of my ifx tpm would not be used and
> if I set the default_quality to something other than 0, other devices would
> be used, which I would not want to.
>
> Is this understanding correct?
>
>
> Thanks,
> Peter
> (tpm maintainer)
>
>
>
> [1] https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html
> [2]
> https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/L
> inuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Ciao
Stephan
Hi Peter,
On 5 September 2017 7:24:02 PM IST, Peter Huewe <[email protected]> wrote:
>Hi,
>
>while reading through the analysis of the Linux RNG by the BSI [1][2],
>I was suprised by the lack of reflecting on the usage of HWRNGs except
>RDRAND/RDSEED.
>
>In the paper it was mentioned that if the quality attribute of a
>regular hwrng is not set
>(or specified via the module parameter default_quality for all hwrng)
>the HWRNG is not used at all.
>Only very few set this attribute explictly, and the default is 0,
>so even if we enable these HWRNGs in the kernel config, they are not
>used?
>
>I read through the hw_random code and came to the same conclusion - but
>is this correct and desired?
If the quality of RNG source is not set or set to 0 then hwrng does not use the data to seed /dev/random.
>Specifically since you can set the 'default value' only for every hwrng
>but not overwrite the quality for a specific device.
>e.g. the quite good tpm hwrng of my ifx tpm would not be used and
>if I set the default_quality to something other than 0, other devices
>would be used, which I would not want to.
Device with high quality will be used by default. But user space can tell hwrng to use a particular device even if it is not the best RNG source. But it won't be used for seeing /dev/random even in this case.
Every instance of hw_random structure represents a RNG device. If you can use different instance for every TPM chip then setting different quality value is possible.
I have an untested patch that allocates different hw_random structure instance for every TPM chip and registers with hwrng on tpm_chip_register. I made the change for fixing some other issue but did not get time to test it. If that patch will be helpful I can find it out and post the patch as RFC tomorrow.
>
>Is this understanding correct?
>
>
>Thanks,
>Peter
>(tpm maintainer)
>
>
>
>[1]
>https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html
>[2]
>https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Regards,
PrasannaKumar
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.