From owner-freebsd-current@FreeBSD.ORG Sun Sep 2 10:34:11 2012 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3A7C6106566B for ; Sun, 2 Sep 2012 10:34:11 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 926978FC0C for ; Sun, 2 Sep 2012 10:34:09 +0000 (UTC) Received: from skuns.kiev.zoral.com.ua (localhost [127.0.0.1]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id q82AYIfW017622 for ; Sun, 2 Sep 2012 13:34:18 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5) with ESMTP id q82AY6mZ024811 for ; Sun, 2 Sep 2012 13:34:06 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5/Submit) id q82AY6os024810 for current@freebsd.org; Sun, 2 Sep 2012 13:34:06 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 2 Sep 2012 13:34:06 +0300 From: Konstantin Belousov To: current@freebsd.org Message-ID: <20120902103406.GU33100@deviant.kiev.zoral.com.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vX4pGA+I6ZThi/bt" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: Subject: Bull Mountain (IvyBridge +) random number generator X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Sep 2012 10:34:11 -0000 --vX4pGA+I6ZThi/bt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. Thanks. --vX4pGA+I6ZThi/bt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBDNh4ACgkQC3+MBN1Mb4iDyQCdFEfLX2PL9oGK2wsNPK/m8zAk HkgAoPdlrSbZXf5iBrllCo4rc1vvtM6J =EOI8 -----END PGP SIGNATURE----- --vX4pGA+I6ZThi/bt--