Date: Fri, 12 Oct 2012 19:48:57 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> Cc: current@freebsd.org Subject: Re: Bull Mountain (IvyBridge +) random number generator Message-ID: <20121012164857.GS35915@deviant.kiev.zoral.com.ua> In-Reply-To: <5077D9EF.4040500@omnilan.de> References: <20120902103406.GU33100@deviant.kiev.zoral.com.ua> <5077D9EF.4040500@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--iPQdpvQZPHatbiDE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 12, 2012 at 10:50:55AM +0200, Harald Schmalzbauer wrote: > schrieb Konstantin Belousov am 02.09.2012 12:34 (localtime): > > It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have > > built-in hardware random number generator, which is claimed to be both > > very fast and high quality. Generator is accessible using non-privileged > > RDRAND instruction. It is claimed that CPU performs sanitization of the > > random sequence. In particular, it seems that paranoid AES encryption of > > the raw random stream, performed by our padlock driver, is not needed > > for Bull Mountain (there are hints that hardware performs it already). > > > > See > > http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnum= ber-generator/0 > > http://software.intel.com/en-us/articles/intel-digital-random-number-ge= nerator-drng-software-implementation-guide/ > > and IA32 ADM. > > > > Patch at > > http://people.freebsd.org/~kib/misc/bull_mountain.2.patch > > implements support for the generator. I do not own any IvyBridge machin= es, > > so I cannot test. Patch makes both padlock and bull generators the opti= ons, > > you need to enable IVY_RNG to get support for the generator. > > > > I would be interested in seeing reports including verbose boot dmesg, > > and some tests of /dev/random quality on the IvyBridge machines, you can > > start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/0163= 28.html. >=20 > Thanks a lot for implementing this! > I have an ESXi host with Ivy Brindge CPU. > FreeBSD guest reports the following: > CPU: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz (3492.07-MHz K8-class CPU) > Origin =3D "GenuineIntel" Id =3D 0x306a9 Family =3D 6 Model =3D 3a= =20 > Stepping =3D 9 > =20 > Features=3D0x1fa3fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PG= E,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT> > =20 > Features2=3D0xfeba2203<SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2API= C,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV> > AMD Features=3D0x28100800<SYSCALL,NX,RDTSCP,LM> > AMD Features2=3D0x1<LAHF> > TSC: P-state invariant > real memory =3D 8589934592 (8192 MB) > avail memory =3D 8235110400 (7853 MB) > Event timer "LAPIC" quality 600 > ACPI APIC Table: <PTLTD APIC > > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > FreeBSD/SMP: 1 package(s) x 4 core(s) > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > cpu2 (AP): APIC ID: 2 > cpu3 (AP): APIC ID: 3 > MADT: Forcing active-low polarity and level trigger for SCI >=20 > But unfortunately accessing /dev/random doesn't work with IVY_RNG enabled. > 'dd' consumes 100% wcpu bound to one core but never finishes (dd > if=3D/dev/random bs=3D1k count=3D100|./ent) > Also some other functions are blocked, logging in for example (doesn't > matter if it's console or ssh). But I can walk arround in already > established sessions. >=20 > I made a 9.1-RC-2 debug kernel but no info appears. Also IVY_RNG isn't > reported after kldloading, nor during boot, but this is the expected > behaviour if I unterstand your patch correctly. >=20 > I guess using RDRAND in an hypervisor environment should make no > difference but please correct me if I'm wrong. Try the stable/9 instead. The code was merged in r240950. There was a bug in the original patch with the similar description. --iPQdpvQZPHatbiDE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlB4SfkACgkQC3+MBN1Mb4ho+wCfX6upQWcGde9FFE/cu1GWqj2z iC8AoI+89FDdJjbXXc3RXkLmhd/pKdJZ =7B27 -----END PGP SIGNATURE----- --iPQdpvQZPHatbiDE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121012164857.GS35915>