Date: Sun, 2 Sep 2012 13:34:06 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: current@freebsd.org Subject: Bull Mountain (IvyBridge +) random number generator Message-ID: <20120902103406.GU33100@deviant.kiev.zoral.com.ua>
next in thread | raw e-mail | index | archive | help
--vX4pGA+I6ZThi/bt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. Thanks. --vX4pGA+I6ZThi/bt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBDNh4ACgkQC3+MBN1Mb4iDyQCdFEfLX2PL9oGK2wsNPK/m8zAk HkgAoPdlrSbZXf5iBrllCo4rc1vvtM6J =EOI8 -----END PGP SIGNATURE----- --vX4pGA+I6ZThi/bt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120902103406.GU33100>