[coreboot] Asus Chromebox Panther: no HW RNG?

Tue Nov 27 16:34:40 CET 2018

On Tue, Nov 27, 2018 at 1:15 AM Grant Grundler <span> wrote:
>
> Hi!
> Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
> have a HW Random Number Generator:
>    https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
>
> (Intel calls it Secure Key)
>
> But "modprobe intel-rng" is failing with "No such device" (Debian
> 4.18.0-2-amd64 kernel).
>
> That's because there isn't one listed in "lspci" output:
> root at stoke:~# lspci -n
> 00:00.0 0600: 8086:0a04 (rev 09)
> 00:02.0 0300: 8086:0a06 (rev 09)
> 00:03.0 0403: 8086:0a0c (rev 09)
> 00:14.0 0c03: 8086:9c31 (rev 04)
> 00:16.0 0780: 8086:9c3a (rev 04)
> 00:1b.0 0403: 8086:9c20 (rev 04)
> 00:1c.0 0604: 8086:9c14 (rev e4)
> 00:1c.1 0604: 8086:9c16 (rev e4)
> 00:1c.2 0604: 8086:9c18 (rev e4)
> 00:1f.0 0601: 8086:9c45 (rev 04)
> 00:1f.2 0106: 8086:9c03 (rev 04)
> 00:1f.3 0c05: 8086:9c22 (rev 04)
> 00:1f.6 1180: 8086:9c24 (rev 04)
> 01:00.0 0200: 10ec:8168 (rev 0c)
> 02:00.0 0280: 168c:0034 (rev 01)
>
> Could Firmware add the HW RNG so intel-rng is happy?
>
> (I'll append human readable below)
>
> Current firmware is:
> [    0.000000] DMI: Google Panther/Panther, BIOS MattDevo 04/18/2016
>
> And if this is fixed in a newer firmware update, please hand me the
> paper bag I can hide under. :) I've downloaded a newer version of the
> SeaBIOS but haven't (yet) found the instructions to install it.

While not likely to fix your issue, that firmware is very old, and
updating wouldn't be a terrible idea. You can update via my ChromeOS
Device Firmware Utility Script, see
https://mrchromebox.tech/#fwscript.  Both UEFI and Legacy Boot
(SeaBIOS) versions are available for your device.

>
> Why do I care about HW RNG?
> Because of this:
> ...
> [    8.560270] r8169 0000:01:00.0 enp1s0: link up
> [    8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
> [19039.712644] random: crng init done
> [19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
> [19044.485625] wlp2s0: authenticate with ...
> ...

I'm surprised you're seeing this with such a recent kernel.  I saw
this on a few Chromebooks with earlier  4.1x kernels, and would
manifest as a delay in the desktop loading, but could be mitigated by
providing trackpad input. A quick googling says to install the
rng-tools5 package if you haven't already

>
> Yes, several *hours* until the crng was initialized and then
> wpa_supplicant could start talking on WIFI. :(
>
> The length of the delay varies...shortest was 7 minutes.
>
> thanks for any help,
> grant
>
>
> # lspci
> 00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
> 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT
> Integrated Graphics Controller (rev 09)
> 00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio
Controller (rev 09)
> 00:14.0 USB controller: Intel Corporation 8 Series USB xHCI HC (rev 04)
> 00:16.0 Communication controller: Intel Corporation 8 Series HECI
#0 (rev 04)
> 00:1b.0 Audio device: Intel Corporation 8 Series HD Audio
Controller (rev 04)
> 00:1c.0 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 3 (rev e4)
> 00:1c.1 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 4 (rev e4)
> 00:1c.2 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 5 (rev e4)
> 00:1f.0 ISA bridge: Intel Corporation 8 Series LPC Controller (rev 04)
> 00:1f.2 SATA controller: Intel Corporation 8 Series SATA Controller 1
> [AHCI mode] (rev 04)
> 00:1f.3 SMBus: Intel Corporation 8 Series SMBus Controller (rev 04)
> 00:1f.6 Signal processing controller: Intel Corporation 8 Series
> Thermal (rev 04)
> 01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
> RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
> 02:00.0 Network controller: Qualcomm Atheros AR9462 Wireless Network
> Adapter (rev 01)
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot</span>