[coreboot] Asus Chromebox Panther: no HW RNG?

Nico Huber nico.huber at secunet.com
Tue Nov 27 13:10:14 CET 2018


Hi Grant,

I don't know how it is supposed to work on Haswell, but can give you
some pointers anyway.

tl;dr I don't think you are looking for a PCI device.

Am 27.11.18 um 08:11 schrieb Grant Grundler:
> Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
> have a HW Random Number Generator:
>    https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
> 
> (Intel calls it Secure Key)
> 
> But "modprobe intel-rng" is failing with "No such device" (Debian
> 4.18.0-2-amd64 kernel).

This driver is for very old Firmware Hub (FWH) hardware which would
be controlled through the LPC PCI device. You have such a PCI device
(00:1f.0) but there's no FWH to be expect with Haswell.

What you are probably looking for is the RDRAND instruction. I don't
know if it can be controlled by the firmware, but would check first if
your OS is prepared to make use of it.

> Why do I care about HW RNG?
> Because of this:
> ...
> [    8.560270] r8169 0000:01:00.0 enp1s0: link up
> [    8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
> [19039.712644] random: crng init done
> [19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
> [19044.485625] wlp2s0: authenticate with ...
> ...
> 
> Yes, several *hours* until the crng was initialized and then
> wpa_supplicant could start talking on WIFI. :(
> 
> The length of the delay varies...shortest was 7 minutes.

Well, even without a hardware rng, I wouldn't expect that. With antennas
available, I would say after 10s for the paranoid there should be enough
entropy available. But that's probably just how I'd do OS development
(and depends on what the wifi driver can do).

Nico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBD56B4A4138B3CE3.asc
Type: application/pgp-keys
Size: 5227 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20181127/424d383e/attachment.skr>


More information about the coreboot mailing list