[coreboot] Asus Chromebox Panther: no HW RNG?

Ivan Ivanov qmastery16 at gmail.com
Wed Nov 28 10:51:06 CET 2018


Sorry but I think that relying on Intel RNG is a _Terrible_ idea
regarding the security and not sure you should be pursuing it. If you
really want a hardware RNG that is also secure, why not take a look at
some USB dongles like FST-01 or Librem key? Here is a ( sadly deleted
recently! ) Wikipedia comparison page -
https://web.archive.org/web/20180812092012/https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
- You can check it to find the best price/performance USB TRNG dongle
which is also open hardware

Best regards,
Ivan Ivanov
вт, 27 нояб. 2018 г. в 22:50, Grant Grundler <grantgrundler at gmail.com>:
>
> On Tue, Nov 27, 2018 at 4:10 AM Nico Huber <nico.huber at secunet.com> wrote:
> >
> > Hi Grant,
> >
> > I don't know how it is supposed to work on Haswell, but can give you
> > some pointers anyway.
> >
> > tl;dr I don't think you are looking for a PCI device.
>
> If  intel-rng support is required, a PCI device will be advertised
> because of how the linux kernel binds PCI devices to drivers. See
> "alias" field of "modinfo intel-rng" as an example.
>
> One of the search results pointed at a response that said "load
> intel-rng driver" as the solution to this problem... that's the only
> reason I'm exploring this path.
>
> > Am 27.11.18 um 08:11 schrieb Grant Grundler:
> > > Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
> > > have a HW Random Number Generator:
> > >    https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
> > >
> > > (Intel calls it Secure Key)
> > >
> > > But "modprobe intel-rng" is failing with "No such device" (Debian
> > > 4.18.0-2-amd64 kernel).
> >
> > This driver is for very old Firmware Hub (FWH) hardware which would
> > be controlled through the LPC PCI device. You have such a PCI device
> > (00:1f.0) but there's no FWH to be expect with Haswell.
>
> Hrm. OK. But that would explain why intel-rng driver only binds with
> PCI devices.
>
> > What you are probably looking for is the RDRAND instruction. I don't
> > know if it can be controlled by the firmware, but would check first if
> > your OS is prepared to make use of it.
>
> Linux kernel has supported RDRAND for a long time. There is even a
> public debate about *excluding* RDRAND use since some people were
> hypothesizing that RDRAND was "compromised" by Intel so "goverment
> agencies" could break encrypted traffic which used RDRAND exclusively
> to generate encryption keys. Linux kernel does NOT exclusively use
> RDRAND and Ted Tyso made compelling arguments that RDRAND would still
> add "entropy" to key generation.
>
> What I don't know is how linux figures out it can or should use
> RDRAND. RDRAND appears to be a "CPU feature":
>
> arch/x86/include/asm/cpufeatures.h:#define X86_FEATURE_RDRAND
>     ( 4*32+30) /* RDRAND instruction */
>
> And as notedin original email, Intel says this CPU (Celeron 2995U)
> supports "Secure Key" which is the new marketing name for HW RNG
> support (could be only via RDRAND now).
>
>
> > > Why do I care about HW RNG?
> > > Because of this:
> > > ...
> > > [    8.560270] r8169 0000:01:00.0 enp1s0: link up
> > > [    8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
> > > [19039.712644] random: crng init done
> > > [19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
> > > [19044.485625] wlp2s0: authenticate with ...
> > > ...
> > >
> > > Yes, several *hours* until the crng was initialized and then
> > > wpa_supplicant could start talking on WIFI. :(
> > >
> > > The length of the delay varies...shortest was 7 minutes.
> >
> > Well, even without a hardware rng, I wouldn't expect that.
>
> Exactly. I didn't either. My NUC5 completes typically in 3 second from
> the time the kernel is loaded. But this is a different CPU (Intel Core
> i5 6260) and completely different firmware (If Coreboot was available
> for this, I'd prefer Coreboot).
>
> >  With antennas
> > available, I would say after 10s for the paranoid there should be enough
> > entropy available. But that's probably just how I'd do OS development
> > (and depends on what the wifi driver can do).
>
> I don't know if the kernel has access to any radios (or antennas)
> until the 80211 link is brought up... which in turn won't happen until
> wpa_supplicant is running. So something else is wrong here. My
> suspicion is still on Coreboot not providing something that tells the
> linux kernel a quick method to generate random numbers.
>
> I saw Matt DeVillier's response as well and I'll follow up once I've
> updated the SeaBIOS firmware, installed rng-tools5, and determined
> which CPU features are advertised by both Panther and NUC CPUs. For
> some reason my "phone home" (SSH) is getting rejected right now. :(
>
> cheers,
> grant
>
> > Nico
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot



More information about the coreboot mailing list