On Fri, Oct 12, 2012 at 10:50:55AM +0200, Harald Schmalzbauer wrote: > schrieb Konstantin Belousov am 02.09.2012 12:34 (localtime): > > It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have > > built-in hardware random number generator, which is claimed to be both > > very fast and high quality. Generator is accessible using non-privileged > > RDRAND instruction. It is claimed that CPU performs sanitization of the > > random sequence. In particular, it seems that paranoid AES encryption of > > the raw random stream, performed by our padlock driver, is not needed > > for Bull Mountain (there are hints that hardware performs it already). > > > > See > > http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 > > http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ > > and IA32 ADM. > > > > Patch at > > http://people.freebsd.org/~kib/misc/bull_mountain.2.patch > > implements support for the generator. I do not own any IvyBridge machines, > > so I cannot test. Patch makes both padlock and bull generators the options, > > you need to enable IVY_RNG to get support for the generator. > > > > I would be interested in seeing reports including verbose boot dmesg, > > and some tests of /dev/random quality on the IvyBridge machines, you can > > start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. > > Thanks a lot for implementing this! > I have an ESXi host with Ivy Brindge CPU. > FreeBSD guest reports the following: > CPU: Intel(R) Xeon(R) CPU E3-1270 V2 _at_ 3.50GHz (3492.07-MHz K8-class CPU) > Origin = "GenuineIntel" Id = 0x306a9 Family = 6 Model = 3a > Stepping = 9 > > Features=0x1fa3fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT> > > Features2=0xfeba2203<SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV> > AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM> > AMD Features2=0x1<LAHF> > TSC: P-state invariant > real memory = 8589934592 (8192 MB) > avail memory = 8235110400 (7853 MB) > Event timer "LAPIC" quality 600 > ACPI APIC Table: <PTLTD APIC > > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > FreeBSD/SMP: 1 package(s) x 4 core(s) > cpu0 (BSP): APIC ID: 0 > cpu1 (AP): APIC ID: 1 > cpu2 (AP): APIC ID: 2 > cpu3 (AP): APIC ID: 3 > MADT: Forcing active-low polarity and level trigger for SCI > > But unfortunately accessing /dev/random doesn't work with IVY_RNG enabled. > 'dd' consumes 100% wcpu bound to one core but never finishes (dd > if=/dev/random bs=1k count=100|./ent) > Also some other functions are blocked, logging in for example (doesn't > matter if it's console or ssh). But I can walk arround in already > established sessions. > > I made a 9.1-RC-2 debug kernel but no info appears. Also IVY_RNG isn't > reported after kldloading, nor during boot, but this is the expected > behaviour if I unterstand your patch correctly. > > I guess using RDRAND in an hypervisor environment should make no > difference but please correct me if I'm wrong. Try the stable/9 instead. The code was merged in r240950. There was a bug in the original patch with the similar description.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:31 UTC