Re: HWRNGs without quality attribute - are they used or not?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Dienstag, 5. September 2017, 15:54:02 CEST schrieb Peter Huewe:

Hi Peter,

> Hi,
> 
> while reading through the analysis of the Linux RNG by the BSI [1][2],
> I was suprised by the lack of reflecting on the usage of HWRNGs except
> RDRAND/RDSEED.

Sure, the study is about assessing entropy. How can one assess entropy when no 
access to noise sources is possible?
> 
> In the paper it was mentioned that if the quality attribute of a regular
> hwrng is not set (or specified via the module parameter default_quality for
> all hwrng) the HWRNG is not used at all. Only very few set this attribute
> explictly, and the default is 0,
> so even if we enable these HWRNGs in the kernel config, they are not used?

Yes, see drivers/char/hw_random/core.c:

       if (current_quality == 0 && hwrng_fill)
                kthread_stop(hwrng_fill);
       if (current_quality > 0 && !hwrng_fill)
                start_khwrngd();
> 
> I read through the hw_random code and came to the same conclusion - but is
> this correct and desired?

If the quality is marked as 0, it is considered to provide no entropy. Thus, 
it will not change the blocking behavior of /dev/random.

As the in-kernel path in core.c with add_hwgenerator_randomness shall 
eliminate the need for rngd for those hardware RNGs, the current approach 
makes sense.

Though, the current implementation cannnot be used to simply mix the 
input_pool with a hardware RNG that is assumed to provide no entropy.
> 
> Specifically since you can set the 'default value' only for every hwrng but
> not overwrite the quality for a specific device. e.g. the quite good tpm
> hwrng of my ifx tpm would not be used and
> if I set the default_quality to something other than 0, other devices would
> be used, which I would not want to.
> 
> Is this understanding correct?
> 
> 
> Thanks,
> Peter
> (tpm maintainer)
> 
> 
> 
> [1] https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html
> [2]
> https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/L
> inuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5



Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux