On Wed, Apr 21, 2021 at 10:03:17PM +0200, Corentin Labbe wrote: > hello > > I work on the crypto part of the cortina/gemini SL3516 SoC. > The datasheet mention a HWRNG in its IP but really briefly: > """ > The implementation is a 32-bit Hardware Random Number Generator that has a uniformed > distribution between 0 and 2^32 -1. The hardware randomness is created by sampling data from > different clock domains, and feeding it as input to the 32-bit maximum length LFSR (Linear Feedback > Shift Register) > """ > > Piping its output to rngtest give: > dd if=/dev/hwrng count=2000 bs=2048 | rngtest > rngtest 6.11 > rngtest: starting FIPS tests... > rngtest: entropy source drained > rngtest: bits received from input: 32768000 > rngtest: FIPS 140-2 successes: 1191 > rngtest: FIPS 140-2 failures: 447 > rngtest: FIPS 140-2(2001-10-10) Monobit: 183 > rngtest: FIPS 140-2(2001-10-10) Poker: 116 > rngtest: FIPS 140-2(2001-10-10) Runs: 346 > 2000+0 records in > 2000+0 records out > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=303.606; avg=3143.352; max=9712.208)Kibits/s > rngtest: FIPS tests speed: (min=7.104; avg=10.332; max=10.638)Mibits/s > rngtest: Program run time: 13303224 microseconds > > That's a quite number of failure. > Can the hwrng still be used with some "hwrng->quality" setting ? > Or it is just too many failure to be used ? If in doubt just leave it zero and the admin can override it if necessary. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt