Le Thu, Apr 22, 2021 at 10:14:30AM +1000, Herbert Xu a écrit : > On Wed, Apr 21, 2021 at 10:03:17PM +0200, Corentin Labbe wrote: > > hello > > > > I work on the crypto part of the cortina/gemini SL3516 SoC. > > The datasheet mention a HWRNG in its IP but really briefly: > > """ > > The implementation is a 32-bit Hardware Random Number Generator that has a uniformed > > distribution between 0 and 2^32 -1. The hardware randomness is created by sampling data from > > different clock domains, and feeding it as input to the 32-bit maximum length LFSR (Linear Feedback > > Shift Register) > > """ > > > > Piping its output to rngtest give: > > dd if=/dev/hwrng count=2000 bs=2048 | rngtest > > rngtest 6.11 > > rngtest: starting FIPS tests... > > rngtest: entropy source drained > > rngtest: bits received from input: 32768000 > > rngtest: FIPS 140-2 successes: 1191 > > rngtest: FIPS 140-2 failures: 447 > > rngtest: FIPS 140-2(2001-10-10) Monobit: 183 > > rngtest: FIPS 140-2(2001-10-10) Poker: 116 > > rngtest: FIPS 140-2(2001-10-10) Runs: 346 > > 2000+0 records in > > 2000+0 records out > > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > > rngtest: input channel speed: (min=303.606; avg=3143.352; max=9712.208)Kibits/s > > rngtest: FIPS tests speed: (min=7.104; avg=10.332; max=10.638)Mibits/s > > rngtest: Program run time: 13303224 microseconds > > > > That's a quite number of failure. > > Can the hwrng still be used with some "hwrng->quality" setting ? > > Or it is just too many failure to be used ? > > If in doubt just leave it zero and the admin can override it if > necessary. > But as an admin, what value I can set ? If I do a rule-of-3, success rate is 73%. So does a quality of 730 is ok ?