On Mon, 17 Jun 2024, at 10:07 AM, Andre Przywara wrote: Thanks Andre! > Corentin's cryptotest passed for me, though I haven't checked how fast > it is and if it really brings an advantage performance-wise, but maybe > people find it useful to offload that from the CPU cores. Running the rngtest gives the following output: localhost:~# rngtest -c 10000 < /dev/random rngtest 6.16 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 200000032 rngtest: FIPS 140-2 successes: 9991 rngtest: FIPS 140-2 failures: 9 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 2 rngtest: FIPS 140-2(2001-10-10) Runs: 2 rngtest: FIPS 140-2(2001-10-10) Long run: 5 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=144.496; avg=808.068; max=866.977)Mibits/s rngtest: FIPS tests speed: (min=17.199; avg=60.937; max=62.949)Mibits/s rngtest: Program run time: 3369060 microseconds So looks like a nice performance boost. > One immediate advantage is the availability of the TRNG device, which > helps to feed the kernel's entropy pool much faster - typically before > we reach userland. Without the driver this sometimes takes minutes, and > delays workloads that rely on the entropy pool. CRNG bringup now also very fast: [ 1.114790] sun8i-ce 1904000.crypto: CryptoEngine Die ID 0 [ 1.116253] random: crng init done Tested-by: Ryan Walklin <ryan@xxxxxxxxxxxxx> Regards, Ryan
