[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs

On Wed, Jan 6, 2016 at 5:21 PM, Anatoly Pugachev <matorola@gmail.com> wrote:
> On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <ben@decadent.org.uk> wrote:
>> Control: tag -1 moreinfo
>>
>> On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote:
>>> Package: src:linux
>>> Version: 4.3.3-2
>>> Severity: wishlist
>>>
>>> Dear Maintainer,
>>>
>>> Can you please enable CONFIG_TCG_TPM (TPM security chip) and
>>> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to
>>> enable hardware RNG device for use in LDOM (containers) of debian
>>> sparc64.
>>>
>>> Right now, there's no hardware RNG provider is available :
>> [...]
>>
>> Both of those are generic TPM code and won't help you without a driver
>> for the specific TPM that's present in LDOMs.
>>
>> I can't find any hint in the kernel source of which driver is needed
>> for an LDOM, even in the UEK patched source, so perhaps it is out-of-
>> tree?
>
> Ben, well,
>
> I'm going to build a generic (vanilla) kernel with this CONFIGs and
> test how it would work. Going to report back soon. Thanks.

Ben,

you was right, this modules does not help.

root@deb4g:/home/mator# lsmod | grep rng
tpm_rng                 1020  0
n2_rng                  6878  0
rng_core                8172  2 n2_rng,tpm_rng
root@deb4g:/home/mator# cat /sys/class/misc/hw_random/rng_available
tpm-rng

rngd still gives error:

root@deb4g:/home/mator# rngd -f -r /dev/hwrng
error reading from entropy source:: No such device

I don't know, but I probably should report to upstream kernel
bugzilla, about n2_rng, that it does not work.
Openbsd says [1] it does support it (starting from T1 and T2 processors),
Solaris says [2] it does support it (from T2 till M6 processors,
including this machine T5 cpu)

running show-devs from openboot console for this LDOM, i can see
random-number-generator device is being present:

{0} ok show-devs
/cpu@3
/cpu@2
/cpu@1
/cpu@0
/virtual-devices@100
/reboot-memory@0
/iscsi-hba
/virtual-memory
/memory@m0,30000000
/aliases
/options
/openprom
/chosen
/packages
/virtual-devices@100/channel-devices@200
/virtual-devices@100/console@1
/virtual-devices@100/random-number-generator@e
/virtual-devices@100/flashprom@0
/virtual-devices@100/channel-devices@200/virtual-domain-service@0
/virtual-devices@100/channel-devices@200/pciv-communication@0
/virtual-devices@100/channel-devices@200/disk@1
/virtual-devices@100/channel-devices@200/disk@0
/virtual-devices@100/channel-devices@200/network@0
/iscsi-hba/disk
/openprom/client-services
/packages/vnet-helper-pkg
/packages/vdisk-helper-pkg
/packages/obp-tftp
/packages/kbd-translator
/packages/SUNW,asr
/packages/dropins
/packages/terminal-emulator
/packages/disk-label
/packages/deblocker
/packages/SUNW,builtin-drivers
{0} ok

but n2_rng does not see it. I'm going to test a more recent kernel,
instead of 4.1.15. The choice of old 4.1.15 kernel to test, was
because oracle sparc linux is using 4.1.8, and i wanted to test it
first. Compiling 4.4rc8 right now...

Searching on the web, found [3], where cpu is T4 and 4.3.0 kernel, but
n2rng gives more messages on boot.

Sorry for wrong feature request, please close this bug as non-valid. Thanks.

1. http://undeadly.org/cgi?action=article&sid=20090201164147
2. http://prsync.com/oracle/solaris-random-number-generation-570469/
3. https://lkml.org/lkml/2015/10/30/678
Reply to: