Re: Bug#809815: [feature request] linux-image-4.3.0-1-sparc64-smp: tpm random module for linux LDOMs
On Thu, Jan 7, 2016 at 5:49 AM, Ben Hutchings <ben@decadent.org.uk> wrote:
> On Wed, 2016-01-06 at 23:13 +0300, Anatoly Pugachev wrote:
> [...]
>> Sorry for wrong feature request, please close this bug as non-valid. Thanks.
>
> I don't mind keeping it open if you're still hoping to get more
> information.
Ben,
below is a long description of how I made (dirty hack to n2_rng)
hardware random number generator to work in linux sparc64 LDOM.
Can you please suggest, what to do next? Close this bugreport as
invalid, and fill new one against n2_rng module in debian, or report
first to lkml? Thanks.
Here is what I find out, not that I'm a kernel developer nor I do it every time.
If we look at linux/drivers/char/hw_random/n2-drv.c [1] there would be
(line 731)
struct of_device_id n2rng_match[]
which lists only 3 compatible driver names:
SUNW,n2-rng
SUNW,vf-rng
SUNW,kt-rng
but running "prtconf -p -v" in linux/debian/sparc64 LDOM, i can see
the following device node:
Node 0xf029a4f4
.node: f029a4f4
rng-#units: 00000002
compatible: 'ORCL,m4-rng'
reg: 0000000e
name: 'random-number-generator'
and "ORCL,m4-rng" does not hit match in linux kernel sources for n2_rng driver.
running prtconf in solaris 11.3 LDOM, running on the same physical
hardware (T5-2), we can see:
root@deimos:~# uname -a
SunOS deimos 5.11 11.3 sun4v sparc sun4v
(stock, not updated, solaris 11.3 sparc)
root@deimos:~# prtconf -p -v
...
Node 0xf029a834
rng-#units: 00000002
compatible: 'ORCL,m4-rng'
reg: 0000000e
name: 'random-number-generator'
root@deimos:~# modinfo -i 128
Id Loadaddr Size Info Rev Module Name
128 11a2d708 4650 144 1 n2rng (N2 RNG Driver)
root@deimos:~# kstat n2rng
module: n2rng instance: 0
name: n2rng0 class: misc
...
status online
(notice status online - means that it does work, besides of more stats
in cut-here ... lines). I actually have no idea, how to test it
directly, [6] does not state methods to test it directly, but running
cryptoadm, it tells that kernel n2rng enabled:
root@deimos:~# cryptoadm list fips-140
User-level providers:
=====================
/usr/lib/security/$ISA/pkcs11_softtoken: FIPS 140 mode is enabled.
Kernel providers:
=================
des: FIPS 140 mode is enabled.
aes: FIPS 140 mode is enabled.
ecc: FIPS 140 mode is enabled.
sha1: FIPS 140 mode is enabled.
sha2: FIPS 140 mode is enabled.
rsa: FIPS 140 mode is enabled.
swrand: FIPS 140 mode is enabled.
intelrd: FIPS 140 mode is enabled.
n2rng: FIPS 140 mode is enabled.
lets look at installed n2rng solaris package metadata/description (or
from [2] , search for n2rng via [3], press manifest) :
root@deimos:~# pkg contents -m n2rng | grep name
set name=pkg.fmri
value=pkg://solaris/driver/crypto/n2rng@0.5.11,5.11-0.175.3.0.0.30.0:20150821T154254Z
set name=pkg.description value="The n2rng(7D) device driver is a
cryptographic framework provider for the hardware random number
generator on Oracle SPARC processors."
set name=info.classification value=org.opensolaris.category.2008:System/Hardware
set name=pkg.summary value="SPARC HW Random Number Provider"
set name=org.opensolaris.consolidation value=osnet
set name=variant.opensolaris.zone value=global value=nonglobal
set name=variant.arch value=sparc
set name=variant.debug.osnet value=true value=false
driver alias=ORCL,m4-rng alias=ORCL,m7-rng alias=SUNW,kt-rng
alias=SUNW,n2-rng alias=SUNW,vf-rng name=n2rng
variant.opensolaris.zone=global
so driver works for ORCL,m4-rng and ORCL,m7-rng names as well.
I made a quick edit to drivers/char/hw_random/n2-drv.c to include "ORCL,m4-rng"
mator@deb4g:~/linux-4.3.3$ diff -u
drivers/char/hw_random/n2-drv.c-orig drivers/char/hw_random/n2-drv.c
--- drivers/char/hw_random/n2-drv.c-orig 2016-01-07
09:01:02.672227383 -0500
+++ drivers/char/hw_random/n2-drv.c 2016-01-07 09:07:56.928876710 -0500
@@ -743,6 +743,10 @@
.compatible = "SUNW,kt-rng",
.data = (void *) 1,
},
+ {
+ .name = "random-number-generator",
+ .compatible = "ORCL,m4-rng",
+ },
{},
};
MODULE_DEVICE_TABLE(of, n2rng_match);
compiled and installed module with insmod. I've got working n2_rng in
linux sparc64 LDOM:
root@deb4g:/etc/init.d# lsmod
Module Size Used by
n2_rng 6503 0
rng_core 6684 1 n2_rng
root@deb4g:/home/mator# tail -f /var/log/kern.log
Jan 7 09:10:40 deb4g kernel: [2391276.745713] n2rng.c:v0.2 (July 27, 2011)
Jan 7 09:10:40 deb4g kernel: [2391276.745739] n2rng f029a4f4:
Registered RNG HVAPI major 2 minor 0
Jan 7 09:10:40 deb4g kernel: [2391276.745750] n2rng f029a4f4: Found
single-unit RNG, units: 1
Jan 7 09:10:40 deb4g kernel: [2391276.745769] n2rng f029a4f4: RNG ready
and working /dev/hwrng for rng-tools:
root@deb4g:/etc/init.d# systemctl start rng-tools
root@deb4g:/etc/init.d# systemctl status rng-tools
? rng-tools.service
Loaded: loaded (/etc/init.d/rng-tools; bad; vendor preset: enabled)
Active: active (running) since Thu 2016-01-07 10:02:13 EST; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 9172 ExecStart=/etc/init.d/rng-tools start (code=exited,
status=0/SUCCESS)
CGroup: /system.slice/rng-tools.service
L-9174 /usr/sbin/rngd -r /dev/hwrng
Jan 07 10:02:13 deb4g systemd[1]: Starting rng-tools.service...
Jan 07 10:02:13 deb4g rng-tools[9172]: Starting Hardware RNG entropy
gatherer daemon: rngd.
Jan 07 10:02:13 deb4g rngd[9174]: rngd 2-unofficial-mt.14 starting up...
Jan 07 10:02:13 deb4g systemd[1]: Started rng-tools.service.
Jan 07 10:02:13 deb4g rngd[9174]: entropy feed to the kernel ready
but before working n2_rng module, rng-tools/rngd complained that it
does not have hardware RNG (example, debian sid sparc64 LDOM):
Dec 31 02:14:37 deb-t52 systemd[1]: Starting rng-tools.service...
Dec 31 02:14:37 deb-t52 rng-tools[19235]: Starting Hardware RNG
entropy gatherer daemon: (Hardware RNG device inode not found)
Dec 31 02:14:37 deb-t52 rng-tools[19235]: /etc/init.d/rng-tools:
Cannot find a hardware RNG device to use.
PS:
openbsd [4] is being quite conservative in matching only for
"random-number-generator" string in it's driver for n2rng;
illumos [5] is the same as linux, only have match for 3 driver names.
1. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/hw_random/n2-drv.c?id=refs/tags/v4.4-rc8
2. http://pkg.oracle.com/solaris/release/manifest/0/driver%2Fcrypto%2Fn2rng%400.5.11%2C5.11-0.175.3.0.0.30.0%3A20150821T154254Z
3. http://pkg.oracle.com/solaris/release/en/search.shtml?token=n2rng&action=Search
4. http://fxr.watson.org/fxr/source//arch/sparc64/dev/vrng.c?v=OPENBSD
5. https://github.com/illumos/illumos-gate/blob/master/usr/src/uts/sun4v/io/n2rng/n2rng.c
6. https://blogs.oracle.com/darren/entry/solaris_random_number_generation
Reply to: