Re: random number generator missing after upgrade

To: debian-user@lists.debian.org
Subject: Re: random number generator missing after upgrade
From: Björn Persson <Bjorn@xn--rombobjrn-67a.se>
Date: Mon, 14 Aug 2023 13:16:23 +0200
Message-id: <[🔎] 20230814131623.34ad8149@tag.xn--rombobjrn-67a.se>
In-reply-to: <[🔎] CAKkunMb6kfEkdPn+=5bzMN1Q7E28_S=SaZzOPDyCA_F1apTODQ@mail.gmail.com>
References: <[🔎] 20230813110243.09096fc0@tag.xn--rombobjrn-67a.se> <[🔎] CAH8yC8=_qz7fwBLj2Oh3otP50hrKUE4zvibu3esNco+z4mXkmA@mail.gmail.com> <[🔎] 20230813230808.682fa34c@tag.xn--rombobjrn-67a.se> <[🔎] CAKkunMb6kfEkdPn+=5bzMN1Q7E28_S=SaZzOPDyCA_F1apTODQ@mail.gmail.com>

Anders Andersson wrote:
> On Sun, Aug 13, 2023 at 11:09 PM Björn Persson <Bjorn@rombobjörn.se> wrote:
> > Jeffrey Walton wrote:  
> > > Maybe related to https://www.phoronix.com/news/Linux-Disables-RNG-AMD-fTPMs  
> >
> > Not likely. That article is about a firmware TPM that comes with newer
> > Ryzen processors. Older Ryzens supposedly don't have it. The processor
> > in my APU2 is a GX-412TC, not a Ryzen at all, and my TPM is a discrete
> > chip from Infineon. The change in question is supposed to disable the
> > random number generator only if the TPM lists AMD as its manufacturer.  
> 
> I agree that the patch looks ok, but I remember being hit by a kernel
> change that inadvertently changed the behavior on other systems too
> (ECC RAM background scrubbing), but nobody really noticed because it
> was not in much use.
> 
> I suspect that the case of having an external TPM on an AMD system is
> such an unusual case, and I couldn't trace exactly where that patch
> checked the AMD string, so perhaps it's picking up the AMD string
> earlier on, and decides to disable all TPM on the AMD system. At least
> the timing of the problem and the patch is suspicious.

I see the 6.1 branch contains the first attempt at working around the
stutter problem, which disables randomness only from certain known
broken firmware versions:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/char/tpm/tpm-chip.c?h=linux-6.1.y#n510

It's supposed to log a warning when it takes effect:
"AMD fTPM version 0x%llx causes system stutter; hwrng disabled\n"
That message does not appear in my logs.

The new workaround, which disables randomness from all AMD firmware TPUs
and doesn't log, can be in effect only if it has been backported to
Debian's kernel very recently. That does not seem to be the case, if
this is the right way to look for backports:
https://salsa.debian.org/kernel-team/linux/-/commits/bookworm/

I'll check what the manufacturer number is on my system, if I can
figure out how to get at it.

Björn Persson

Attachment: pgplmeNOoh37q.pgp
Description: OpenPGP digital signatur

Reply to:

References:
- random number generator missing after upgrade
  - From: Björn Persson <Bjorn@xn--rombobjrn-67a.se>
- Re: random number generator missing after upgrade
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: random number generator missing after upgrade
  - From: Björn Persson <Bjorn@xn--rombobjrn-67a.se>
- Re: random number generator missing after upgrade
  - From: Anders Andersson <pipatron@gmail.com>

Prev by Date: Re: random number generator missing after upgrade
Next by Date: Re: random number generator missing after upgrade
Previous by thread: Re: random number generator missing after upgrade
Next by thread: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer
Index(es):
- Date
- Thread