Re: kern/54655: cpu_rng_rdseed() should check support of RDRAND instruction

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Wed, Oct 30, 2019 at 06:12:25AM +0000, maya%NetBSD.org@localhost wrote:
> On Wed, Oct 30, 2019 at 01:22:44PM +1100, matthew green wrote:
> > rdrand should be retried 10 times in a row and if that
> > fails, we probably should (default) to panicking the system
> > as that indicates a really broken CPU.
> 
> Worth reminding that there are actual CPUs that might fail this test,
> the recent broken Ryzen 3000s.
> 
> Here's one booting netbsd:
> https://dmesgd.nycbug.org/index.cgi?do=view&id=5052
> 
> rnd: source "cpurng" failed continuous-output test.
> rnd: disabling source "cpurng".

Though the Ryzen issue makes me very glad we have the continuous-output
test for hardware RNGs (this is the 3rd or 4th broken device it's
caught -- mostly 0xffffffff but at least one emitting all-zeroes --
note that the actual problem with these CPUs is that they *do not*
properly handle the carry bit to indicate failure when RDRAND returns
a constant pattern.

This says some scary things about the quality of AMD's implementation
in general and I've been meaning to see whether they've actually
offered any explanation or excuses about how this failure was even
possible, or why their RNG should be trusted.

But, anyway, these won't trigger the failed-instruction test in
the cpurng driver itself.  FWIW I believe I took the counts for
retry/failure from Intel's original SDK... I don't really care
what they are, within reason.

-- 
 Thor Lancelot Simon	                                     tls%panix.com@localhost
  "Whether or not there's hope for change is not the question.  If you
   want to be a free person, you don't stand up for human rights because
   it will work, but because it is right."	--Andrei Sakharov