On Sun, Feb 19, 2006 at 08:45:45AM +0000, Matthias Scheler wrote:
> On Sun, Feb 19, 2006 at 06:33:06AM +0000, Thor Lancelot Simon wrote:
> > The only way to know for sure that the RNG is actually there is to get
> > the full part number off every chip in the chipset and,
> 
> 1.) The code only looks for the chip when the system has an Intel chipset
>     whose firmware hub contains the hardware RNG.

Wrong.  There are many Intel *and non-Intel* firmware hubs -- including
"integrated" firmware hubs in other Intel chipsets that cannot be
distinguished from the 82802 in software -- that claim to have the RNG
but that do not in fact generate random numbers.

> 2.) The code *is* able to tell whether the chip is there or not. It never
>     erroneously detected the hardware RNG on my P4B266 motherboard which
>     used an Intel i845D chipset without the firmware hub.

Read what I wrote above.  There are a huge number of boards out there that
look _exactly_ as if they have the RNG but that don't actually generate
random numbers.  That is why it is not safe to enable this driver by
default.

If you have some reason to think this is different for the 9xx chipsets
I would be very curious to know what it might be.  The situation with
the 8xx chipsets is extremely ugly.

There are some details on this at
http://home.comcast.net/~andrex/hardware-RNG/doihave.html; be sure to look
at the note linked to from the text in the green box at the top of the
page, too.

A major problem with our /dev/random implementation is that it obscures
the actual input data while doing no testing at all to ensure that it is
actually random.  It is a very bad idea to leave known-questionable
sources -- particularly ones with high data rates -- connected to it!

Thor