NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
port-arm/59612: rpi4 bcm2838rng is not exposed out of the box
>Number: 59612
>Category: port-arm
>Synopsis: rpi4 bcm2838rng is not exposed out of the box
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-arm-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 27 20:10:00 +0000 2025
>Originator: Taylor R Campbell
>Release: current, 11, 10
>Organization:
Randberry PiBSD Foundation
>Environment:
>Description:
NetBSD has a driver (bcm2838rng) for the hardware random number
generator on rpi4, but it doesn't appear to be used out of the
box.
On Linux, it is found via device tree attachment in
arch/arm/boot/dts/broadcom/bcm2711.dtsi:
rng@7e104000 {
compatible = "brcm,bcm2711-rng200";
reg = <0x7e104000 0x28>;
};
But as I understand it, when we boot on rpi4, although there is
a device tree, it is only a perfunctory wrapper around ACPI
tables shipped as part of the UEFI firmware from
https://github.com/pftf/RPi4
which doesn't provide any OS-visible description of the device
for a driver to attach to.
The UEFI firmware there does _use_ the device, to implement
EFI_RNG_PROTOCOL, and we do get a sample out of the HWRNG via
efirng in the bootloader, but since EFI_RNG_PROTOCOL is limited
to boot-time (when the bootloader is running) and not run-time
(when the kernel is running), it would be better to have
ongoing access to the HWRNG.
For example, if you disable estimation of entropy from
non-HWRNG sources like disk, tty, and vm by setting
rndctl_flags="-E -t disk; -E -t tty; -E -t vm"
in rc.conf, you will start getting entropy warnings because the
system resets its total entropy estimate (it does not record
attribution of how much entropy came from each source like the
efirng source, so it conservatively assumes all the entropy
sources previously sampled must have been bad) and can't read a
fresh sample from the HWRNG.
>How-To-Repeat:
1. Install NetBSD on rpi4.
2. See that `sysctl kern.entropy.needed' is zero.
3. rndctl -E -t disk
4. See that `sysctl kern.entropy.needed' is no longer zero.
5. Get entropy warnings in the daily insecurity report.
>Fix:
Yes, please!
I don't care whether we attach via FDT or ACPI or what, but we
should attach the driver to the device somehow, out of the box
on rpi4 systems.
Home |
Main Index |
Thread Index |
Old Index