port-arm/59612: rpi4 bcm2838rng is not exposed out of the box

To: port-arm-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-arm/59612: rpi4 bcm2838rng is not exposed out of the box
From: campbell+netbsd%mumble.net@localhost
Date: Wed, 27 Aug 2025 20:10:00 +0000 (UTC)

>Number:         59612
>Category:       port-arm
>Synopsis:       rpi4 bcm2838rng is not exposed out of the box
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-arm-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 27 20:10:00 +0000 2025
>Originator:     Taylor R Campbell
>Release:        current, 11, 10
>Organization:
Randberry PiBSD Foundation
>Environment:
>Description:

	NetBSD has a driver (bcm2838rng) for the hardware random number
	generator on rpi4, but it doesn't appear to be used out of the
	box.

	On Linux, it is found via device tree attachment in
	arch/arm/boot/dts/broadcom/bcm2711.dtsi:

		rng@7e104000 {
			compatible = "brcm,bcm2711-rng200";
			reg = <0x7e104000 0x28>;
		};

	But as I understand it, when we boot on rpi4, although there is
	a device tree, it is only a perfunctory wrapper around ACPI
	tables shipped as part of the UEFI firmware from

	https://github.com/pftf/RPi4

	which doesn't provide any OS-visible description of the device
	for a driver to attach to.

	The UEFI firmware there does _use_ the device, to implement
	EFI_RNG_PROTOCOL, and we do get a sample out of the HWRNG via
	efirng in the bootloader, but since EFI_RNG_PROTOCOL is limited
	to boot-time (when the bootloader is running) and not run-time
	(when the kernel is running), it would be better to have
	ongoing access to the HWRNG.

	For example, if you disable estimation of entropy from
	non-HWRNG sources like disk, tty, and vm by setting

	rndctl_flags="-E -t disk; -E -t tty; -E -t vm"

	in rc.conf, you will start getting entropy warnings because the
	system resets its total entropy estimate (it does not record
	attribution of how much entropy came from each source like the
	efirng source, so it conservatively assumes all the entropy
	sources previously sampled must have been bad) and can't read a
	fresh sample from the HWRNG.


>How-To-Repeat:

	1. Install NetBSD on rpi4.
	2. See that `sysctl kern.entropy.needed' is zero.
	3. rndctl -E -t disk
	4. See that `sysctl kern.entropy.needed' is no longer zero.
	5. Get entropy warnings in the daily insecurity report.


>Fix:

	Yes, please!

	I don't care whether we attach via FDT or ACPI or what, but we
	should attach the driver to the device somehow, out of the box
	on rpi4 systems.

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: port-powerpc/59613: Unexpected panic: pr_phinpage_check: [pmap_upvopl] ...
Previous by Thread: toolchain/59610: obsolete file check during release build blows up on case-insensitive host file systems
Next by Thread: port-powerpc/59613: Unexpected panic: pr_phinpage_check: [pmap_upvopl] ...
Indexes:

Home | Main Index | Thread Index | Old Index