Re: regarding the changes to kernel entropy gathering

To: John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: regarding the changes to kernel entropy gathering
From: Martin Husemann <martin%duskware.de@localhost>
Date: Sun, 4 Apr 2021 20:39:05 +0200

On Sun, Apr 04, 2021 at 11:14:31AM -0700, John Nemeth wrote:
>      I understand the need for good random sources, and won't argue
> it.  My question is, how can we tell what random sources a system
> actually has, i.e. is there some flag that cpuctl identify shows
> when a system has RDRAND/RDSEED?  Are there other sources that can
> be positively identified as providing randomness?

I am not sure I understand the question correctly. rndctl will show the
entropy available from the source. For cpu internal random sources,
on x86 cpuctl identify shows them:

# cpuctl identify 0 | fgrep RDRAND
cpu0: features1 0x7ffafbff<F16C,RDRAND>
# cpuctl identify 0 | fgrep RDSEED
cpu0: features5 0x29c6fbf<INVPCID,RTM,FPUCSDS,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT>
# rndctl -l
Source                 Bits Type      Flags
[..]
system-power              0 power estimate, collect, v, t, dt
autoconf                  0 ???  estimate, collect, t
seed                    256 ???  estimate, collect, v
rdrand/rdseed           512 rng  estimate, collect, v


or on a system with another cpu:

# rndctl -l
Source                 Bits Type      Flags
[..]
ualea0                  512 rng  estimate, collect, v
[..]
system-power              0 power estimate, collect, v, t, dt
autoconf                  0 ???  estimate, collect, t
seed                    256 ???  estimate, collect, v


and yet another with no trusted source, but properly seeded (also an
old and non-x86 system):

# rndctl -l
Source                 Bits Type      Flags
/dev/random               0 ???  estimate, collect, v
ucom7                     0 tty  estimate, collect, v, t, dt
ucom6                     0 tty  estimate, collect, v, t, dt
ucom5                     0 tty  estimate, collect, v, t, dt
ucom4                     0 tty  estimate, collect, v, t, dt
ucom3                     0 tty  estimate, collect, v, t, dt
ucom2                     0 tty  estimate, collect, v, t, dt
ucom1                     0 tty  estimate, collect, v, t, dt
ucom0                     0 tty  estimate, collect, v, t, dt
sd1                       0 disk estimate, collect, v, t, dt
sd0                       0 disk estimate, collect, v, t, dt
cpu0                      0 vm   estimate, collect, v, t, dv
hardclock                 0 skew estimate, collect, t
mvgbe0                    0 net  estimate, v, t, dt
system-power              0 power estimate, collect, v, t, dt
autoconf                  0 ???  estimate, collect, t
seed                    256 ???  estimate, collect, v


Martin

References:
- Re: regarding the changes to kernel entropy gathering
  - From: John Nemeth

Prev by Date: Re: regarding the changes to kernel entropy gathering
Next by Date: Re: regarding the changes to kernel entropy gathering
Previous by Thread: Re: regarding the changes to kernel entropy gathering
Next by Thread: Re: regarding the changes to kernel entropy gathering
Indexes:

Home | Main Index | Thread Index | Old Index