lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CA+X5Wn5TAa7C5BjV9fnnjTfrSRp=E=_QCJ5bi=6SxOPnw4Qhow@mail.gmail.com>
Date:	Sat, 12 Sep 2015 00:28:35 +0000
From:	james harvey <jamespharvey20@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: Drawback to intel-rng no_fwh_detect option, if firmware space is
 locked read-only

I know the error message says I can try using the "no_fwh_detect" option.

So, I am not asking how to fix this error.  I am asking what it means,
and what the difference is if the module would load with the firmware
space not locked read only, versus it loading locked but with the
no_fwh_detect option, versus just letting the intel-rng module not
load at all.

==========
[    9.611318] intel_rng: Firmware space is locked read-only. If you can't or
               intel_rng: don't want to disable this in firmware setup, and if
               intel_rng: you are certain that your system has a functional
               intel_rng: RNG, try using the 'no_fwh_detect' option.
==========

If needed, entire dmesg is here: http://pastebin.ca/3159151

The intel-rng module isn't loaded.  The above error repeats in dmesg
if running modprobe intel-rng.

I'm on a HP xw8400, most recent BIOS (02.38.)  There's no BIOS option
to unlock the firmware space

Question 1 - Am I correct, that without this module, the quality of my
random numbers is worse?  (Appears this module uses quantum thermal
noise.)

Question 2 - What's the difference whether I do nothing and allow the
error to persist (or blacklist the module) -- or if I use the
no_fwh_detect option?  Would using this option still get me the
quantum thermal noise effects on random numbers?

Basically trying to decide whether I should ignore the error or use
the option, and can't find anything saying what the drawback to having
to use the option is.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ