| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGb2v64Dx7XaJOu0HHzFxYYY2ddUZao5Tar8-s1R_miVZqWcXA@mail.gmail.com> Date: Tue, 23 Jul 2024 01:57:05 +0800 From: Chen-Yu Tsai <wens@...nel.org> To: Diederik de Haas <didi.debian@...ow.org> Cc: Daniel Golle <daniel@...rotopia.org>, linux-rockchip@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, Rob Herring <robh@...nel.org>, Conor Dooley <conor+dt@...nel.org>, linux-kernel@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au>, Martin Kaiser <martin@...ser.cx>, Sascha Hauer <s.hauer@...gutronix.de>, Sebastian Reichel <sebastian.reichel@...labora.com>, Ard Biesheuvel <ardb@...nel.org>, Uwe Kleine-König <ukleinek@...ian.org>, devicetree@...r.kernel.org, linux-crypto@...r.kernel.org, Philipp Zabel <p.zabel@...gutronix.de>, Olivia Mackall <olivia@...enic.com>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Dragan Simic <dsimic@...jaro.org>, Aurelien Jarno <aurelien@...el32.net>, Heiko Stuebner <heiko@...ech.de> Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568 On Wed, Jul 17, 2024 at 12:54 AM Diederik de Haas <didi.debian@...ow.org> wrote: > > On Tuesday, 16 July 2024 17:18:48 CEST Chen-Yu Tsai wrote: > > On Jul 16, 2024 at 10:13 PM Diederik de Haas <didi.debian@...ow.org> wrote: > > > On Tuesday, 16 July 2024 15:59:40 CEST Diederik de Haas wrote: > > > > For shits and giggles, I tried it on my PineTab2 too (also rk3566): > > > > > > > > =========================================================== > > > > root@...etab2:~# uname -a > > > > Linux pinetab2 6.10+unreleased-arm64 #1 SMP Debian 6.10-1~cknow > > > > (2024-04-24) aarch64 GNU/Linux > > > > > > > > root@...etab2:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null > > > > 1+0 records in > > > > 1+0 records out > > > > 100000 bytes (100 kB, 98 KiB) copied, 5,69533 s, 17,6 kB/s > > > > > > > > root@...bian-pinetab2:~# cat /dev/hwrng | rngtest -c 1000 > > > > rngtest 5 > > > > Copyright (c) 2004 by Henrique de Moraes Holschuh > > > > This is free software; see the source for copying conditions. > > > > There is NO warranty; not even for MERCHANTABILITY or > > > > FITNESS FOR A PARTICULAR PURPOSE. > > > > > > > > rngtest: starting FIPS tests... > > > > rngtest: bits received from input: 20000032 > > > > rngtest: FIPS 140-2 successes: 730 > > > > rngtest: FIPS 140-2 failures: 270 > > > > rngtest: FIPS 140-2(2001-10-10) Monobit: 266 > > > > rngtest: FIPS 140-2(2001-10-10) Poker: 23 > > > > rngtest: FIPS 140-2(2001-10-10) Runs: 9 > > > > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > > > > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > > > > rngtest: input channel speed: (min=2.615; avg=137.889; > > > > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=24.643; > > > > avg=34.518; max=68.364)Mibits/s rngtest: Program run time: 149674336 > > > > microseconds > > > > =========================================================== > > > > > > > > That's looking quite a lot better ... and I have no idea why. > > > > > > > > The Q64-A is used as headless server and the PineTab2 is not, > > > > but I connected to both over SSH and they were freshly booted > > > > into, thus I haven't actually/normally used the PT2 since boot. > > > > > > I did freshly install rng-tools5 package before running the test, so > > > I rebooted again to make sure that wasn't a factor: > > > > > > =========================================================== > > > root@...etab2:~# cat /dev/hwrng | rngtest -c 1000 > > > rngtest 5 > > > ... > > > > > > rngtest: starting FIPS tests... > > > rngtest: bits received from input: 20000032 > > > rngtest: FIPS 140-2 successes: 704 > > > rngtest: FIPS 140-2 failures: 296 > > > rngtest: FIPS 140-2(2001-10-10) Monobit: 293 > > > rngtest: FIPS 140-2(2001-10-10) Poker: 32 > > > rngtest: FIPS 140-2(2001-10-10) Runs: 10 > > > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > > > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > > > rngtest: input channel speed: (min=2.612; avg=137.833; > > > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=24.391; > > > avg=34.416; max=68.364)Mibits/s rngtest: Program run time: 149736205 > > > microseconds > > > =========================================================== > > > > > > So that 704/296 vs 730/270 in the previous run on the PT2. > > > > > > In case it helps: > > > =========================================================== > > > root@...rtz64a:~# grep . /sys/devices/virtual/misc/hw_random/rng_* > > > /sys/devices/virtual/misc/hw_random/rng_available:rockchip-rng > > > /sys/devices/virtual/misc/hw_random/rng_current:rockchip-rng > > > /sys/devices/virtual/misc/hw_random/rng_quality:900 > > > /sys/devices/virtual/misc/hw_random/rng_selected:0 > > > > > > root@...etab2:~# grep . /sys/devices/virtual/misc/hw_random/rng_* > > > /sys/devices/virtual/misc/hw_random/rng_available:rockchip-rng > > > /sys/devices/virtual/misc/hw_random/rng_current:rockchip-rng > > > /sys/devices/virtual/misc/hw_random/rng_quality:900 > > > /sys/devices/virtual/misc/hw_random/rng_selected:0 > > > =========================================================== > > > > On my Rock 3A: > > > > wens@...k-3a:~$ sudo cat /dev/hwrng | rngtest -c 1000 > > rngtest 5 > > Copyright (c) 2004 by Henrique de Moraes Holschuh > > This is free software; see the source for copying conditions. There > > is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > > PARTICULAR PURPOSE. > > > > rngtest: starting FIPS tests... > > rngtest: bits received from input: 20000032 > > rngtest: FIPS 140-2 successes: 992 > > rngtest: FIPS 140-2 failures: 8 > > rngtest: FIPS 140-2(2001-10-10) Monobit: 7 > > rngtest: FIPS 140-2(2001-10-10) Poker: 0 > > rngtest: FIPS 140-2(2001-10-10) Runs: 0 > > rngtest: FIPS 140-2(2001-10-10) Long run: 1 > > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > > rngtest: input channel speed: (min=2.658; avg=140.067; > > max=9765625.000)Kibits/s rngtest: FIPS tests speed: (min=26.751; > > avg=34.901; max=65.320)Mibits/s rngtest: Program run time: 147367594 > > microseconds > > > > wens@...k-3a:~$ uname -a > > Linux rock-3a 6.10.0-rc7-next-20240712-12899-g7df602fe7c8b #9 SMP Mon > > Jul 15 00:39:32 CST 2024 aarch64 GNU/Linux > > I wondered if ``dd if=/dev/hwrng bs=100000 count=1 > /dev/null`` before > the actual test run made a difference. > Tried it on my Quartz64 Model A: no > > Then I tried it on my Quartz64 Model B: > > root@...rtz64b:~# cat /dev/hwrng | rngtest -c 1000 > rngtest 5 > ... > rngtest: starting FIPS tests... > rngtest: bits received from input: 20000032 > rngtest: FIPS 140-2 successes: 120 > rngtest: FIPS 140-2 failures: 880 > rngtest: FIPS 140-2(2001-10-10) Monobit: 879 > rngtest: FIPS 140-2(2001-10-10) Poker: 332 > rngtest: FIPS 140-2(2001-10-10) Runs: 91 > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=2.615; avg=138.117; max=9765625.000)Kibits/s > rngtest: FIPS tests speed: (min=20.777; avg=34.535; max=68.857)Mibits/s > rngtest: Program run time: 149461754 microseconds > > root@...rtz64b:~# dd if=/dev/hwrng bs=100000 count=1 > /dev/null > 1+0 records in > 1+0 records out > 100000 bytes (100 kB, 98 KiB) copied, 5.71466 s, 17.5 kB/s > > root@...rtz64b:~# cat /dev/hwrng | rngtest -c 1000 > rngtest 5 > ... > rngtest: starting FIPS tests... > rngtest: bits received from input: 20000032 > rngtest: FIPS 140-2 successes: 104 > rngtest: FIPS 140-2 failures: 896 > rngtest: FIPS 140-2(2001-10-10) Monobit: 892 > rngtest: FIPS 140-2(2001-10-10) Poker: 335 > rngtest: FIPS 140-2(2001-10-10) Runs: 79 > rngtest: FIPS 140-2(2001-10-10) Long run: 0 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=2.613; avg=138.098; max=9765625.000)Kibits/s > rngtest: FIPS tests speed: (min=20.465; avg=34.587; max=69.107)Mibits/s > rngtest: Program run time: 149475187 microseconds > > root@...rtz64b:~# uname -a > Linux quartz64b 6.10+unreleased-arm64 #1 SMP Debian 6.10-1~cknow (2024-04-24) aarch64 GNU/Linux > > :-O I pulled out my Quartz64 model B, and the results seem better than yours. root@...rtz64:~# sudo dd if=/dev/hwrng bs=256 | rngtest -c 1000 rngtest 5 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 859 rngtest: FIPS 140-2 failures: 141 rngtest: FIPS 140-2(2001-10-10) Monobit: 137 rngtest: FIPS 140-2(2001-10-10) Poker: 10 rngtest: FIPS 140-2(2001-10-10) Runs: 5 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=134.990; avg=143.460; max=157.836)Kibits/s rngtest: FIPS tests speed: (min=34.742; avg=40.675; max=41.285)Mibits/s rngtest: Program run time: 136667679 microseconds root@...rtz64:~# sudo dd if=/dev/hwrng bs=256 | rngtest -c 1000 rngtest 5 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 843 rngtest: FIPS 140-2 failures: 157 rngtest: FIPS 140-2(2001-10-10) Monobit: 155 rngtest: FIPS 140-2(2001-10-10) Poker: 13 rngtest: FIPS 140-2(2001-10-10) Runs: 7 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=134.977; avg=143.669; max=157.906)Kibits/s rngtest: FIPS tests speed: (min=37.036; avg=40.666; max=41.285)Mibits/s rngtest: Program run time: 136459178 microseconds
Powered by blists - more mailing lists