lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zr4PJYISc_h7cQdW@zx2c4.com>
Date: Thu, 15 Aug 2024 14:22:29 +0000
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Diederik de Haas <didi.debian@...ow.org>
Cc: Tom Lendacky <thomas.lendacky@....com>, John Allen <john.allen@....com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>,
	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

On Thu, Aug 15, 2024 at 03:56:26PM +0200, Diederik de Haas wrote:
> Found an article [1] which could be relevant and downloaded and ran the
> accompanying test program (written by Jason Donenfeld):
> # ./amd-rdrand-bug
> Your RDRAND() does not have the AMD bug.
> # ./test-rdrand
> RDRAND() = 0x47c993c0
> RDRAND() = 0xec7c697d
> ... (more seemingly random numbers)
> RDRAND() = 0xba858101

RDRAND isn't the same as CCP.

> # dmesg | grep ccp
> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> be running a broken BIOS.
> [    5.401031] ccp 0000:07:00.2: tee enabled
> [    5.401113] ccp 0000:07:00.2: psp enabled

Looks like the kernel reports CCP as broken. As the above RDRAND test
doesn't indicate anything about CCP, I don't see rationale for that
determination to be wrong.

Actual test code is in drivers/crypto/ccp/ccp-dev-v5.c:

        /* Find available queues */
        qmr = ioread32(ccp->io_regs + Q_MASK_REG);
        /*
         * Check for a access to the registers.  If this read returns
         * 0xffffffff, it's likely that the system is running a broken
         * BIOS which disallows access to the device. Stop here and fail
         * the initialization (but not the load, as the PSP could get                       * properly initialized).                                                           */
        if (qmr == 0xffffffff) {                                                                   dev_notice(dev, "ccp: unable to access the device: you might be running a broken BIOS.\n");                                                                           return 1;                                                                  }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ