lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <D3GL6HTEHTEZ.1HKTPS9XG9QMI@cknow.org>
Date: Thu, 15 Aug 2024 17:22:16 +0200
From: "Diederik de Haas" <didi.debian@...ow.org>
To: "Tom Lendacky" <thomas.lendacky@....com>, "John Allen"
 <john.allen@....com>
Cc: "Herbert Xu" <herbert@...dor.apana.org.au>, "David S. Miller"
 <davem@...emloft.net>, <linux-crypto@...r.kernel.org>,
 <linux-kernel@...r.kernel.org>, "Diederik de Haas" <didi.debian@...ow.org>
Subject: Re: [BUG] Non working HWRNG on AMD Ryzen 5 5500GT

On Thu Aug 15, 2024 at 4:53 PM CEST, Tom Lendacky wrote:
> On 8/15/24 09:40, Diederik de Haas wrote:
> > On Thu Aug 15, 2024 at 4:16 PM CEST, Tom Lendacky wrote:
> >> On 8/15/24 08:56, Diederik de Haas wrote:
> >>> I recently bought an Asus ROG STRIX B550-F GAMING MB with an
> >>> AMD Ryzen 5 5500GT CPU (and installed the latest BIOS: 3607).
> >>> I'm running Debian Testing/Sid on it with kernel 6.9 and now 6.10
> >>> and it seems to work great.
> >>> I've been doing some (unrelated) tests with `rngtest` from the
> >>> `rng-tools5` package and wondered how it would fare on my AMD CPU.
> >>
> >> I'm not very familiar with this test. What is the command line that you
> >> are using to invoke it?
> > 
> > ```
> > root@...4:~# cat /dev/hwrng | rngtest -c 1000
> > rngtest 5
> > Copyright (c) 2004 by Henrique de Moraes Holschuh
> > This is free software; see the source for copying conditions.
> > There is NO warranty; not even for MERCHANTABILITY or FITNESS
> > FOR A PARTICULAR PURPOSE.
> > 
> > rngtest: starting FIPS tests...
> > cat: /dev/hwrng: No such device
> > rngtest: entropy source drained
>
> Ok, this makes sense since you are using /dev/hwrng. This device does
> not exist because the CCP support in the ccp driver did not create one.
> It appears that the BIOS has blocked access to the MMIO range for the
> CCP so that during initialization, when attempting to read the number of
> queues available, 0xffffffff is read instead of the actual number of
> queues available, which as Jason noted, results in the "broken BIOS"
> message.

Ok, so the BIOS is broken. Good to know. Thanks :)

> This may not matter, though. I don't know if this version of the ASP/CCP
> device (1022:15df) provides any queues to the OS to use.

But I don't know how to interpret this?

I initially contacted Asus (HQ) and they apparently had contact with AMD
about this. I was 'a bit' flabbergasted about the response though:

"We have confirmed with AMD that the Linux system supported by the customer's
CPU (AMD Ryzen 5 5500GT) is Ubuntu:20.04.x.
The corresponding Linux Kernel version is between 5.4 and 5.8, and the
customer's OS version is Linux Kernel version: 6.9.10.
The CPU is not supported."

I have no idea how Ubuntu 20.04 and kernel 5.4 got into that communication
as I clearly said I tested it with Debian and kernel 6.9 and 6.10.
Basically the same as here, except more extensive/detailed.

> The fact that there is no /dev/hwrng device is not a kernel bug, though.
>
> Thanks,
> Tom

Thanks for the responses, much appreciated :-)

Cheers,
  Diederik

> > ```
> > 
> > Or when using ``dd`` you'd get a similar output:
> > 
> > ```
> > root@...4:~# dd if=/dev/hwrng bs%6 | rngtest -c 1000
> > rngtest 5
> > ...
> > 
> > rngtest: starting FIPS tests...
> > dd: error reading '/dev/hwrng': No such device
> > 0+0 records in
> > 0+0 records out
> > rngtest: entropy source drained
> > 0 bytes copied, 4.8214e-05 s, 0.0 kB/s
> > ``
> > 
> > Debian package page: https://packages.debian.org/unstable/rng-tools5
> > Debian hasn't switched to the new upstream (yet?), but that can be found
> > here: https://github.com/nhorman/rng-tools
> > 
> >>> And I found out it doesn't work at all!
> >>> But on another system I have (Asus ROG CROSSHAIR VII HERO MB +
> >>> AMD Ryzen 1800X CPU) it works absolutely fine.
> >>>
> >>> # dmesg | grep ccp
> >>> [    5.399853] ccp 0000:07:00.2: ccp: unable to access the device: you might
> >>> be running a broken BIOS.
> >>> [    5.401031] ccp 0000:07:00.2: tee enabled
> >>> [    5.401113] ccp 0000:07:00.2: psp enabled
> >>
> >> Which system is this output from?
> > 
> > My new system ("cs04") with AMD Ryzen 5 5500GT CPU/APU.
> > 
> >> Can you provide the output from lspci -nn?
> > 
> > ```
> > root@...4:~# lspci -nn
> > 00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex [1022:1630]
> > 00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU [1022:1631]
> > 00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:02.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> > 00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge [1022:1634]
> > 00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge [1022:1632]
> > 00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus [1022:1635]
> > 00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller [1022:790b] (rev 51)
> > 00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge [1022:790e] (rev 51)
> > 00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 [1022:166a]
> > 00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 [1022:166b]
> > 00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 [1022:166c]
> > 00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 [1022:166d]
> > 00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 [1022:166e]
> > 00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 [1022:166f]
> > 00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 [1022:1670]
> > 00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 [1022:1671]
> > 01:00.0 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset USB 3.1 XHCI Controller [1022:43ee]
> > 01:00.1 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset SATA Controller [1022:43eb]
> > 01:00.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] 500 Series Chipset Switch Upstream Port [1022:43e9]
> > 02:00.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 02:08.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 02:09.0 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device [1022:43ea]
> > 05:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller I225-V [8086:15f3] (rev 03)
> > 06:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller PM9A1/PM9A3/980PRO [144d:a80a]
> > 07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [1002:1638] (rev c9)
> > 07:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller [1002:1637]
> > 07:00.2 Encryption controller [1080]: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor [1022:15df]
> > 07:00.3 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> > 07:00.4 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 [1022:1639]
> > 07:00.6 Audio device [0403]: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller [1022:15e3]
> > ```
> > 
> > Cheers,
> >   Diederik
> > 
> >> Thanks,
> >> Tom
> >>
> >>>
> >>> Found an article [1] which could be relevant and downloaded and ran the
> >>> accompanying test program (written by Jason Donenfeld):
> >>> # ./amd-rdrand-bug
> >>> Your RDRAND() does not have the AMD bug.
> >>> # ./test-rdrand
> >>> RDRAND() |993c0
> >>> RDRAND() Çc697d
> >>> ... (more seemingly random numbers)
> >>> RDRAND() ¨58101
> >>>
> >>> I tried it with the latest microcode dd 2024-07-10, but that didn't make
> >>> a difference.
> >>>
> >>> So I'd like to know if this may actually be a bug on the kernel side.
> >>>
> >>> Happy to provide additional information or run tests or try patches.
> >>>
> >>> Cheers,
> >>>   Diederik
> >>>
> >>> [1] https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
> > 


Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ