1
by Tim Gardner, Andy Whitcroft, Tim Gardner
[ Andy Whitcroft ] |
1 |
Introduction: |
2 |
||
3 |
The hw_random framework is software that makes use of a |
|
4 |
special hardware feature on your CPU or motherboard, |
|
5 |
a Random Number Generator (RNG). The software has two parts: |
|
6 |
a core providing the /dev/hw_random character device and its |
|
7 |
sysfs support, plus a hardware-specific driver that plugs |
|
8 |
into that core. |
|
9 |
||
10 |
To make the most effective use of these mechanisms, you |
|
11 |
should download the support software as well. Download the |
|
12 |
latest version of the "rng-tools" package from the |
|
13 |
hw_random driver's official Web site: |
|
14 |
||
15 |
http://sourceforge.net/projects/gkernel/ |
|
16 |
||
17 |
Those tools use /dev/hw_random to fill the kernel entropy pool, |
|
18 |
which is used internally and exported by the /dev/urandom and |
|
19 |
/dev/random special files. |
|
20 |
||
21 |
Theory of operation: |
|
22 |
||
23 |
CHARACTER DEVICE. Using the standard open() |
|
24 |
and read() system calls, you can read random data from |
|
25 |
the hardware RNG device. This data is NOT CHECKED by any |
|
26 |
fitness tests, and could potentially be bogus (if the |
|
27 |
hardware is faulty or has been tampered with). Data is only |
|
28 |
output if the hardware "has-data" flag is set, but nevertheless |
|
29 |
a security-conscious person would run fitness tests on the |
|
30 |
data before assuming it is truly random. |
|
31 |
||
32 |
The rng-tools package uses such tests in "rngd", and lets you |
|
33 |
run them by hand with a "rngtest" utility. |
|
34 |
||
35 |
/dev/hw_random is char device major 10, minor 183. |
|
36 |
||
37 |
CLASS DEVICE. There is a /sys/class/misc/hw_random node with |
|
38 |
two unique attributes, "rng_available" and "rng_current". The |
|
39 |
"rng_available" attribute lists the hardware-specific drivers |
|
40 |
available, while "rng_current" lists the one which is currently |
|
41 |
connected to /dev/hw_random. If your system has more than one |
|
42 |
RNG available, you may change the one used by writing a name from |
|
43 |
the list in "rng_available" into "rng_current". |
|
44 |
||
45 |
========================================================================== |
|
46 |
||
47 |
Hardware driver for Intel/AMD/VIA Random Number Generators (RNG) |
|
48 |
Copyright 2000,2001 Jeff Garzik <jgarzik@pobox.com> |
|
49 |
Copyright 2000,2001 Philipp Rumpf <prumpf@mandrakesoft.com> |
|
50 |
||
51 |
||
52 |
About the Intel RNG hardware, from the firmware hub datasheet: |
|
53 |
||
54 |
The Firmware Hub integrates a Random Number Generator (RNG) |
|
55 |
using thermal noise generated from inherently random quantum |
|
56 |
mechanical properties of silicon. When not generating new random |
|
57 |
bits the RNG circuitry will enter a low power state. Intel will |
|
58 |
provide a binary software driver to give third party software |
|
59 |
access to our RNG for use as a security feature. At this time, |
|
60 |
the RNG is only to be used with a system in an OS-present state. |
|
61 |
||
62 |
Intel RNG Driver notes: |
|
63 |
||
64 |
* FIXME: support poll(2) |
|
65 |
||
66 |
NOTE: request_mem_region was removed, for two reasons: |
|
67 |
1) Only one RNG is supported by this driver, 2) The location |
|
68 |
used by the RNG is a fixed location in MMIO-addressable memory, |
|
69 |
3) users with properly working BIOS e820 handling will always |
|
70 |
have the region in which the RNG is located reserved, so |
|
71 |
request_mem_region calls always fail for proper setups. |
|
72 |
However, for people who use mem=XX, BIOS e820 information is |
|
73 |
-not- in /proc/iomem, and request_mem_region(RNG_ADDR) can |
|
74 |
succeed. |
|
75 |
||
76 |
Driver details: |
|
77 |
||
78 |
Based on: |
|
79 |
Intel 82802AB/82802AC Firmware Hub (FWH) Datasheet |
|
80 |
May 1999 Order Number: 290658-002 R |
|
81 |
||
82 |
Intel 82802 Firmware Hub: Random Number Generator |
|
83 |
Programmer's Reference Manual |
|
84 |
December 1999 Order Number: 298029-001 R |
|
85 |
||
86 |
Intel 82802 Firmware HUB Random Number Generator Driver |
|
87 |
Copyright (c) 2000 Matt Sottek <msottek@quiknet.com> |
|
88 |
||
89 |
Special thanks to Matt Sottek. I did the "guts", he |
|
90 |
did the "brains" and all the testing. |