Re: hwrng on 82801EB/ER (ICH5/ICH5R) fails rngtest checks

From: Michael Buesch
Date: Wed Jul 26 2006 - 09:43:33 EST


On Wednesday 26 July 2006 07:22, Andrew Morton wrote:
> with latest HEAD of Linus' tree I got /dev/hwrng but although the device
> exists rngtest does not pass as if hwrng does not work correctly.
> actually this case is documented in the README supplied by Debian
> but I'm surprised to hit the problem.
>
> I'm just curious whether there's a bug in the driver, the hwrng is bad
> or if it is falsely detected and made accessible via /dev/hwrng.
>
> rngtest 2-unofficial-mt.10
> Copyright (c) 2004 by Henrique de Moraes Holschuh
> This is free software; see the source for copying conditions. There
> is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
>
> rngtest: starting FIPS tests...
> rngtest: bits received from input: 200032
> rngtest: FIPS 140-2 successes: 0
> rngtest: FIPS 140-2 failures: 10
> rngtest: FIPS 140-2(2001-10-10) Monobit: 10
> rngtest: FIPS 140-2(2001-10-10) Poker: 10
> rngtest: FIPS 140-2(2001-10-10) Runs: 10
> rngtest: FIPS 140-2(2001-10-10) Long run: 10
> rngtest: FIPS 140-2(2001-10-10) Continuous run: 10
> rngtest: input channel speed: (min=1.132; avg=2.157; max=2.794)Mibits/s
> rngtest: FIPS tests speed: (min=202.909; avg=206.647; max=211.928)Mibits/s
> rngtest: Program run time: 89804 microseconds
>
>
> lspci
> 00:00.0 Host bridge: Intel Corporation E7520 Memory Controller Hub (rev 0c)
> 00:02.0 PCI bridge: Intel Corporation E7525/E7520/E7320 PCI Express Port A (rev
> 0c)
> 00:06.0 PCI bridge: Intel Corporation E7520 PCI Express Port C (rev 0c)
> 00:1d.0 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> oller #1 (rev 02)
> 00:1d.1 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> oller #2 (rev 02)
> 00:1d.2 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> oller #3 (rev 02)
> 00:1d.3 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI Contr
> oller #4 (rev 02)
> 00:1d.7 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB2 EHCI Cont
> roller (rev 02)
> 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c2)
> 00:1f.0 ISA bridge: Intel Corporation 82801EB/ER (ICH5/ICH5R) LPC Interface Brid
> ge (rev 02)
> 00:1f.1 IDE interface: Intel Corporation 82801EB/ER (ICH5/ICH5R) IDE Controller
> (rev 02)
> 01:03.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)
> 01:04.0 System peripheral: Compaq Computer Corporation Integrated Lights Out Con
> troller (rev 01)
> 01:04.2 System peripheral: Compaq Computer Corporation Integrated Lights Out Pr
> ocessor (rev 01)
> 02:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A (rev 0
> 9)
> 02:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B (rev 0
> 9)
> 03:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe
> rnet (rev 10)
> 03:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethe
> rnet (rev 10)
> 04:03.0 RAID bus controller: Compaq Computer Corporation Smart Array 64xx (rev 0
> 1)
> 05:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A (rev 0
> 9)
> 05:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B (rev 0
> 9)
> 0a:01.0 PCI bridge: IBM PCI-X to PCI-X Bridge (rev 03)
> 0b:04.0 RAID bus controller: Compaq Computer Corporation Smart Array 64xx (rev 0
> 1)


I guess you are running the Intel ICH RNG, right?
As the FIPS test is a hardware test, I would simply say it's
failing hardware. But let's not do this. :) Let's check what
actually comes out of the RNG.
Could you do a
hexdump /dev/hwrng
So we can see what actually comes ot of the device. Let's see
if it's all zeros or something.

Does the RNG work, if you use 2.6.17 or earlier?

--
Greetings Michael.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/