Commit | Line | Data |
---|---|---|
7a96be33 JN |
1 | ================================= |
2 | Hardware random number generators | |
3 | ================================= | |
440e4f6d MCC |
4 | |
5 | Introduction | |
6 | ============ | |
7 | ||
8 | The hw_random framework is software that makes use of a | |
9 | special hardware feature on your CPU or motherboard, | |
10 | a Random Number Generator (RNG). The software has two parts: | |
11 | a core providing the /dev/hwrng character device and its | |
12 | sysfs support, plus a hardware-specific driver that plugs | |
13 | into that core. | |
14 | ||
15 | To make the most effective use of these mechanisms, you | |
16 | should download the support software as well. Download the | |
54a2ffe9 | 17 | latest version of the "rng-tools" package from: |
440e4f6d | 18 | |
54a2ffe9 | 19 | https://github.com/nhorman/rng-tools |
440e4f6d MCC |
20 | |
21 | Those tools use /dev/hwrng to fill the kernel entropy pool, | |
22 | which is used internally and exported by the /dev/urandom and | |
23 | /dev/random special files. | |
24 | ||
25 | Theory of operation | |
26 | =================== | |
27 | ||
28 | CHARACTER DEVICE. Using the standard open() | |
29 | and read() system calls, you can read random data from | |
30 | the hardware RNG device. This data is NOT CHECKED by any | |
31 | fitness tests, and could potentially be bogus (if the | |
32 | hardware is faulty or has been tampered with). Data is only | |
33 | output if the hardware "has-data" flag is set, but nevertheless | |
34 | a security-conscious person would run fitness tests on the | |
35 | data before assuming it is truly random. | |
36 | ||
37 | The rng-tools package uses such tests in "rngd", and lets you | |
38 | run them by hand with a "rngtest" utility. | |
39 | ||
40 | /dev/hwrng is char device major 10, minor 183. | |
41 | ||
42 | CLASS DEVICE. There is a /sys/class/misc/hw_random node with | |
43 | two unique attributes, "rng_available" and "rng_current". The | |
44 | "rng_available" attribute lists the hardware-specific drivers | |
45 | available, while "rng_current" lists the one which is currently | |
46 | connected to /dev/hwrng. If your system has more than one | |
47 | RNG available, you may change the one used by writing a name from | |
48 | the list in "rng_available" into "rng_current". | |
537878d2 DB |
49 | |
50 | ========================================================================== | |
51 | ||
537878d2 | 52 | |
440e4f6d MCC |
53 | Hardware driver for Intel/AMD/VIA Random Number Generators (RNG) |
54 | - Copyright 2000,2001 Jeff Garzik <jgarzik@pobox.com> | |
55 | - Copyright 2000,2001 Philipp Rumpf <prumpf@mandrakesoft.com> | |
537878d2 | 56 | |
537878d2 | 57 | |
440e4f6d MCC |
58 | About the Intel RNG hardware, from the firmware hub datasheet |
59 | ============================================================= | |
1da177e4 | 60 | |
440e4f6d MCC |
61 | The Firmware Hub integrates a Random Number Generator (RNG) |
62 | using thermal noise generated from inherently random quantum | |
63 | mechanical properties of silicon. When not generating new random | |
64 | bits the RNG circuitry will enter a low power state. Intel will | |
65 | provide a binary software driver to give third party software | |
66 | access to our RNG for use as a security feature. At this time, | |
67 | the RNG is only to be used with a system in an OS-present state. | |
1da177e4 | 68 | |
440e4f6d MCC |
69 | Intel RNG Driver notes |
70 | ====================== | |
1da177e4 | 71 | |
440e4f6d MCC |
72 | FIXME: support poll(2) |
73 | ||
74 | .. note:: | |
75 | ||
76 | request_mem_region was removed, for three reasons: | |
77 | ||
78 | 1) Only one RNG is supported by this driver; | |
79 | 2) The location used by the RNG is a fixed location in | |
80 | MMIO-addressable memory; | |
1da177e4 | 81 | 3) users with properly working BIOS e820 handling will always |
440e4f6d MCC |
82 | have the region in which the RNG is located reserved, so |
83 | request_mem_region calls always fail for proper setups. | |
84 | However, for people who use mem=XX, BIOS e820 information is | |
85 | **not** in /proc/iomem, and request_mem_region(RNG_ADDR) can | |
86 | succeed. | |
1da177e4 | 87 | |
440e4f6d MCC |
88 | Driver details |
89 | ============== | |
1da177e4 | 90 | |
440e4f6d | 91 | Based on: |
1da177e4 | 92 | Intel 82802AB/82802AC Firmware Hub (FWH) Datasheet |
440e4f6d | 93 | May 1999 Order Number: 290658-002 R |
1da177e4 | 94 | |
440e4f6d MCC |
95 | Intel 82802 Firmware Hub: |
96 | Random Number Generator | |
1da177e4 | 97 | Programmer's Reference Manual |
440e4f6d | 98 | December 1999 Order Number: 298029-001 R |
1da177e4 | 99 | |
440e4f6d | 100 | Intel 82802 Firmware HUB Random Number Generator Driver |
1da177e4 LT |
101 | Copyright (c) 2000 Matt Sottek <msottek@quiknet.com> |
102 | ||
440e4f6d MCC |
103 | Special thanks to Matt Sottek. I did the "guts", he |
104 | did the "brains" and all the testing. |