Hardware random number generator?
#1
Does the Rock64 have a real hardware random number generator that can be used as a source of entropy with rng-tools?
  Reply
#2
Looks like the answer is no, rng-tools.service fails to start unless the source of entropy is set to /dev/urandom which is the pseudo-random number generator.
  Reply
#3
(05-30-2018, 12:23 AM)scalextrix Wrote: Does the Rock64 have a real hardware random number generator that can be used as a source of entropy with rng-tools?

The datasheet for the CPU (RK3328)  on page 9  (excerpt below) suggests that it does support both pseudo and true random number generation. I don't know what's needed to get it working though.

Quote:Cipher engine
  • Support AES 128/192/256
  • Supports the DES (ECB and CBC modes) and TDES (EDE and DED) algorithms
  • Supports MD5, SHA-1 and SHA-256 HASH algorithms
  • Support PKA(RSA) 512/1024/2048 bit Exp Modulator
  • Support 160-bit Pseudo Random Number Generator (PRNG)
  • Support 256-bit True Random Number Generator (TRNG)
  Reply
#4
(05-30-2018, 03:33 AM)pfeerick Wrote:
(05-30-2018, 12:23 AM)scalextrix Wrote: Does the Rock64 have a real hardware random number generator that can be used as a source of entropy with rng-tools?

The datasheet for the CPU (RK3328)  on page 9  (excerpt below) suggests that it does support both pseudo and true random number generation. I don't know what's needed to get it working though.

Quote:Cipher engine
  • Support AES 128/192/256
  • Supports the DES (ECB and CBC modes) and TDES (EDE and DED) algorithms
  • Supports MD5, SHA-1 and SHA-256 HASH algorithms
  • Support PKA(RSA) 512/1024/2048 bit Exp Modulator
  • Support 160-bit Pseudo Random Number Generator (PRNG)
  • Support 256-bit True Random Number Generator (TRNG)

OK let me do a little more research, perhaps the device isnt detected
  Reply
#5
Ok so /dev/hwrng is available, but when I either let it auto-detect or set HRNGDEVICE=/dev/hwrng in /etc/defaults/rng-tools the rng-tools.service always fails:

-- Logs begin at Wed 2018-05-30 15:37:55 UTC, end at Wed 2018-05-30 15:41:21 UTC. --
May 30 15:41:10 rock64 systemd[1]: rng-tools.service: control process exited, code=exited status=1
May 30 15:41:10 rock64 systemd[1]: Failed to start (null).
-- Subject: Unit rng-tools.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit rng-tools.service has failed.
--
-- The result is failed.
May 30 15:41:10 rock64 systemd[1]: Unit rng-tools.service entered failed state.
  Reply
#6
(05-30-2018, 03:33 AM)pfeerick Wrote:
(05-30-2018, 12:23 AM)scalextrix Wrote: Does the Rock64 have a real hardware random number generator that can be used as a source of entropy with rng-tools?

The datasheet for the CPU (RK3328)  on page 9  (excerpt below) suggests that it does support both pseudo and true random number generation. I don't know what's needed to get it working though.

Quote:Cipher engine
  • Support AES 128/192/256
  • Supports the DES (ECB and CBC modes) and TDES (EDE and DED) algorithms
  • Supports MD5, SHA-1 and SHA-256 HASH algorithms
  • Support PKA(RSA) 512/1024/2048 bit Exp Modulator
  • Support 160-bit Pseudo Random Number Generator (PRNG)
  • Support 256-bit True Random Number Generator (TRNG)

OK I think the problem might be that there is no tpm-rng module available that can be added in /etc/modules, it might be something the maintainer may need to compile and add to the kernel?  Dunno, out of my depth here, but somethin' aint working right.
  Reply
#7
(06-01-2018, 10:20 AM)scalextrix Wrote: OK I think the problem might be that there is no tpm-rng module available that can be added in /etc/modules, it might be something the maintainer may need to compile and add to the kernel?  Dunno, out of my depth here, but somethin' aint working right.

If you want to file an issue you can do this on github...

https://github.com/ayufan-rock64/linux-build/issues
  Reply
#8
Issue raised, thanks
  Reply
#9
(06-01-2018, 10:20 AM)scalextrix Wrote: OK I think the problem might be that there is no tpm-rng module available that can be added in /etc/modules, it might be something the maintainer may need to compile and add to the kernel?  Dunno, out of my depth here, but somethin' aint working right.
Hi,

which distro do you use ? (I'm guessing it's a debian based)

it may be not too hard to compile your own kernel based on ayufan's source package if there are any available; there are plenty of documentation on how to do it (a quick search with "debian compile kernel" gives me the common docs.)

At configuration step, just need to browse to reach the relevant item, then run the build, wait, install the new kernel, reboot, pick this kernel on boot, then rng-tools might work. You should also see the module loaded if you have done things right (with 'lsmod' command)
I could provide some assistance if you need, I'll also have to play a bit with mine  Blush.
  Reply
#10
(06-02-2018, 01:17 PM)MichaelRock Wrote:
(06-01-2018, 10:20 AM)scalextrix Wrote: OK I think the problem might be that there is no tpm-rng module available that can be added in /etc/modules, it might be something the maintainer may need to compile and add to the kernel?  Dunno, out of my depth here, but somethin' aint working right.
Hi,

which distro do you use ? (I'm guessing it's a debian based)

it may be not too hard to compile your own kernel based on ayufan's source package if there are any available; there are plenty of documentation on how to do it (a quick search with "debian compile kernel" gives me the common docs.)

At configuration step, just need to browse to reach the relevant item, then run the build, wait, install the new kernel, reboot, pick this kernel on boot, then rng-tools might work. You should also see the module loaded if you have done things right (with 'lsmod' command)
I could provide some assistance if you need, I'll also have to play a bit with mine  Blush.

Thanks, I did think of it and have compiled some software (not kernel though) on linux/ARM before, what I couldnt find was the driver or module code for the TRNG on this chipset.  One thing you could do to help is just install rng-tools on your board and see if you can get it running, perhaps its something unique to mine?  Im on the official ROCK64 Debain Jessie Minimal build.

I just noticed 2 packages have been held back
> The following packages have been kept back:

>  linux-rock64 linux-rock64-package

I wonder if thats connected.

EDIT: Updated and restarted but rng-tools still fails.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Exclamation WARNING: internal 10|100 PHY requires magjack hardware! MarkHaysHarris777 32 14,411 01-15-2019, 08:09 PM
Last Post: WrongWorld
  Latest Rock64 board hardware revision Ryan 3 2,412 03-14-2018, 05:42 AM
Last Post: petec

Forum Jump:


Users browsing this thread: 1 Guest(s)