Hardware random number generator?
#11
(06-03-2018, 04:52 AM)scalextrix Wrote: Thanks, I did think of it and have compiled some software (not kernel though) on linux/ARM before, what I couldnt find was the driver or module code for the TRNG on this chipset.  One thing you could do to help is just install rng-tools on your board and see if you can get it running, perhaps its something unique to mine?  Im on the official ROCK64 Debain Jessie Minimal build.

I just noticed 2 packages have been held back
> The following packages have been kept back:

>  linux-rock64 linux-rock64-package

I wonder if thats connected.

EDIT: Updated and restarted but rng-tools still fails.

OK. Better with the distro version.

As you may know, Rock64 is quite new and not very well supported yet by Linux kernels and tools. Hardware, unfortunately, is not magically handled by software, people need to get datasheets and specs, adapt code or create new, like a brand new kernel module for something never seen before, test, integrate it to main source trunk, in which it will be even more tested on various hardware and so on before finally be released. This take times, depending of the popularity amount of the device.

And unfortunately for us, Raspberries captures most of the energy available around, that's why it is well supported by Raspbian and others.

Using a quite old Debian release does not help there. If you don't mind your current install, you can try again with Stretch, it will be a lot easier than a dist-upgrade from my experience. The two held back packages looks like to be Rock64 dedicated kernel, you may still use a generic one which doesn't include TRNG module/code at all. I guess there are missing dependencies so they're held back by package manager. You can try to solve this 1st if it is not too time consuming.

I'll try on my dietPi install (which is based on Debian for all I know) later today if I got some time and give a detailed report.
  Reply
#12
(06-03-2018, 07:32 AM)MichaelRock Wrote:
(06-03-2018, 04:52 AM)scalextrix Wrote: Thanks, I did think of it and have compiled some software (not kernel though) on linux/ARM before, what I couldnt find was the driver or module code for the TRNG on this chipset.  One thing you could do to help is just install rng-tools on your board and see if you can get it running, perhaps its something unique to mine?  Im on the official ROCK64 Debain Jessie Minimal build.

I just noticed 2 packages have been held back
> The following packages have been kept back:

>  linux-rock64 linux-rock64-package

I wonder if thats connected.

EDIT: Updated and restarted but rng-tools still fails.

OK. Better with the distro version.

As you may know, Rock64 is quite new and not very well supported yet by Linux kernels and tools. Hardware, unfortunately, is not magically handled by software, people need to get datasheets and specs, adapt code or create new, like a brand new kernel module for something never seen before, test, integrate it to main source trunk, in which it will be even more tested on various hardware and so on before finally be released. This take times, depending of the popularity amount of the device.

And unfortunately for us, Raspberries captures most of the energy available around, that's why it is well supported by Raspbian and others.

Using a quite old Debian release does not help there. If you don't mind your current install, you can try again with Stretch, it will be a lot easier than a dist-upgrade from my experience. The two held back packages looks like to be Rock64 dedicated kernel, you may still use a generic one which doesn't include TRNG module/code at all. I guess there are missing dependencies so they're held back by package manager. You can try to solve this 1st if it is not too time consuming.

I'll try on my dietPi install (which is based on Debian for all I know) later today if I got some time and give a detailed report.

Thanks, I have some software that hasnt played nicely with stretch on Raspbian, I think its the upgraded boost libraries but I never had the time to figure out what exactly broke them.  I need to take an SD card backup anyway, after which ill try stretch again, but travelling for a bit so will have to get to it later in the week.
  Reply
#13
I've tried on my DietPi. I took my shovel and dig dig and dig again Smile

Quote:cat /etc/debian_version
9.4

apt-cache search rng-tool
rng-tools - Daemon to use a Hardware TRNG
rng-tools5 - Daemon to use a Hardware TRNG

after install of rng-tools package:
Quote:Job for rng-tools.service failed because the control process exited with error code.
See "systemctl status rng-tools.service" and "journalctl -xe" for details.
invoke-rc.d: initscript rng-tools, action "start" failed.
● rng-tools.service
   Loaded: loaded (/etc/init.d/rng-tools; generated; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2018-06-03 18:55:19 BST; 29ms ago
     Docs: manConfusedystemd-sysv-generator(8)
  Process: 3134 ExecStart=/etc/init.d/rng-tools start (code=exited, status=1/FAILURE)

Jun 03 18:55:19 DietPi systemd[1]: Starting rng-tools.service...
Jun 03 18:55:19 DietPi rng-tools[3134]: Starting Hardware RNG entropy gather…d).
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Control process exite…us=1
Jun 03 18:55:19 DietPi systemd[1]: Failed to start rng-tools.service.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Unit entered failed state.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Failed with result 'e…de'.
Hint: Some lines were ellipsized, use -l to show in full.
Processing triggers for systemd (232-25+deb9u3) ...

random number generator devices:
Quote:using /dev/random:
[email protected]:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: rngd.

using /dev/hwrng:
[email protected]:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: (failed).

sudo cat /dev/hwrng
cat: /dev/hwrng: No such device
If it has hardware support, cat should print random characters on the terminal as it does with /dev/random.

Kernel stuff:
Quote:kernel config:

 /boot/config-4.4.77-rockchip-ayufan-136

inside the file, there are only these two about random stuff:
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TPM=y

modules:
find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname 'hw_random'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*hw_random*'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*random*'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*rng*'

=> no related module found


in config file on github:

no support for RK3328 chip HRNG
didn't found anything which shows Linux Kernel actually support Cortex A53 H/TRNG


[email protected]:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/
842.ko               lz4hc.ko             pcrypt.ko
async_tx/            lz4.ko               poly1305_generic.ko
chacha20_generic.ko  lzo.ko               rsa_generic.ko
chacha20poly1305.ko  md4.ko               zlib.ko
[email protected]:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/async_tx/
async_memcpy.ko  async_pq.ko  async_raid6_recov.ko  async_tx.ko  async_xor.ko

Perhaps one of these related to HRNG, need more investigations.

Bad thing with ayufan work:

source:
linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
linux-source - Linux kernel source (meta-package)
linux-source-4.16 - Linux kernel source for version 4.16 with Debian patches
???

dpkg -l '*linux*image*'|grep ii
ii  linux-image-4.4.77-rockchip-ayufan-136          0.5.15       arm64        Linux kernel, version 4.4.77-rockchip-ayufan-136

He did not make proper debianized package of sources Sad very very  unfortunate for us, despite it's not that hard, all work has been already done and it's just a matter of few commands to run. Looks like we've got to deal with source trunk only and binary package.

I've also did some research on Cortex A53 support in Linux, there are not that much avaialble

An interesting link to check on kernel config: https://cateee.net/lkddb/web-lkddb/HW_RANDOM.html

So, unless you ABSOLUTELY need HRNG, I believe you'd better move on and try alternatives like pandom. Hope this help.
  Reply
#14
(06-04-2018, 12:42 AM)MichaelRock Wrote: I've tried on my DietPi. I took my shovel and dig dig and dig again Smile

Quote:cat /etc/debian_version
9.4

apt-cache search rng-tool
rng-tools - Daemon to use a Hardware TRNG
rng-tools5 - Daemon to use a Hardware TRNG

after install of rng-tools package:
Quote:Job for rng-tools.service failed because the control process exited with error code.
See "systemctl status rng-tools.service" and "journalctl -xe" for details.
invoke-rc.d: initscript rng-tools, action "start" failed.
● rng-tools.service
   Loaded: loaded (/etc/init.d/rng-tools; generated; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2018-06-03 18:55:19 BST; 29ms ago
     Docs: manConfusedystemd-sysv-generator(8)
  Process: 3134 ExecStart=/etc/init.d/rng-tools start (code=exited, status=1/FAILURE)

Jun 03 18:55:19 DietPi systemd[1]: Starting rng-tools.service...
Jun 03 18:55:19 DietPi rng-tools[3134]: Starting Hardware RNG entropy gather…d).
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Control process exite…us=1
Jun 03 18:55:19 DietPi systemd[1]: Failed to start rng-tools.service.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Unit entered failed state.
Jun 03 18:55:19 DietPi systemd[1]: rng-tools.service: Failed with result 'e…de'.
Hint: Some lines were ellipsized, use -l to show in full.
Processing triggers for systemd (232-25+deb9u3) ...

random number generator devices:
Quote:using /dev/random:
[email protected]:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: rngd.

using /dev/hwrng:
[email protected]:~$ sudo /etc/init.d/rng-tools start
Starting Hardware RNG entropy gatherer daemon: (failed).

sudo cat /dev/hwrng
cat: /dev/hwrng: No such device
If it has hardware support, cat should print random characters on the terminal as it does with /dev/random.

Kernel stuff:
Quote:kernel config:

 /boot/config-4.4.77-rockchip-ayufan-136

inside the file, there are only these two about random stuff:
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TPM=y

modules:
find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname 'hw_random'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*hw_random*'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*random*'
[email protected]:~$ find /lib/modules/4.4.77-rockchip-ayufan-136/ -iname '*rng*'

=> no related module found


in config file on github:

no support for RK3328 chip HRNG
didn't found anything which shows Linux Kernel actually support Cortex A53 H/TRNG


[email protected]:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/
842.ko               lz4hc.ko             pcrypt.ko
async_tx/            lz4.ko               poly1305_generic.ko
chacha20_generic.ko  lzo.ko               rsa_generic.ko
chacha20poly1305.ko  md4.ko               zlib.ko
[email protected]:~$ ls /lib/modules/4.4.77-rockchip-ayufan-136/kernel/crypto/async_tx/
async_memcpy.ko  async_pq.ko  async_raid6_recov.ko  async_tx.ko  async_xor.ko

Perhaps one of these related to HRNG, need more investigations.

Bad thing with ayufan work:

source:
linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
linux-source - Linux kernel source (meta-package)
linux-source-4.16 - Linux kernel source for version 4.16 with Debian patches
???

dpkg -l '*linux*image*'|grep ii
ii  linux-image-4.4.77-rockchip-ayufan-136          0.5.15       arm64        Linux kernel, version 4.4.77-rockchip-ayufan-136

He did not make proper debianized package of sources Sad very very  unfortunate for us, despite it's not that hard, all work has been already done and it's just a matter of few commands to run. Looks like we've got to deal with source trunk only and binary package.

I've also did some research on Cortex A53 support in Linux, there are not that much avaialble

An interesting link to check on kernel config: https://cateee.net/lkddb/web-lkddb/HW_RANDOM.html

So, unless you ABSOLUTELY need HRNG, I believe you'd better move on and try alternatives like pandom. Hope this help.

Thanks for your work.  Im using my ROCK 64 to run cryprocurrency wallets, the private keys should be generated from a very strong source of entropy, to prevent them being computed by an attacker.  In reality this is highly unlikley and for now the PRNG is probably fine.

Its a little unfortunate to have a hardware RNG available, but for it to be un-usable, hopefully it gets fixed, raised a github issue so perhaps in time it will be resolved.
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
Exclamation WARNING: internal 10|100 PHY requires magjack hardware! MarkHaysHarris777 32 5,830 01-15-2019, 08:09 PM
Last Post: WrongWorld
  Latest Rock64 board hardware revision Ryan 3 1,217 03-14-2018, 05:42 AM
Last Post: petec

Forum Jump:


Users browsing this thread: 1 Guest(s)