Discussion:
[coreboot] Asus Chromebox Panther: no HW RNG?
Grant Grundler
2018-11-27 07:11:54 UTC
Permalink
Hi!
Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
have a HW Random Number Generator:
https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-

(Intel calls it Secure Key)

But "modprobe intel-rng" is failing with "No such device" (Debian
4.18.0-2-amd64 kernel).

That's because there isn't one listed in "lspci" output:
***@stoke:~# lspci -n
00:00.0 0600: 8086:0a04 (rev 09)
00:02.0 0300: 8086:0a06 (rev 09)
00:03.0 0403: 8086:0a0c (rev 09)
00:14.0 0c03: 8086:9c31 (rev 04)
00:16.0 0780: 8086:9c3a (rev 04)
00:1b.0 0403: 8086:9c20 (rev 04)
00:1c.0 0604: 8086:9c14 (rev e4)
00:1c.1 0604: 8086:9c16 (rev e4)
00:1c.2 0604: 8086:9c18 (rev e4)
00:1f.0 0601: 8086:9c45 (rev 04)
00:1f.2 0106: 8086:9c03 (rev 04)
00:1f.3 0c05: 8086:9c22 (rev 04)
00:1f.6 1180: 8086:9c24 (rev 04)
01:00.0 0200: 10ec:8168 (rev 0c)
02:00.0 0280: 168c:0034 (rev 01)

Could Firmware add the HW RNG so intel-rng is happy?

(I'll append human readable below)

Current firmware is:
[ 0.000000] DMI: Google Panther/Panther, BIOS MattDevo 04/18/2016

And if this is fixed in a newer firmware update, please hand me the
paper bag I can hide under. :) I've downloaded a newer version of the
SeaBIOS but haven't (yet) found the instructions to install it.

Why do I care about HW RNG?
Because of this:
...
[ 8.560270] r8169 0000:01:00.0 enp1s0: link up
[ 8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
[19039.712644] random: crng init done
[19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
[19044.485625] wlp2s0: authenticate with ...
...

Yes, several *hours* until the crng was initialized and then
wpa_supplicant could start talking on WIFI. :(

The length of the delay varies...shortest was 7 minutes.

thanks for any help,
grant


# lspci
00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT
Integrated Graphics Controller (rev 09)
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 09)
00:14.0 USB controller: Intel Corporation 8 Series USB xHCI HC (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series HECI #0 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series HD Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 8 Series PCI Express Root Port 3 (rev e4)
00:1c.1 PCI bridge: Intel Corporation 8 Series PCI Express Root Port 4 (rev e4)
00:1c.2 PCI bridge: Intel Corporation 8 Series PCI Express Root Port 5 (rev e4)
00:1f.0 ISA bridge: Intel Corporation 8 Series LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series SATA Controller 1
[AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series SMBus Controller (rev 04)
00:1f.6 Signal processing controller: Intel Corporation 8 Series
Thermal (rev 04)
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
02:00.0 Network controller: Qualcomm Atheros AR9462 Wireless Network
Adapter (rev 01)
--
coreboot mailing list: ***@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
Nico Huber
2018-11-27 12:10:14 UTC
Permalink
Hi Grant,

I don't know how it is supposed to work on Haswell, but can give you
some pointers anyway.

tl;dr I don't think you are looking for a PCI device.
Post by Grant Grundler
Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
(Intel calls it Secure Key)
But "modprobe intel-rng" is failing with "No such device" (Debian
4.18.0-2-amd64 kernel).
This driver is for very old Firmware Hub (FWH) hardware which would
be controlled through the LPC PCI device. You have such a PCI device
(00:1f.0) but there's no FWH to be expect with Haswell.

What you are probably looking for is the RDRAND instruction. I don't
know if it can be controlled by the firmware, but would check first if
your OS is prepared to make use of it.
Post by Grant Grundler
Why do I care about HW RNG?
...
[ 8.560270] r8169 0000:01:00.0 enp1s0: link up
[ 8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
[19039.712644] random: crng init done
[19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
[19044.485625] wlp2s0: authenticate with ...
...
Yes, several *hours* until the crng was initialized and then
wpa_supplicant could start talking on WIFI. :(
The length of the delay varies...shortest was 7 minutes.
Well, even without a hardware rng, I wouldn't expect that. With antennas
available, I would say after 10s for the paranoid there should be enough
entropy available. But that's probably just how I'd do OS development
(and depends on what the wifi driver can do).

Nico
Grant Grundler
2018-11-27 18:11:27 UTC
Permalink
Post by Nico Huber
Hi Grant,
I don't know how it is supposed to work on Haswell, but can give you
some pointers anyway.
tl;dr I don't think you are looking for a PCI device.
If intel-rng support is required, a PCI device will be advertised
because of how the linux kernel binds PCI devices to drivers. See
"alias" field of "modinfo intel-rng" as an example.

One of the search results pointed at a response that said "load
intel-rng driver" as the solution to this problem... that's the only
reason I'm exploring this path.
Post by Nico Huber
Post by Grant Grundler
Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
(Intel calls it Secure Key)
But "modprobe intel-rng" is failing with "No such device" (Debian
4.18.0-2-amd64 kernel).
This driver is for very old Firmware Hub (FWH) hardware which would
be controlled through the LPC PCI device. You have such a PCI device
(00:1f.0) but there's no FWH to be expect with Haswell.
Hrm. OK. But that would explain why intel-rng driver only binds with
PCI devices.
Post by Nico Huber
What you are probably looking for is the RDRAND instruction. I don't
know if it can be controlled by the firmware, but would check first if
your OS is prepared to make use of it.
Linux kernel has supported RDRAND for a long time. There is even a
public debate about *excluding* RDRAND use since some people were
hypothesizing that RDRAND was "compromised" by Intel so "goverment
agencies" could break encrypted traffic which used RDRAND exclusively
to generate encryption keys. Linux kernel does NOT exclusively use
RDRAND and Ted Tyso made compelling arguments that RDRAND would still
add "entropy" to key generation.

What I don't know is how linux figures out it can or should use
RDRAND. RDRAND appears to be a "CPU feature":

arch/x86/include/asm/cpufeatures.h:#define X86_FEATURE_RDRAND
( 4*32+30) /* RDRAND instruction */

And as notedin original email, Intel says this CPU (Celeron 2995U)
supports "Secure Key" which is the new marketing name for HW RNG
support (could be only via RDRAND now).
Post by Nico Huber
Post by Grant Grundler
Why do I care about HW RNG?
...
[ 8.560270] r8169 0000:01:00.0 enp1s0: link up
[ 8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
[19039.712644] random: crng init done
[19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
[19044.485625] wlp2s0: authenticate with ...
...
Yes, several *hours* until the crng was initialized and then
wpa_supplicant could start talking on WIFI. :(
The length of the delay varies...shortest was 7 minutes.
Well, even without a hardware rng, I wouldn't expect that.
Exactly. I didn't either. My NUC5 completes typically in 3 second from
the time the kernel is loaded. But this is a different CPU (Intel Core
i5 6260) and completely different firmware (If Coreboot was available
for this, I'd prefer Coreboot).
Post by Nico Huber
With antennas
available, I would say after 10s for the paranoid there should be enough
entropy available. But that's probably just how I'd do OS development
(and depends on what the wifi driver can do).
I don't know if the kernel has access to any radios (or antennas)
until the 80211 link is brought up... which in turn won't happen until
wpa_supplicant is running. So something else is wrong here. My
suspicion is still on Coreboot not providing something that tells the
linux kernel a quick method to generate random numbers.

I saw Matt DeVillier's response as well and I'll follow up once I've
updated the SeaBIOS firmware, installed rng-tools5, and determined
which CPU features are advertised by both Panther and NUC CPUs. For
some reason my "phone home" (SSH) is getting rejected right now. :(

cheers,
grant
Post by Nico Huber
Nico
--
coreboot mailing list: ***@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
Ivan Ivanov
2018-11-28 09:51:06 UTC
Permalink
Sorry but I think that relying on Intel RNG is a _Terrible_ idea
regarding the security and not sure you should be pursuing it. If you
really want a hardware RNG that is also secure, why not take a look at
some USB dongles like FST-01 or Librem key? Here is a ( sadly deleted
recently! ) Wikipedia comparison page -
https://web.archive.org/web/20180812092012/https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
- You can check it to find the best price/performance USB TRNG dongle
which is also open hardware

Best regards,
Ivan Ivanov
Post by Grant Grundler
Post by Nico Huber
Hi Grant,
I don't know how it is supposed to work on Haswell, but can give you
some pointers anyway.
tl;dr I don't think you are looking for a PCI device.
If intel-rng support is required, a PCI device will be advertised
because of how the linux kernel binds PCI devices to drivers. See
"alias" field of "modinfo intel-rng" as an example.
One of the search results pointed at a response that said "load
intel-rng driver" as the solution to this problem... that's the only
reason I'm exploring this path.
Post by Nico Huber
Post by Grant Grundler
Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
(Intel calls it Secure Key)
But "modprobe intel-rng" is failing with "No such device" (Debian
4.18.0-2-amd64 kernel).
This driver is for very old Firmware Hub (FWH) hardware which would
be controlled through the LPC PCI device. You have such a PCI device
(00:1f.0) but there's no FWH to be expect with Haswell.
Hrm. OK. But that would explain why intel-rng driver only binds with
PCI devices.
Post by Nico Huber
What you are probably looking for is the RDRAND instruction. I don't
know if it can be controlled by the firmware, but would check first if
your OS is prepared to make use of it.
Linux kernel has supported RDRAND for a long time. There is even a
public debate about *excluding* RDRAND use since some people were
hypothesizing that RDRAND was "compromised" by Intel so "goverment
agencies" could break encrypted traffic which used RDRAND exclusively
to generate encryption keys. Linux kernel does NOT exclusively use
RDRAND and Ted Tyso made compelling arguments that RDRAND would still
add "entropy" to key generation.
What I don't know is how linux figures out it can or should use
arch/x86/include/asm/cpufeatures.h:#define X86_FEATURE_RDRAND
( 4*32+30) /* RDRAND instruction */
And as notedin original email, Intel says this CPU (Celeron 2995U)
supports "Secure Key" which is the new marketing name for HW RNG
support (could be only via RDRAND now).
Post by Nico Huber
Post by Grant Grundler
Why do I care about HW RNG?
...
[ 8.560270] r8169 0000:01:00.0 enp1s0: link up
[ 8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
[19039.712644] random: crng init done
[19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
[19044.485625] wlp2s0: authenticate with ...
...
Yes, several *hours* until the crng was initialized and then
wpa_supplicant could start talking on WIFI. :(
The length of the delay varies...shortest was 7 minutes.
Well, even without a hardware rng, I wouldn't expect that.
Exactly. I didn't either. My NUC5 completes typically in 3 second from
the time the kernel is loaded. But this is a different CPU (Intel Core
i5 6260) and completely different firmware (If Coreboot was available
for this, I'd prefer Coreboot).
Post by Nico Huber
With antennas
available, I would say after 10s for the paranoid there should be enough
entropy available. But that's probably just how I'd do OS development
(and depends on what the wifi driver can do).
I don't know if the kernel has access to any radios (or antennas)
until the 80211 link is brought up... which in turn won't happen until
wpa_supplicant is running. So something else is wrong here. My
suspicion is still on Coreboot not providing something that tells the
linux kernel a quick method to generate random numbers.
I saw Matt DeVillier's response as well and I'll follow up once I've
updated the SeaBIOS firmware, installed rng-tools5, and determined
which CPU features are advertised by both Panther and NUC CPUs. For
some reason my "phone home" (SSH) is getting rejected right now. :(
cheers,
grant
Post by Nico Huber
Nico
--
https://mail.coreboot.org/mailman/listinfo/coreboot
--
coreboot mailing list: ***@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
Matt DeVillier
2018-11-27 15:34:40 UTC
Permalink
On Tue, Nov 27, 2018 at 1:15 AM Grant Grundler <span> wrote:
&gt;
&gt; Hi!
&gt; Asus Chromebox (Panther) with Celeron 2995U processor is supposed to
&gt; have a HW Random Number Generator:
&gt; https://ark.intel.com/products/75608/Intel-Celeron-Processor-2955U-2M-Cache-1-40-GHz-
&gt;
&gt; (Intel calls it Secure Key)
&gt;
&gt; But "modprobe intel-rng" is failing with "No such device" (Debian
&gt; 4.18.0-2-amd64 kernel).
&gt;
&gt; That's because there isn't one listed in "lspci" output:
&gt; ***@stoke:~# lspci -n
&gt; 00:00.0 0600: 8086:0a04 (rev 09)
&gt; 00:02.0 0300: 8086:0a06 (rev 09)
&gt; 00:03.0 0403: 8086:0a0c (rev 09)
&gt; 00:14.0 0c03: 8086:9c31 (rev 04)
&gt; 00:16.0 0780: 8086:9c3a (rev 04)
&gt; 00:1b.0 0403: 8086:9c20 (rev 04)
&gt; 00:1c.0 0604: 8086:9c14 (rev e4)
&gt; 00:1c.1 0604: 8086:9c16 (rev e4)
&gt; 00:1c.2 0604: 8086:9c18 (rev e4)
&gt; 00:1f.0 0601: 8086:9c45 (rev 04)
&gt; 00:1f.2 0106: 8086:9c03 (rev 04)
&gt; 00:1f.3 0c05: 8086:9c22 (rev 04)
&gt; 00:1f.6 1180: 8086:9c24 (rev 04)
&gt; 01:00.0 0200: 10ec:8168 (rev 0c)
&gt; 02:00.0 0280: 168c:0034 (rev 01)
&gt;
&gt; Could Firmware add the HW RNG so intel-rng is happy?
&gt;
&gt; (I'll append human readable below)
&gt;
&gt; Current firmware is:
&gt; [ 0.000000] DMI: Google Panther/Panther, BIOS MattDevo 04/18/2016
&gt;
&gt; And if this is fixed in a newer firmware update, please hand me the
&gt; paper bag I can hide under. :) I've downloaded a newer version of the
&gt; SeaBIOS but haven't (yet) found the instructions to install it.

While not likely to fix your issue, that firmware is very old, and
updating wouldn't be a terrible idea. You can update via my ChromeOS
Device Firmware Utility Script, see
https://mrchromebox.tech/#fwscript. Both UEFI and Legacy Boot
(SeaBIOS) versions are available for your device.

&gt;
&gt; Why do I care about HW RNG?
&gt; Because of this:
&gt; ...
&gt; [ 8.560270] r8169 0000:01:00.0 enp1s0: link up
&gt; [ 8.560287] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready
&gt; [19039.712644] random: crng init done
&gt; [19039.712649] random: 7 urandom warning(s) missed due to ratelimiting
&gt; [19044.485625] wlp2s0: authenticate with ...
&gt; ...

I'm surprised you're seeing this with such a recent kernel. I saw
this on a few Chromebooks with earlier 4.1x kernels, and would
manifest as a delay in the desktop loading, but could be mitigated by
providing trackpad input. A quick googling says to install the
rng-tools5 package if you haven't already

&gt;
&gt; Yes, several *hours* until the crng was initialized and then
&gt; wpa_supplicant could start talking on WIFI. :(
&gt;
&gt; The length of the delay varies...shortest was 7 minutes.
&gt;
&gt; thanks for any help,
&gt; grant
&gt;
&gt;
&gt; # lspci
&gt; 00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
&gt; 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT
&gt; Integrated Graphics Controller (rev 09)
&gt; 00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio
Controller (rev 09)
&gt; 00:14.0 USB controller: Intel Corporation 8 Series USB xHCI HC (rev 04)
&gt; 00:16.0 Communication controller: Intel Corporation 8 Series HECI
#0 (rev 04)
&gt; 00:1b.0 Audio device: Intel Corporation 8 Series HD Audio
Controller (rev 04)
&gt; 00:1c.0 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 3 (rev e4)
&gt; 00:1c.1 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 4 (rev e4)
&gt; 00:1c.2 PCI bridge: Intel Corporation 8 Series PCI Express Root
Port 5 (rev e4)
&gt; 00:1f.0 ISA bridge: Intel Corporation 8 Series LPC Controller (rev 04)
&gt; 00:1f.2 SATA controller: Intel Corporation 8 Series SATA Controller 1
&gt; [AHCI mode] (rev 04)
&gt; 00:1f.3 SMBus: Intel Corporation 8 Series SMBus Controller (rev 04)
&gt; 00:1f.6 Signal processing controller: Intel Corporation 8 Series
&gt; Thermal (rev 04)
&gt; 01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
&gt; RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
&gt; 02:00.0 Network controller: Qualcomm Atheros AR9462 Wireless Network
&gt; Adapter (rev 01)
&gt;
&gt; --
&gt; coreboot mailing list: ***@coreboot.org
&gt; https://mail.coreboot.org/mailman/listinfo/coreboot</span>
--
coreboot mailing list: ***@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
Loading...