Page MenuHomeFreeBSD

Add an Armv8 rndr random number provider
Needs ReviewPublic

Authored by andrew on Jun 6 2022, 12:10 PM.

Details

Reviewers
manu
Group Reviewers
arm64
csprng
Summary

Armv8.5 adds an optional random number generator. This is implemented
as two special registers one to read a random number, the other to
re-seed the entropy pool before reading a random number. Both registers
will set the condition flags to tell the caller they can't produce a
random number in a reasonable amount of time.

Without a signal to reseed the entropy pool use the former register
to provide random numbers to the kernel pool. On an Amazon AWS
Graviton3 VM this never failed, however this may not be the case on
low end CPUs so retry reading the random number 10 times before
returning an error.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 45863
Build 42751: arc lint + arc unit

Event Timeline

cem added inline comments.
sys/dev/random/armv8rng.c
63

I think RNDRRS would make more sense, if available. (On x86, we prefer RDSEED to RDRAND.)

sys/dev/random/armv8rng.c
63

My understanding is RNDR is equivilant to RDSEED [1]. RNDRRS just adds a reseed of the hardware CSPRNG used to generate random numbers.

[1] https://lore.kernel.org/linux-arm-kernel/6e75d7b9-1c30-adab-bb74-1aaaa4e98ad4@linaro.org/

sys/dev/random/armv8rng.c
63

Huh. I’m not sure how to reconcile that with the language in the ISA doc, which reads more or less like RDRAND. What’s the downside of using RNDRRS?

sys/dev/random/armv8rng.c
63

K11.1 Properties of the generated random number talks about the random number generator as a whole.

In userspace I tested a loop reading from each register. For RNDR I can read just under 15 million random numbers per second, for RNDRRS it's about 20500, so the former is ~730 times as fast as the latter (on an AWS Graviton3 instance).