Page MenuHomeFreeBSD
Differential D35411

Add an Armv8 rndr random number provider
Needs ReviewPublic
Actions

Authored by andrew on Jun 6 2022, 12:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 16, 11:54 PM
Unknown Object (File)
May 6 2023, 12:43 AM
Unknown Object (File)
Apr 15 2023, 5:55 AM
Unknown Object (File)
Mar 27 2023, 9:17 AM
Unknown Object (File)
Mar 11 2023, 4:03 AM
Unknown Object (File)
Mar 2 2023, 2:19 PM
Unknown Object (File)
Feb 11 2023, 7:24 PM
Unknown Object (File)
Jan 17 2023, 12:04 AM
View All 11 Files
Subscribers
cem
emaste
imp
jmg

Details

Reviewers
manu
Group Reviewers
arm64
csprng
Summary

Armv8.5 adds an optional random number generator. This is implemented
as two special registers one to read a random number, the other to
re-seed the entropy pool before reading a random number. Both registers
will set the condition flags to tell the caller they can't produce a
random number in a reasonable amount of time.

Without a signal to reseed the entropy pool use the former register
to provide random numbers to the kernel pool. On an Amazon AWS
Graviton3 VM this never failed, however this may not be the case on
low end CPUs so retry reading the random number 10 times before
returning an error.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45863
Build 42751: arc lint + arc unit

Event Timeline

andrew created this revision.Jun 6 2022, 12:10 PM
Herald added a reviewer: manu. · View Herald TranscriptJun 6 2022, 12:10 PM
Herald added subscribers: jmg, emaste, imp. · View Herald Transcript
andrew requested review of this revision.Jun 6 2022, 12:10 PM
Harbormaster completed remote builds in B45861: Diff 106664.Jun 6 2022, 12:10 PM
andrew updated this revision to Diff 106666.Jun 6 2022, 12:16 PM

Rebase past D35412

Harbormaster completed remote builds in B45863: Diff 106666.Jun 6 2022, 12:16 PM
cem added a subscriber: cem.Jun 6 2022, 1:01 PM
cem added inline comments.
sys/dev/random/armv8rng.c
63

I think RNDRRS would make more sense, if available. (On x86, we prefer RDSEED to RDRAND.)

andrew added inline comments.Jun 6 2022, 1:41 PM
sys/dev/random/armv8rng.c
63

My understanding is RNDR is equivilant to RDSEED [1]. RNDRRS just adds a reseed of the hardware CSPRNG used to generate random numbers.

[1] https://lore.kernel.org/linux-arm-kernel/6e75d7b9-1c30-adab-bb74-1aaaa4e98ad4@linaro.org/

cem added inline comments.Jun 6 2022, 2:06 PM
sys/dev/random/armv8rng.c
63

Huh. I’m not sure how to reconcile that with the language in the ISA doc, which reads more or less like RDRAND. What’s the downside of using RNDRRS?

andrew added inline comments.Jun 6 2022, 2:23 PM
sys/dev/random/armv8rng.c
63

K11.1 Properties of the generated random number talks about the random number generator as a whole.

In userspace I tested a loop reading from each register. For RNDR I can read just under 15 million random numbers per second, for RNDRRS it's about 20500, so the former is ~730 times as fast as the latter (on an AWS Graviton3 instance).

Revision Contents
Changeset List

PathSize
sys/
arm64/
conf/
1 line
conf/
2 lines
dev/
random/
134 lines
1 line
modules/
2 lines
armv8_rng/
11 lines
sys/
1 line

Diff 106666

View Options

sys/arm64/conf/std.dev

Loading...
View Options

sys/conf/files.arm64

Loading...
View Options

sys/dev/random/armv8rng.c

Loading...
View Options

sys/dev/random/random_harvestq.c

Loading...
View Options

sys/modules/Makefile

Loading...
View Options

sys/modules/armv8_rng/Makefile

Loading...
View Options

sys/sys/random.h

Loading...