Page MenuHomeFreeBSD

Add an Armv8 rndr random number provider
ClosedPublic

Authored by andrew on Jun 6 2022, 12:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 17, 7:59 AM
Unknown Object (File)
Sun, Mar 17, 7:58 AM
Unknown Object (File)
Thu, Mar 14, 3:40 PM
Unknown Object (File)
Thu, Mar 14, 3:39 PM
Unknown Object (File)
Thu, Mar 14, 3:39 PM
Unknown Object (File)
Mon, Mar 11, 3:42 AM
Unknown Object (File)
Dec 24 2023, 2:45 PM
Unknown Object (File)
Dec 20 2023, 4:02 AM

Details

Summary

Armv8.5 adds an optional random number generator. This is implemented
as two special registers one to read a random number, the other to
re-seed the entropy pool before reading a random number. Both registers
will set the condition flags to tell the caller they can't produce a
random number in a reasonable amount of time.

Without a signal to reseed the entropy pool use the former register
to provide random numbers to the kernel pool. On an Amazon AWS
Graviton3 VM this never failed, however this may not be the case on
low end CPUs so retry reading the random number 10 times before
returning an error.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45861
Build 42749: arc lint + arc unit

Event Timeline

cem added inline comments.
sys/dev/random/armv8rng.c
64

I think RNDRRS would make more sense, if available. (On x86, we prefer RDSEED to RDRAND.)

sys/dev/random/armv8rng.c
64

My understanding is RNDR is equivilant to RDSEED [1]. RNDRRS just adds a reseed of the hardware CSPRNG used to generate random numbers.

[1] https://lore.kernel.org/linux-arm-kernel/6e75d7b9-1c30-adab-bb74-1aaaa4e98ad4@linaro.org/

sys/dev/random/armv8rng.c
64

Huh. I’m not sure how to reconcile that with the language in the ISA doc, which reads more or less like RDRAND. What’s the downside of using RNDRRS?

sys/dev/random/armv8rng.c
64

K11.1 Properties of the generated random number talks about the random number generator as a whole.

In userspace I tested a loop reading from each register. For RNDR I can read just under 15 million random numbers per second, for RNDRRS it's about 20500, so the former is ~730 times as fast as the latter (on an AWS Graviton3 instance).

  • rebase
  • use rndrrs
  • clean up the style

One formatting nit and one very strong suggestion for a comment to document the conversation in the review.
Normally they don't matter, but in this case it will likely be a question on many people's minds that read the code.
Your choice either way, but please consider it.
Otherwise looks good to go.

sys/dev/random/armv8rng.c
64

I'd be tempted to make a comment here.

We don't need to reseed the pool often, so we use the stronger random source. Explain why we chose this one and possibly some of the numbers behind that choice. Future explorers will be happy you did.

75

Need a blank line.

This revision is now accepted and ready to land.Oct 27 2023, 3:21 PM
This revision was automatically updated to reflect the committed changes.