Details

Reviewers

Group Reviewers

Commits

rG1b7bd82b6dcc: random: add RDSEED as a provably unique entropy source
rG9ca8e09abba8: random: add RDSEED as a provably unique entropy source
rG3a12982962ce: random: add RDSEED as a provably unique entropy source

Summary

NIST SP800-90B allows for only a single entropy source to be claimed
in a FIPS-140-3 certificate. In addition, only hardware sources that
have a NIST Entropy Source Validation (ESV) certificate, backed by
a SP800-90B Entropy Assessment Report, are usable. Intel has obtained
ESV certificates for several of their processors, so RDSEED is a
FIPS-140-3 suitable entropy source.

However, even though RDRAND is seeded by RDSEED internally, RDRAND
would need a RBG certificate and CAVP testing run on the DRBG in order
to use it for FIPS-140-3 (SP800-90B) purposes. So we need to know
down in the CSPRNG-subsystem which source the entropy came from.

In light of the potential issues surrounding AMD Zen 5 CPU's RDSEED
implementation[*], allow RDSEED to be disabled in loader.conf.

https://www.phoronix.com/news/AMD-EPYC-Turin-RDSEED-Bug

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 67848
Build 64731: arc lint + arc unit

Event Timeline

obrien created this revision.Oct 17 2025, 5:48 AM

Herald added a subscriber: imp. · View Herald TranscriptOct 17 2025, 5:48 AM

obrien requested review of this revision.Oct 17 2025, 5:48 AM

Harbormaster completed remote builds in B67846: Diff 164367.Oct 17 2025, 5:48 AM

tags

Harbormaster completed remote builds in B67847: Diff 164368.Oct 17 2025, 5:50 AM

modules

Harbormaster completed remote builds in B67848: Diff 164369.Oct 17 2025, 6:01 AM

obrien added a reviewer: csprng.Oct 18 2025, 12:07 AM

Unobjectionable. Mechanical changes LGTM.

sys/dev/random/ivy.c
2	Might be nice to rename "ivy" to "rdrand" while you're at it.
103–118	I think you can kill the IFUNC in both, given each module only has one happy path now. You'd need to move the cpu feature checks somewhere else; modevent() is probably fine.
sys/dev/random/random_harvestq.c
669	Also ABI breaking, for whatever that's worth
sys/dev/random/rdseed.c
89–98	Ditto

This revision is now accepted and ready to land.Oct 20 2025, 3:35 PM

obrien marked an inline comment as done.Oct 21 2025, 4:17 PM

obrien added inline comments.

sys/dev/random/ivy.c
2	I'd rather just leave the filename alone for now.
sys/dev/random/random_harvestq.c
669	I'm adding bumping __FreeBSD_version. Though I'm not really worried about it. I don't know of any out-of-tree modules that provide entropy to /dev/random. Mixing new kernel w/out-of-date in-tree modules seems very fragile and something I double anyone tries to do.