Page MenuHomeFreeBSD

Add an Armv8 rndr random number provider
ClosedPublic

Authored by andrew on Jun 6 2022, 12:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 28 2024, 5:18 PM
Unknown Object (File)
Sep 27 2024, 1:58 PM
Unknown Object (File)
Sep 27 2024, 12:23 PM
Unknown Object (File)
Sep 24 2024, 5:02 PM
Unknown Object (File)
Sep 15 2024, 3:49 AM
Unknown Object (File)
Sep 12 2024, 11:41 PM
Unknown Object (File)
Sep 11 2024, 11:42 PM
Unknown Object (File)
Sep 11 2024, 3:50 PM

Details

Summary

Armv8.5 adds an optional random number generator. This is implemented
as two special registers one to read a random number, the other to
re-seed the entropy pool before reading a random number. Both registers
will set the condition flags to tell the caller they can't produce a
random number in a reasonable amount of time.

Without a signal to reseed the entropy pool use the former register
to provide random numbers to the kernel pool. On an Amazon AWS
Graviton3 VM this never failed, however this may not be the case on
low end CPUs so retry reading the random number 10 times before
returning an error.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem added inline comments.
sys/dev/random/armv8rng.c
64

I think RNDRRS would make more sense, if available. (On x86, we prefer RDSEED to RDRAND.)

sys/dev/random/armv8rng.c
64

My understanding is RNDR is equivilant to RDSEED [1]. RNDRRS just adds a reseed of the hardware CSPRNG used to generate random numbers.

[1] https://lore.kernel.org/linux-arm-kernel/6e75d7b9-1c30-adab-bb74-1aaaa4e98ad4@linaro.org/

sys/dev/random/armv8rng.c
64

Huh. I’m not sure how to reconcile that with the language in the ISA doc, which reads more or less like RDRAND. What’s the downside of using RNDRRS?

sys/dev/random/armv8rng.c
64

K11.1 Properties of the generated random number talks about the random number generator as a whole.

In userspace I tested a loop reading from each register. For RNDR I can read just under 15 million random numbers per second, for RNDRRS it's about 20500, so the former is ~730 times as fast as the latter (on an AWS Graviton3 instance).

  • rebase
  • use rndrrs
  • clean up the style

One formatting nit and one very strong suggestion for a comment to document the conversation in the review.
Normally they don't matter, but in this case it will likely be a question on many people's minds that read the code.
Your choice either way, but please consider it.
Otherwise looks good to go.

sys/dev/random/armv8rng.c
64

I'd be tempted to make a comment here.

We don't need to reseed the pool often, so we use the stronger random source. Explain why we chose this one and possibly some of the numbers behind that choice. Future explorers will be happy you did.

75

Need a blank line.

This revision is now accepted and ready to land.Oct 27 2023, 3:21 PM
This revision was automatically updated to reflect the committed changes.