• Do I Have an RNG(Random Number Generator)?


    Do I Have an RNG?

    As we'll see, it can be difficult to determine if you have an RNG in your Intel chipset. But for many people, a couple of simple tests apply:
    • If you have an Intel 865 or 875 chipset, then you almost certainly don't have an RNG.
    • If you're running Linux or FreeBSD, and you're getting repeated messages in your syslog about "failed FIPS test", "can't find RNG", or "can't enable the RNG", then you probably don't have an RNG.
    Failing that, the chipset database may give you an idea of what your odds are. Now if you're still not sure, or you want to look further, then read on.

    Beginning in 1999, Intel began putting RNGs into a "firmware hub", or flash BIOS chip, called the 82802. (There are actually two models, the 82802AB and 82802AC, but I will refer to them both as the 82802.) The 82802 lives on something called the LPC (low pin count) bus, which holds a few slow devices such as your keyboard, mouse, and floppy disk. The 82802's main purpose is to hold your PC's BIOS, but for some reason Intel decided to put their RNG on it too. The 82802 and its RNG were then included in some Intel chipsets, beginning with the 810.

    So, if you want to know if you have an RNG in your chipset, you have to answer two questions:

    Do I have an 82802 in my chipset?

    This should be an easy question to answer... right?
    Visual Inspection
    If you have an 82802, shouldn't you be able to see it on your motherboard? Yes, if it's still a separate piece of silicon. The 82802 was, at least at one time, a separate chip. But by now it may have been integrated into more recent chipsets. So far I haven't been able to get any information from Intel about this.

    Let's take my home system as an example. I have an Abit IS7 motherboard (image: 234 KB), with an Intel 865PE chipset. There's no 82802 chip to be seen anywhere on the board, or on the board's schematic. The flash BIOS chip has a Promise label on it; it's identified at lower left in the picture. The motherboard manual describes the 865PE chipset as consisting of an 82865PE memory controller hub and an 82801ER (ICH5R) I/O controller hub, both identified in the picture. The manual doesn't mention an 82802 anywhere.

    Windows 2000
    So much for visual inspection. Here's what the Win2K device manager shows us:

    Windows 2000 Device Manager: System Devices

    There it is, plain as day. Or if that's not an 82802, it's something that's fooled Win2K into thinking it's one. The Intel Security Driver thinks it's one, too; I was able to install that driver on this machine, but not on another machine that didn't show an 82802. The most likely explanation is that I do in fact have an 82802, and it's now been integrated into the 82801ER.

    Notice two other things above as well. First, three lines above the 82802 is the LPC interface controller, part of the 82801. The 82802 is connected to the PCI bus through this device. Second, there's no separate RNG device listed; although there are some devices, e.g. "motherboard resources" and "system board", whose function is unclear.

    Below is an image of the "Properties" pane for the 82802. It shows that the 82802 is connected to the LPC interface controller.

    Windows 2000 Device Manager: 82802 Firmware Hub: Properties

    Linux
    If I do have an 82802, I can't find any evidence that Linux sees it.
    lspci
    lspci doesn't list my firmware hub; but this isn't surprising, since the 82802 doesn't live directly on the PCI bus. (lspci doesn't list the other devices on my LPC bus either, such as my keyboard and mouse.)
    /proc/bus/input/devices
    A better clue may come from looking in /proc/bus/input/devices:

    I: Bus=0011 Vendor=0002 Product=0005 Version=0000
    N: Name="ImPS/2 Generic Wheel Mouse"
    P: Phys=isa0060/serio1/input0
    H: Handlers=mouse0
    B: EV=7
    B: KEY=70000 0 0 0 0 0 0 0 0
    B: REL=103

    I: Bus=0011 Vendor=0001 Product=0002 Version=ab02
    N: Name="AT Translated Set 2 keyboard"
    P: Phys=isa0060/serio0/input0
    H: Handlers=kbd
    B: EV=120003
    B: KEY=4 2200000 c061f9 fbc9d621 efdfffdf ffefffff ffffffff fffffffe
    B: LED=7
    Judging from the devices that are listed, this file seems to provide a view into my LPC bus. There's no firmware hub or RNG listed.
    dmidecode
    dmidecode is a good source of low-level device information in Linux. When you run it, it emits a lot of information about system devices such as your CPU, mainboard, memory modules, I/O ports, PCI slots, and so on. The output is somewhat long, but if you want to see what it says about my box, you can look here. But I can save you the trouble: the short version is that it doesn't include any mention of an 82802, firmware hub, or RNG.
    hw_random / i810_rng
    Well what about the RNG device driver? (In kernels 2.4 and earlier, this driver was called i810_rng; in 2.6 it's hw_random.) Shouldn't it be smart enough to tell if a firmware hub with RNG is present?

    The 82802 datasheet says, in Section 4.11, that in order to check for the presence of an RNG, one should

    1. check that an 82802 is present, by reading its manufacturer and device codes; and
    2. check that the "RNG Present" bit is set in the 82802's hardware status register.
    hw_random does (B), but it doesn't do (A). Instead of (A), it just looks on the PCI bus for one of several chipset components in the Intel 8xx family. If it finds one, it implicitly concludes that the 82802 must also be present. So in fact, even hw_random doesn't know if I have a firmware hub. (To be fair to hw_random, reading the ID codes from the 82802 is apparently harder than it sounds; see the next section.) There is code elsewhere in the Linux kernel, in the memory technology devices section, for identifying flash chips, apparently including the 82802; but I haven't succeeded in using or adapting it yet.
    FreeBSD
    FreeBSD also has a driver for the Intel RNG. But it too gives up on detecting the 82802:

    /* identify the 82802 */
    /*some day I will figure out how.... -stacy */
    /*
    bus_space_write_1(rng->bt, rng->bh, 0, 0x90);
    mancode = bus_space_read_1(rng->bt, rng->bh, 0);
    devcode = bus_space_read_1(rng->bt, rng->bh, 1);
    device_printf(dev, "mancode = 0x%02xdevcode = 0x%02x\n", mancode, devcode);
    */
    This code was trying to perform step (A) above, before it gave up. Stacy Millions, the driver author, comments:

    The biggest problem I had was I could never get the code to ID the FWH chip correctly.... I wouldn't know if there was a RNG until after I tried to initialise it (kind of messy if something else is there instead).

    Abit
    I wrote to Abit technical support, and asked them whether my IS7 motherboard includes an 82802. They never answered.

    Does my 82802 have an RNG on it?

    Well, all things considered, it can be pretty damned hard to figure out for sure if you've really got an 82802 on your mobo. But okay, so you think you probably have an 82802. I think I probably have one, too. Well, what about that RNG that's supposed to be on there?

    Here's what several different sources tell us.

    Linux
    On my home box, running Debian with kernel 2.6.0-test4, /dev/hwrandom emits only a stream of 0xFF's. This is not good news. The RNG device driver (hw_random) loads without error, and with debugging options enabled it emits only normal status messages. The only symptom visible to me as a user—and here is the original problem that set me on this little investigation—is that rngd, the daemon responsible for feeding data from the RNG to the kernel, emits a stream of "failed FIPS test" messages into my syslog.
    OpenBSD
    When OpenBSD detects a hardware RNG at boot time, it emits a status message like

    pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02: rng active, 375Kb/sec

    When I boot OpenBSD on my home machine, there's no such message. Note that you can easily perform this test yourself, even if you don't run OpenBSD: just download, burn, and boot the default OpenBSD CD install image. Once you get to a shell prompt, type "dmesg | grep rng", or "dmesg | less" to browse the boot log.

    Notice that in the example above, which came from a posting to an OpenBSD forum, OpenBSD seems to have detected an RNG in a current-generation 875 chipset. Or, maybe "rng active" just means that the RNG driver has been loaded. I wrote to the author of the post, to ask if he could provide more information about his RNG. He never answered.

    Windows 2000 / Sandra
    Well, let's go back to Win2K, shall we? After all, it gave us some new information before. We've exhausted what the device manager has to tell us, but we still have Sandra:

    Sandra reports "Random Number Generator Enabled: No"

    So, Sandra thinks the RNG is not enabled. But what does "not enabled" mean? Not present, or present but turned off? Consider another Sandra report, this one from a different PC with an Intel 845 chipset:

    Sandra reports "Random Number Generator Enabled: No; Random Number 
Generator Support: Yes"

    So in the first case, the RNG is "not enabled", while in the second case, it's "supported, but not enabled". What does that mean? I asked SiSoftware, the authors of Sandra, if they could clarify. They replied:

    Unfortunately this is still not very clear, and suggests that it's hard to tell anything useful from Sandra's RNG report. SiSoftware agreed that the report does seem "counter-intuitive," and they will work to clarify it in their next product update. But we'll still have to be cautious with the results, since they only reflect Sandra's detection algorithm, the accuracy of which we can't judge since the product is closed-source.

    That's all, folks

    And that's all that I know about determining whether you have an RNG in your chipset. If you've done all of what I did above, and you're still not sure if you have one, relax, you've got company. Unfortunately there don't seem to be any definitive tests: just indications, mostly negative. But if you can't see any more evidence for an RNG on your machine than I did on mine, you're probably out of luck.

  • 相关阅读:
    C++ 修改常量的值
    Android Studio 使用入门
    Ubuntu14.04下配置固定IP
    vi/vim 按键说明
    linux下文件夹的创建、复制、剪切、重命名、清空和删除命令
    linux中的find命令——查找文件名
    shell 脚本编写基础
    linux C程序中获取shell脚本输出(如获取system命令输出)
    vi 技巧
    理解Linux中的shutdown、poweroff、halt和reboot命令
  • 原文地址:https://www.cnblogs.com/huqingyu/p/155126.html
Copyright © 2020-2023  润新知