Re: [PATCH] API for true Random Number Generators to add entropy (2.6.11)

From: David McCullough
Date: Thu Mar 24 2005 - 08:25:32 EST

Next message: Martin Schwidefsky: "[patch 1/9] s390: kernel faults."
Previous message: Russell King: "8250_hp300: unuse register_serial/unregister_serial"
In reply to: Jeff Garzik: "Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)"
Next in thread: Evgeniy Polyakov: "Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jivin Jeff Garzik lays it down ...
> Evgeniy Polyakov wrote:
> >On Thu, 2005-03-24 at 14:27 +1000, David McCullough wrote:
> >
> >>Hi all,
> >>
> >>Here is a small patch for 2.6.11 that adds a routine:
> >>
> >> add_true_randomness(__u32 *buf, int nwords);
> >>
> >>so that true random number generator device drivers can add a entropy
> >>to the system. Drivers that use this can be found in the latest release
> >>of ocf-linux, an asynchronous crypto implementation for linux based on
> >>the *BSD Cryptographic Framework.
> >>
> >> http://ocf-linux.sourceforge.net/
> >>
> >>Adding this can dramatically improve the performance of /dev/random on
> >>small embedded systems which do not generate much entropy.
> >
> >
> >People will not apply any kind of such changes.
> >Both OCF and acrypto already handle all RNG cases - no need for any kind
> >of userspace daemon or entropy (re)injection mechanism.
> >Anyone who want to use HW randomness may use OCF/acrypto mechanism.
> >For example here is patch to enable acrypto support for hw_random.c
> >It is very simple and support only upto 4 bytes request, of course it
> >is
> >not interested for anyone, but it is only 2-minutes example:
>
> If you want to add entropy to the kernel entropy pool from hardware RNG,
> you should use the userland daemon, which detects non-random (broken)
> hardware and provides throttling, so that RNG data collection does not
> consume 100% CPU.
>
> If you want to use the hardware RNG directly, it's simple: just open
> /dev/hw_random.
>
> Hardware RNG should not go kernel->kernel without adding FIPS tests and
> such.

For reference, the RNG on the Safenet I am using this with is
FIPS140 certified. I believe the HIFN part is also but I place the doc that
says so.

Cheers,
Davidm

--
David McCullough, davidm@xxxxxxxxxxxx Ph:+61 7 34352815 http://www.SnapGear.com
Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Schwidefsky: "[patch 1/9] s390: kernel faults."
Previous message: Russell King: "8250_hp300: unuse register_serial/unregister_serial"
In reply to: Jeff Garzik: "Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)"
Next in thread: Evgeniy Polyakov: "Re: [PATCH] API for true Random Number Generators to add entropy(2.6.11)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]