From owner-freebsd-current@FreeBSD.ORG Tue Jul 30 14:27:21 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 0BCA6AC4 for ; Tue, 30 Jul 2013 14:27:21 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BCB7F2754 for ; Tue, 30 Jul 2013 14:27:20 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.80.1) with esmtp (envelope-from ) id <1V4AtS-003HQG-RW>; Tue, 30 Jul 2013 16:27:18 +0200 Received: from g231188223.adsl.alicedsl.de ([92.231.188.223] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.80.1) with esmtpsa (envelope-from ) id <1V4AtS-002Pfd-Mk>; Tue, 30 Jul 2013 16:27:18 +0200 Date: Tue, 30 Jul 2013 16:27:13 +0200 From: "O. Hartmann" To: Julian Stecklina Subject: Re: CURRENT: Ivy Bridge CPU (i3-3220) and Intel Bull Mountain RNG (options RDRAND_RNG) Message-ID: <20130730162713.00ddab52@thor.walstatt.dyndns.org> In-Reply-To: <51F7C8B4.7070809@os.inf.tu-dresden.de> References: <20130730134635.3b6d7b31@thor.walstatt.dyndns.org> <51F7C8B4.7070809@os.inf.tu-dresden.de> Organization: FU Berlin X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.19; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/NsIlu4vMflE/gdpJDry9yo6"; protocol="application/pgp-signature" X-Originating-IP: 92.231.188.223 Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2013 14:27:21 -0000 --Sig_/NsIlu4vMflE/gdpJDry9yo6 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 30 Jul 2013 16:07:48 +0200 Julian Stecklina wrote: > On 07/30/2013 01:46 PM, O. Hartmann wrote: > >=20 > > I tried the new option "options RDRAND_RNG" on my SOHO server, > > equipted with a Intel i3-3220 "Ivy Brdige" CPU, which is supposed > > to have the Bull Mountain random number generator as a piece of > > hardware in its uncore. > > > > Enabling the kernel option doesn't reveal any presence of such a > > hardware number generator. "sysct kern.random" always reports=20 > >=20 > > kern.random.adaptors: yarrow > >=20 > > By intentionally disallowing yarrow via commenting out options > > YARROW_RNG, the box reports "no adaptors loaded". So, either this > > Ivy Bridge has been castrated and ripped off by Intel of its RNG or > > FreeBSD isn't capable of detecting it properly or I'm incapable of > > properly configure the kernel. >=20 > This might be Erratum BV54: >=20 > Problem: > On processors that support the RDRAND instruction, that capability > should be reported via the setting of CPUID.01H:ECX.RDRAND[bit 30]. > Due to this erratum, that bit will not be set, and the execution of > the RDRAND instruction will result in a #UD exception. >=20 > Implication: > Software will not be able to utilize the RDRAND instruction >=20 > http://www.intel.de/content/dam/www/public/us/en/documents/specification-= updates/3rd-gen-core-desktop-specification-update.pdf >=20 > Julian Hello Julian, thanks for this insight. This sounds like I bought something which isn't functional. Well done, Intel! On the other hand, some places I read that the entropy generated by the RDRAND generator is put to AES for number generating. could it be that with no AESNI, there is implicitely no RDRAND? Just an idea.=20 Oliver --Sig_/NsIlu4vMflE/gdpJDry9yo6 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) iQEcBAEBAgAGBQJR981GAAoJEOgBcD7A/5N812UH/3DU/nntUpO8v5nCizaXirdl nwjw1q3QKxeGsUsh9IWb2ECFHPy9bBimia7sw/d0/IcCq/1dejMWa6cMYbjGXl7m Af5FimR/ni++i0ZaeN65Av7l2NLPp2uuva485PdKaMdcIGuUVkGK59nHQE4JvwPz BVrh53D2N+tzxn39lw8LqOMCSgxPxDDDxTV7/ZhZQn4kvcxRIpatbV19CnLme8ma K+ft2sagiQNi3Z5L+EEbMdAdvzR8xkEzrl/W6IYbRVgn7Ir2g6e2H75CpA3o6Wqh N1PnvaqCQlvtElO77mmOhZ5FHKZu8mA24b4aknXPGW7SR5Qq0Z49kGPf/P/q1a8= =ABJS -----END PGP SIGNATURE----- --Sig_/NsIlu4vMflE/gdpJDry9yo6--