[fedora-arm] Fedora 29 64 bit - Raspberry Pi 3

Discussion:

[fedora-arm] Fedora 29 64 bit - Raspberry Pi 3 - rngd

Winfried de Heiden

2018-11-13 10:13:38 UTC

Hi all,
Using Fedora 29 on Raspberry Pi 3 I seem to have a problem using rndg:

uname -aLinux replica.blabla.bla 4.18.16-300.fc29.aarch64 #1 SMP Sat Oct 20 23:12:22 UTC 2018 aarch64 aarch64 aarch64 GNU/Linuxcat /etc/redhat-release Fedora release 29 (Twenty Nine)
rngd is running:ps -ef | grep rngroot 4710 4409 13 10:57 pts/1 00:00:47 rngd -f -r /dev/hwrng -o /dev/random
The module to support bcm2835 hardware is loaded:lsmod | grep rngbcm2835_rng 16384 0
However, rng is painfully slow:
time rngtest -c 10 < /dev/randomrngtest 6Copyright (c) 2004 by Henrique de Moraes HolschuhThis is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...rngtest: bits received from input: 200032rngtest: FIPS 140-2 successes: 10rngtest: FIPS 140-2 failures: 0rngtest: FIPS 140-2(2001-10-10) Monobit: 0rngtest: FIPS 140-2(2001-10-10) Poker: 0rngtest: FIPS 140-2(2001-10-10) Runs: 0rngtest: FIPS 140-2(2001-10-10) Long run: 0rngtest: FIPS 140-2(2001-10-10) Continuous run: 0rngtest: input channel speed: (min=2.201; avg=5.458; max=380.585)Kibits/srngtest: FIPS tests speed: (min=28.132; avg=28.328; max=28.468)Mibits/srngtest: Program run time: 35792670 microseconds
real 0m35.801suser 0m0.001ssys 0m0.071s

Running CentOS 7.5 on an older Raspberry Pi 2 will do much much faster:
ps -ef | grep rngdroot 14024 1 1 10:54 ? 00:00:14 /sbin/rngd -f -r /dev/hwrng -o /dev/random

time rngtest -c 10 < /dev/randomrngtest 5Copyright (c) 2004 by Henrique de Moraes HolschuhThis is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...rngtest: bits received from input: 200032rngtest: FIPS 140-2 successes: 10rngtest: FIPS 140-2 failures: 0rngtest: FIPS 140-2(2001-10-10) Monobit: 0rngtest: FIPS 140-2(2001-10-10) Poker: 0rngtest: FIPS 140-2(2001-10-10) Runs: 0rngtest: FIPS 140-2(2001-10-10) Long run: 0rngtest: FIPS 140-2(2001-10-10) Continuous run: 0rngtest: input channel speed: (min=135.793; avg=166.586; max=191.200)Kibits/srngtest: FIPS tests speed: (min=22.076; avg=22.243; max=22.334)Mibits/srngtest: Program run time: 1181718 microseconds
real 0m1.192suser 0m0.002ssys 0m0.141s
WhatÅ happening here? It seems like the bcm2835_rng is not picked up; despite the module is loaded.
Hope someone can help!
Winfried

Peter Robinson

2018-11-13 12:00:33 UTC

Permalink

Hi,

Comments below.

Post by Winfried de Heiden
uname -a
Linux replica.blabla.bla 4.18.16-300.fc29.aarch64 #1 SMP Sat Oct 20 23:12:22 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux
cat /etc/redhat-release
Fedora release 29 (Twenty Nine)
ps -ef | grep rng
root 4710 4409 13 10:57 pts/1 00:00:47 rngd -f -r /dev/hwrng -o /dev/random
lsmod | grep rng
bcm2835_rng 16384 0
time rngtest -c 10 < /dev/random
rngtest 6
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.201; avg=5.458; max=380.585)Kibits/s
rngtest: FIPS tests speed: (min=28.132; avg=28.328; max=28.468)Mibits/s
rngtest: Program run time: 35792670 microseconds
real 0m35.801s
user 0m0.001s
sys 0m0.071s
ps -ef | grep rngd
root 14024 1 1 10:54 ? 00:00:14 /sbin/rngd -f -r /dev/hwrng -o /dev/random
time rngtest -c 10 < /dev/random
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=135.793; avg=166.586; max=191.200)Kibits/s
rngtest: FIPS tests speed: (min=22.076; avg=22.243; max=22.334)Mibits/s
rngtest: Program run time: 1181718 microseconds
real 0m1.192s
user 0m0.002s
sys 0m0.141s
Whatś happening here? It seems like the bcm2835_rng is not picked up; despite the module is loaded.

So running the above test on my RPi3 with ARMv7 (so 32 bit mode) I see
the following output that it detects and is using the HW RNG:

# rngd -l
Entropy sources that are available but disabled
4: NIST Network Entropy Beacon
Available and enabled entropy sources:
0: Hardware RNG Device
5: JITTER Entropy generator

And the test is running faster for me than your one on CentOS:
# time rngtest -c 10 < /dev/random
rngtest 6
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 200032
rngtest: FIPS 140-2 successes: 10
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.430; avg=6.029; max=444.518)Kibits/s
rngtest: FIPS tests speed: (min=51.690; avg=53.941; max=54.967)Mibits/s
rngtest: Program run time: 32397649 microseconds

real 0m32.408s
user 0m0.004s
sys 0m0.056s

I wonder if this is an issue with aarch64, the CentOS image on the
RPi2 is obviously ARMv7, could you test a Fedora 29 ARMv7 image on the
Raspberry Pi 3 to see if that might be the issue?

Peter
_______________________________________________
arm mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to arm-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org

Winfried de Heiden

2018-11-14 08:18:27 UTC

Permalink

Hi all,

I will give it a try on ARMv7; I'll come back to this soon.

Winfried

Post by Peter Robinson
I wonder if this is an issue with aarch64, the CentOS image on the
RPi2 is obviously ARMv7, could you test a Fedora 29 ARMv7 image on the
Raspberry Pi 3 to see if that might be the issue?