NetBSD Problem Report #57876

From  Wed Jan 24 22:08:09 2024
Return-Path: <>
Received: from ( [])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "", Issuer " CA" (not verified))
	by (Postfix) with ESMTPS id 40CB81A9238
	for <>; Wed, 24 Jan 2024 22:08:09 +0000 (UTC)
Message-Id: <>
Date: Wed, 24 Jan 2024 22:08:07 +0000 (UTC)
Subject: HWRNG drivers should use RND_FLAG_COLLECT_VALUE, not RND_FLAG_DEFAULT
X-Send-Pr-Version: www-1.0

>Number:         57876
>Category:       kern
>Synopsis:       HWRNG drivers should use RND_FLAG_COLLECT_VALUE, not RND_FLAG_DEFAULT
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 24 22:10:01 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
The NetBSD Randomization
The entropy provided by HWRNG devices usually comes from the values sampled out of them, not the times when we choose to sample them.

So kernel rndsources backed by HWRNG devices should generally use RND_FLAG_COLLECT_VALUE, but not RND_FLAG_COLLECT_TIME or, worse, RND_FLAG_ESTIMATE_TIME, which are both in RND_FLAG_DEFAULT.

Affected HWRNG drivers:

- rndrrs (arch/aarch64/aarch64/cpu.c)
- rk_v1crypto (arch/arm/rockchip/rk_v1crypto.c)
- octrnm (arch/mips/cavium/dev/octeon_rnm.c)
- virt68k bootinfo (arch/virt68k/virt68k/bootinfo.c)
- fdt efirng (dev/fdt/fdt_boot.c)
- hifn (dev/pci/hifn7751.c)

Also: sun8i_crypto (arch/arm/sunxi/sun8i_crypto.c) and tpm (dev/ic/tpm.c) should skip RND_FLAG_ESTIMATE_VALUE, which currently does nothing.
rndctl -l on a machine with efirng
Yes, please!

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD:,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.