LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Intel i8x0

Intel i8x0

Posted May 11, 2006 6:40 UTC (Thu) by ncm (subscriber, #165)
In reply to: On the safety of Linux random numbers by Thalience
Parent article: On the safety of Linux random numbers

As I understand it, Intel included an interface for getting efficient access to truly random numbers in their chipsets starting at i810 or so. In the early versions, this was a separate, optional chip wired to a dedicated pin. Of course few motherboard manufacturers left pads for it, and even fewer built boards with the chip present. The presence or absence of a random-number generator chip is not high on the list of motherboard features that early adopters (i.e. gamers) look for. Intel marketing must have interpreted this as an entire lack of interest among users, and so omitted the (very cheap!) feature as they integrated the various outboard chips.

So, it appears we can blame Intel marketing for sabotaging this solemnly promised feature of all future Intel chipsets. As promised, all are equipped to report whether they can produce random numbers; they all say "no".

(This is the best reconstruction of events I have been able to establish through Google searches. Someone else may have better information not readily googled. I welcome corrections.)

(Log in to post comments)

Hardware RNGs in chipsets and CPUs

Posted May 11, 2006 14:48 UTC (Thu) by hmh (subscriber, #3838) [Link]

It is more complicated than this. Intel placed the HRNG inside its FWH (firmware hub). I.e, inside a FLASH memory device that is supposed to host the BIOS. Were it inside the MCH (the north bridge), all machines would have it and this story could be very different indeed.

The Intel FWH HRNG is very slow, but it appears to be of very high quality... Unfortunately, the FWH was quickly made an *optional* component of the chipset for whichever reason, and that effectively killed the whole idea. Sometime after that, Intel declared the whole "more secure computers by using an Intel chipset with a HRNG" idea a bust and stopped even caring about producing FWHs with HRNGs.

After that blow, often not even Intel itself would uses their FWH. Take a Intel D875PBZ motherboard for example. I have one, and direct access to three others. Two of them have Intel FWHs, of which one has a working HRNG and the other does not (the HRNG is disabled on silicon). The two other boards use compatible FWHs from other chip manufacturers, that don't have a HRNG either.

Add to it that (AFAIK at least) MS Windows does not have a common interface to get the random numbers from (Unix is easy, provide them through /dev/u?random and everybody uses it), and nobody was really paying much attention to the Intel device driver required to get the data from the FWH...

Now, VIA did things almost right. They placed an *extremely* fast HRNG inside their Nehemia CPU cores (but last time I checked, you'd have to talk directly to them if you wanted to make sure a batch of Nehemia CPUs would come with enabled cores: they disabled the HRNGs when they failed the factory test, instead of scrapping the CPU), added a good hardware crypto engine, and made a major marketing party out of it. Not happy with just one, the newest VIA cores have two HRNGs in different areas of the chip... so you get double the bandwidth, and somewhat less correlation on the output stream.

A heavily modifed version of rng-tools got about 2Mbit/s of random bits from such a Nehemiah CPU (at its highest quality mode, at lowest quality, it is probably on the 12 Mbit/s range in a dual HRNG CPU). This work was sponsored by mekensleep.com, and is available in Debian experimental under the GPL license. One can also use Martin Peck's modified hw_random linux module if they prefer a kernelspace solution.

Intel i8x0

Posted May 11, 2006 21:42 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

Intel included an interface for getting efficient access to truly random numbers in their chipsets starting at i810 or so

How does it generate truly random numbers?

Intel i8x0

Posted May 12, 2006 7:33 UTC (Fri) by ncm (subscriber, #165) [Link]

How does it generate truly random numbers?

Physics.

There are plenty of ways to extract truly-random noise from the detailed behavior of electronic components. Generally these sort out into those that go below the statistical averaging of "electric current" to look at thermal variation of the motion of individual electrons ("shot noise"), and those that depend on quantum indeterminacy. Given random analog noise, whether as a current, voltage, or timing noise, it's not hard to turn it into unbiased numbers.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds