On Thu, 2005-03-24 at 07:48 -0500, Jeff Garzik wrote: > Evgeniy Polyakov wrote: > > On Thu, 2005-03-24 at 14:27 +1000, David McCullough wrote: > > > >>Hi all, > >> > >>Here is a small patch for 2.6.11 that adds a routine: > >> > >> add_true_randomness(__u32 *buf, int nwords); > >> > >>so that true random number generator device drivers can add a entropy > >>to the system. Drivers that use this can be found in the latest release > >>of ocf-linux, an asynchronous crypto implementation for linux based on > >>the *BSD Cryptographic Framework. > >> > >> http://ocf-linux.sourceforge.net/ > >> > >>Adding this can dramatically improve the performance of /dev/random on > >>small embedded systems which do not generate much entropy. > > > > > > People will not apply any kind of such changes. > > Both OCF and acrypto already handle all RNG cases - no need for any kind > > of userspace daemon or entropy (re)injection mechanism. > > Anyone who want to use HW randomness may use OCF/acrypto mechanism. > > For example here is patch to enable acrypto support for hw_random.c > > It is very simple and support only upto 4 bytes request, of course it > > is > > not interested for anyone, but it is only 2-minutes example: > > If you want to add entropy to the kernel entropy pool from hardware RNG, > you should use the userland daemon, which detects non-random (broken) > hardware and provides throttling, so that RNG data collection does not > consume 100% CPU. > > If you want to use the hardware RNG directly, it's simple: just open > /dev/hw_random. > > Hardware RNG should not go kernel->kernel without adding FIPS tests and > such.
hw_random can not and will not support HIFN, freescale, ixp and
great majority of the existing and future HW crypto devices.
I mean that userspace daemon(or any other one) which want to contribute
entropy
should use crypto framwork to obtain all it's data, but not different
access methods for each separate driver.
> Jeff
--
Evgeniy Polyakov
Crash is better than data corruption -- Arthur Grabowski
signature.asc
Description: This is a digitally signed message part
