Re: Bull Mountain (IvyBridge +) random number generator
schrieb Konstantin Belousov am 12.10.2012 18:48 (localtime): On Fri, Oct 12, 2012 at 10:50:55AM +0200, Harald Schmalzbauer wrote: ... Try the stable/9 instead. The code was merged in r240950. There was a bug in the original patch with the similar description. Thanks, it seems to be working with r240950 for RELENG_9_1 (ftp://ftp.omnilan.de/pub/FreeBSD/OmniLAN/deploy-tools/local-patches/RELENG_9_1/from_9-stable_branch/bull_mountain.patch). dd if=/dev/random bs=1k count=1000 | ent 1000+0 records in 1000+0 records out 1024000 bytes transferred in 0.028026 secs (36537676 bytes/sec) Entropy = 7.999827 bits per byte. Optimum compression would reduce the size of this 1024000 byte file by 0 percent. Chi square distribution for 1024000 samples is 244.91, and randomly would exceed this value 66.40 percent of the times. Arithmetic mean value of data bytes is 127.6039 (127.5 = random). Monte Carlo value for Pi is 3.139277888 (error 0.07 percent). Serial correlation coefficient is -0.001852 (totally uncorrelated = 0.0). I don't know if the requested verbose-boot-log is also of interest with ESXi-Guest, in case I've attached it. I think the man page answers my question how to find out (without verbose_boot) what real rng is used for /dev/random. If sysctl kern.random.sys is present, then it's sw rng, otherwise it's hw-rng. But random(4) needs to be uptdated: The only hardware implementation currently is for the VIA C3 Nehemiah (stepping 3 or greater) CPU. More will be added in the future Also, long time ago we had support for i815 RNG. Back in December 2005, Mark Murray planned to re-implement it... Does anybod know if the chipset RNG was still available in decent hw? Here's the throughput difference for bull mountain (in ESXi 5.1 guest): With options RDRAND_RNG: dd if=/dev/random of=/dev/null bs=1k count=10 10+0 records in 10+0 records out 10240 bytes transferred in 0.722204 secs (141788199 bytes/sec) Without: dd if=/dev/random of=/dev/null bs=1k count=10 10+0 records in 10+0 records out 10240 bytes transferred in 1.054229 secs (97132594 bytes/sec) Thanks, -Harry Table 'FACP' at 0xbfefee98 Table 'BOOT' at 0xbfef01fc Table 'APIC' at 0xbfef0182 APIC: Found table at 0xbfef0182 APIC: Using the MADT enumerator. MADT: Found CPU APIC ID 0 ACPI ID 0: enabled SMP: Added CPU 0 (AP) MADT: Found CPU APIC ID 1 ACPI ID 1: enabled SMP: Added CPU 1 (AP) MADT: Found CPU APIC ID 2 ACPI ID 2: enabled SMP: Added CPU 2 (AP) MADT: Found CPU APIC ID 3 ACPI ID 3: enabled SMP: Added CPU 3 (AP) Copyright (c) 1992-2012 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.1-RC2 #9 r241483M: Sat Oct 13 12:09:46 CEST 2012 ad...@gundi.vnl.wdn.omnilan.net:/usr/local/share/deploy-tools/obj-amd64/VMWARE/usr/local/share/deploy-tools/RELENG_9_1/src/sys/VMWARE.flint amd64 Preloaded elf kernel /boot/kernel/kernel at 0x80d6e000. Preloaded elf obj module /boot/kernel/aesni.ko at 0x80d6e1f8. Preloaded elf obj module /boot/kernel/mps.ko at 0x80d6e820. Hypervisor: Origin = VMwareVMware CPU: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz (3492.07-MHz K8-class CPU) Origin = GenuineIntel Id = 0x306a9 Family = 6 Model = 3a Stepping = 9 Features=0x1fa3fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT Features2=0xfeba2203SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV AMD Features=0x28100800SYSCALL,NX,RDTSCP,LM AMD Features2=0x1LAHF TSC: P-state invariant real memory = 8589934592 (8192 MB) Physical memory chunk(s): 0x1000 - 0x0009bfff, 634880 bytes (155 pages) 0x0010 - 0x001f, 1048576 bytes (256 pages) 0x00da2000 - 0xbfed, 3205750784 bytes (782654 pages) 0xbff0 - 0xbfff, 1048576 bytes (256 pages) 0x0001 - 0x00022f11, 5084676096 bytes (1241376 pages) avail memory = 8236912640 (7855 MB) INTR: Adding local APIC 0 as a target Event timer LAPIC quality 600 ACPI APIC Table: PTLTD APIC INTR: Adding local APIC 0 as a target INTR: Adding local APIC 1 as a target INTR: Adding local APIC 2 as a target INTR: Adding local APIC 3 as a target FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 4 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 APIC: CPU 0 has ACPI ID 0 APIC: CPU 1 has ACPI ID 1 APIC: CPU 2 has ACPI ID 2 APIC: CPU 3 has ACPI ID 3 x86bios: IVT 0x00-0x0004ff at 0xfe00 x86bios: SSEG 0x001000-0x001fff at 0xff800023 x86bios: EBDA 0x09f000-0x09 at 0xfe09f000 x86bios: ROM 0x0a-0x0fefff at 0xfe0a ULE: setup cpu 0 ULE: setup
Re: Bull Mountain (IvyBridge +) random number generator
schrieb Konstantin Belousov am 02.09.2012 12:34 (localtime): It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. Thanks a lot for implementing this! I have an ESXi host with Ivy Brindge CPU. FreeBSD guest reports the following: CPU: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz (3492.07-MHz K8-class CPU) Origin = GenuineIntel Id = 0x306a9 Family = 6 Model = 3a Stepping = 9 Features=0x1fa3fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT Features2=0xfeba2203SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV AMD Features=0x28100800SYSCALL,NX,RDTSCP,LM AMD Features2=0x1LAHF TSC: P-state invariant real memory = 8589934592 (8192 MB) avail memory = 8235110400 (7853 MB) Event timer LAPIC quality 600 ACPI APIC Table: PTLTD APIC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 4 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 MADT: Forcing active-low polarity and level trigger for SCI But unfortunately accessing /dev/random doesn't work with IVY_RNG enabled. 'dd' consumes 100% wcpu bound to one core but never finishes (dd if=/dev/random bs=1k count=100|./ent) Also some other functions are blocked, logging in for example (doesn't matter if it's console or ssh). But I can walk arround in already established sessions. I made a 9.1-RC-2 debug kernel but no info appears. Also IVY_RNG isn't reported after kldloading, nor during boot, but this is the expected behaviour if I unterstand your patch correctly. I guess using RDRAND in an hypervisor environment should make no difference but please correct me if I'm wrong. Thanks, -Harry signature.asc Description: OpenPGP digital signature
Re: Bull Mountain (IvyBridge +) random number generator
- Original Message - From: Harald Schmalzbauer h.schmalzba...@omnilan.de ... I guess using RDRAND in an hypervisor environment should make no difference but please correct me if I'm wrong. Try compiling your kernel with:- no options PADLOCK_RNG no options IVY_RNG Or commenting the relevant lines out of your kernel conf. Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Bull Mountain (IvyBridge +) random number generator
On Fri, Oct 12, 2012 at 10:50:55AM +0200, Harald Schmalzbauer wrote: schrieb Konstantin Belousov am 02.09.2012 12:34 (localtime): It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. Thanks a lot for implementing this! I have an ESXi host with Ivy Brindge CPU. FreeBSD guest reports the following: CPU: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz (3492.07-MHz K8-class CPU) Origin = GenuineIntel Id = 0x306a9 Family = 6 Model = 3a Stepping = 9 Features=0x1fa3fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,DTS,MMX,FXSR,SSE,SSE2,SS,HTT Features2=0xfeba2203SSE3,PCLMULQDQ,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV AMD Features=0x28100800SYSCALL,NX,RDTSCP,LM AMD Features2=0x1LAHF TSC: P-state invariant real memory = 8589934592 (8192 MB) avail memory = 8235110400 (7853 MB) Event timer LAPIC quality 600 ACPI APIC Table: PTLTD APIC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 4 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 MADT: Forcing active-low polarity and level trigger for SCI But unfortunately accessing /dev/random doesn't work with IVY_RNG enabled. 'dd' consumes 100% wcpu bound to one core but never finishes (dd if=/dev/random bs=1k count=100|./ent) Also some other functions are blocked, logging in for example (doesn't matter if it's console or ssh). But I can walk arround in already established sessions. I made a 9.1-RC-2 debug kernel but no info appears. Also IVY_RNG isn't reported after kldloading, nor during boot, but this is the expected behaviour if I unterstand your patch correctly. I guess using RDRAND in an hypervisor environment should make no difference but please correct me if I'm wrong. Try the stable/9 instead. The code was merged in r240950. There was a bug in the original patch with the similar description. pgpyU8aDlj1LH.pgp Description: PGP signature
Re: Bull Mountain (IvyBridge +) random number generator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/02/12 03:34, Konstantin Belousov wrote: It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. CPU: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz (2294.83-MHz K8-class CPU) Origin = GenuineIntel Id = 0x306a9 Family = 6 Model = 3a Stepping = 9 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x7fbae3bfSSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND AMD Features=0x28100800SYSCALL,NX,RDTSCP,LM AMD Features2=0x1LAHF TSC: P-state invariant, performance statistics ... random: entropy source, Hardware, Intel IvyBridge+ RNG [delphij@epsilon] ~ dd if=/dev/random bs=1m count=256 | ./ent 256+0 records in 256+0 records out 268435456 bytes transferred in 8.330823 secs (32221961 bytes/sec) Entropy = 7.99 bits per byte. Optimum compression would reduce the size of this 268435456 byte file by 0 percent. Chi square distribution for 268435456 samples is 237.19, and randomly would exceed this value 78.17 percent of the times. Arithmetic mean value of data bytes is 127.4968 (127.5 = random). Monte Carlo value for Pi is 3.141569721 (error 0.00 percent). Serial correlation coefficient is -0.80 (totally uncorrelated = 0.0). [delphij@epsilon] ~ dd if=/dev/random bs=1m count=256 | ./ent 256+0 records in 256+0 records out 268435456 bytes transferred in 8.110786 secs (33096109 bytes/sec) Entropy = 7.99 bits per byte. Optimum compression would reduce the size of this 268435456 byte file by 0 percent. Chi square distribution for 268435456 samples is 265.06, and randomly would exceed this value 31.95 percent of the times. Arithmetic mean value of data bytes is 127.4982 (127.5 = random). Monte Carlo value for Pi is 3.141918140 (error 0.01 percent). Serial correlation coefficient is 0.05 (totally uncorrelated = 0.0). [delphij@epsilon] ~ dd if=/dev/random bs=1m count=256 | ./ent 256+0 records in 256+0 records out 268435456 bytes transferred in 8.094252 secs (33163714 bytes/sec) Entropy = 7.99 bits per byte. Optimum compression would reduce the size of this 268435456 byte file by 0 percent. Chi square distribution for 268435456 samples is 263.17, and randomly would exceed this value 34.92 percent of the times. Arithmetic mean value of data bytes is 127.4969 (127.5 = random). Monte Carlo value for Pi is 3.141545045 (error 0.00 percent). Serial correlation coefficient is 0.17 (totally uncorrelated = 0.0). - -- Xin LI delp...@delphij.nethttps://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQSQY2AAoJEG80Jeu8UPuzHTUH/37b3iinQ3/yjc2tfTjKAMZh KJGEzZ1hlr8Ifoax3ul27U7Mpyss85Vza+tICeiyDpPulFlKuJa9lFfadNXIiDqR AAB4PtK+cZ8uyVze00sstU+7tK7AqKCyuz/yL6fzK2h2Bx8mYVgE3UTK+DOwQcEa 4Y0pFlO7gPnw1NGK6T7Ofnl/s9wum3JWELPhaTmo5L11JioXnufTmsJpB2MzqSxT iK0B0FCzF32e1Hl5HNNEMbfx7Rrx+Pf1OzdhP+/1+WHdXn8qtr8htsmsA/4zV+pT jAHHGuPxNaFmb2xyEZtQerPPdexoadWjrNlFQtl2gsVyMrWYBX2PyT3n3bbos50= =eiAK -END PGP SIGNATURE- ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Bull Mountain (IvyBridge +) random number generator
It is relatively well known that Ivy Bridge CPUs (Core iX 3XXX) have built-in hardware random number generator, which is claimed to be both very fast and high quality. Generator is accessible using non-privileged RDRAND instruction. It is claimed that CPU performs sanitization of the random sequence. In particular, it seems that paranoid AES encryption of the raw random stream, performed by our padlock driver, is not needed for Bull Mountain (there are hints that hardware performs it already). See http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ and IA32 ADM. Patch at http://people.freebsd.org/~kib/misc/bull_mountain.2.patch implements support for the generator. I do not own any IvyBridge machines, so I cannot test. Patch makes both padlock and bull generators the options, you need to enable IVY_RNG to get support for the generator. I would be interested in seeing reports including verbose boot dmesg, and some tests of /dev/random quality on the IvyBridge machines, you can start with http://lists.gnupg.org/pipermail/gnupg-devel/2000-March/016328.html. Thanks. pgpWI1zFeuN0l.pgp Description: PGP signature