From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ig0-x234.google.com (mail-ig0-x234.google.com [IPv6:2607:f8b0:4001:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D3F863B260 for ; Thu, 5 May 2016 12:10:39 -0400 (EDT) Received: by mail-ig0-x234.google.com with SMTP id bi2so20183850igb.0 for ; Thu, 05 May 2016 09:10:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:date:in-reply-to:references:mime-version :content-transfer-encoding; bh=9lJNvBziHqcIgRa3qHOkoc6mQ2EZUaZk/6G8t2lw1V4=; b=SHAKbcs8De6d/PtPff00mAh05zhcFz3qDhunP9w8vpPP39aYLl85dsqxzk4B22G5sa QS6zFqnAmir2taCB9iAXZyvsSJ5X7N5LV7vsadVh5BH5K7af0rkwp7PpaAhTu1CQwE3A xRMYwqu+OOX3RVL5R+2FOhLYObi8uE9mqikxjCLHJXAO3smVOKniO/ENW09Vqy+Je8w6 2uZ3YT62nZscNqINN8NIPu1pA7hPUIzFuUKkVvudVYrFL4kSGf8+39yvS509FOwKq1NN ThC3QHEIVzjBydo6oIpJTCjQ2FR82CRKWG/Zz8VaJ1YByTjkR7APIT7+OEcwrxTDsFmv GE3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=9lJNvBziHqcIgRa3qHOkoc6mQ2EZUaZk/6G8t2lw1V4=; b=Cynj4g6mfHcfjREjMLnotYDXpcXOMarGKz4T7TLYwo0C/9qdjUekcDZvrarQtSAcjZ ik04D2d3FK0v8XUrPFAtNhuLm7ZNPEHiPT4HXbtdzdbvfn/RgXx5MFB61GSvL9BWQDsf 4w/Qv5eDU4DqnezCdnFpHDRGiIrd/WSoQEm7xES4lgGW4wkevbMOfo+aPHTpPyr4/Kc0 Rd2yern8puQaqtoWUjUn2SO/U5rXQ80P2gaAOUNFvhPyfMgTKrgxw12y0GFh3lrEiYUh B7/ad7AMnWou/54r/ZVfm74tPP2CvAqSNibtPnQMKXmt7u5VsMMVA2QeV50CbWkLHnbg OhDA== X-Gm-Message-State: AOPr4FXzGleM9U68rzEb9eaiYMGh88tG5M7F4pODVZ7bIbBnUfWd5duuCA5psfgZYQQjuA== X-Received: by 10.50.37.147 with SMTP id y19mr4746818igj.42.1462464639250; Thu, 05 May 2016 09:10:39 -0700 (PDT) Received: from magrathea (c-50-170-131-39.hsd1.co.comcast.net. [50.170.131.39]) by smtp.googlemail.com with ESMTPSA id k2sm1868964igx.7.2016.05.05.09.10.38 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 05 May 2016 09:10:38 -0700 (PDT) Message-ID: <1462464637.25803.30.camel@gmail.com> From: Josh Datko To: Dave Taht , "cerowrt-devel@lists.bufferbloat.net" Date: Thu, 05 May 2016 10:10:37 -0600 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Fri, 06 May 2016 16:14:38 -0400 Subject: Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2016 16:10:40 -0000 On Wed, 2016-05-04 at 16:28 -0700, Dave Taht wrote: > so I figure that there might be something even simpler out there from > the pi-ish or beaglebone world that could be repurposed to suit? I've used Atmel's CryptoAuthentication chips routinely. They are i2c based and have a (proprietary) RNG on them. I have a few linux driver options for using them. Presumably, you want this HWRNG thing to be inside the case. Looking at that pdf, jumper J4 says it's an I2C connector. Those Atmel chips I was playing with are all i2c, so you could try flywiring those to the connector. I'm not sure what pin is what, but PWR and GND should be easy to find and then SDA/SCL I just plug and and try. If it doesn't work, swap the pins. As long as the CPU has access to that i2c bus, (is there an i2c-tools equivalent on cerowrt?), then you should see it. miniPCIe has I2C as well. I had this idea once to take a miniPCI card and solder the atmel chips to the SDA/SCL lines. 8-pin molex connectors should be easy to find and it probably wouldn't be too bad to make it a "proper" expansion board, but ... loose wires make life more exciting :) Josh links: Out-of-tree kernel driver for Atmel AT204/108/508 chips with /dev/hwrng support: https://github.com/cryptotronix/atsha204-i2c CLI application using the AT204: https://github.com/cryptotronix/hashle t Digikey: https://www.digikey.com/product-detail/en/atmel/ATECC508A-SSHD A-B/ATECC508A-SSHDA-B-ND/5213053 ^ The 204A are cheaper, the 508A have ECDSA/ECDH as well as the RNG and my "eclet" driver will support ecdsa signing/ecdh, so might as well get those vs. the 204A.