[Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Dave Taht]

one of the few flaws in this board so far is that it does not appear
the GX-412TC in it has a hardware random number generator.

(yes, I just ran it out of random numbers)

There are ton of "hardware random number generators out there" - quite
a few fairly "cheap" ones on usb.

The board has internal usb headers, gpios, and i2c. Any other means of
generating good random numbers?

http://pcengines.ch/pdf/apu2.pdf

so I figure that there might be something even simpler out there from
the pi-ish or beaglebone world that could be repurposed to suit?

I've always wanted to have *3* hwrngs - one designed by the NSA,
another by the KGB, and one by open source folk, and to mix them
together.

-- 
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org

Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Luis E. Garcia]

[-- Attachment #1: Type: text/plain, Size: 1240 bytes --]

Dave,
Can you give me more details on how you were genereating Randon Numbers and
how did you run out of them.

Luis

On Wed, May 4, 2016 at 4:28 PM, Dave Taht <dave.taht@gmail.com> wrote:

> one of the few flaws in this board so far is that it does not appear
> the GX-412TC in it has a hardware random number generator.
>
> (yes, I just ran it out of random numbers)
>
> There are ton of "hardware random number generators out there" - quite
> a few fairly "cheap" ones on usb.
>
> The board has internal usb headers, gpios, and i2c. Any other means of
> generating good random numbers?
>
> http://pcengines.ch/pdf/apu2.pdf
>
> so I figure that there might be something even simpler out there from
> the pi-ish or beaglebone world that could be repurposed to suit?
>
> I've always wanted to have *3* hwrngs - one designed by the NSA,
> another by the KGB, and one by open source folk, and to mix them
> together.
>
> --
> Dave Täht
> Let's go make home routers and wifi faster! With better software!
> http://blog.cerowrt.org
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 2013 bytes --]

Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Dave Taht]

I was doing a bunch of long running flent tests through an ath10k card
in wpa2 mode on ubuntu and not running haveged or rng-tools going.

cat /dev/hwrng showed no hardware random number generator module
working, so I looked at the specs, didn't find one for the cpu. Have
not checked to see if the intel ethernet driver or the ath10k actually
add to the randomness pool... or apic...

watch cat /proc/sys/kernel/random/entropy_avail

is my idea of entertainment on a tuesday afternoon. I do see it
refilling at a reasonable rate tho, even without haveged.

I *like* hwrngs.


On Wed, May 4, 2016 at 5:16 PM, Luis E. Garcia <luis@bitamins.net> wrote:
> Dave,
> Can you give me more details on how you were genereating Randon Numbers and
> how did you run out of them.
>
> Luis
>
> On Wed, May 4, 2016 at 4:28 PM, Dave Taht <dave.taht@gmail.com> wrote:
>>
>> one of the few flaws in this board so far is that it does not appear
>> the GX-412TC in it has a hardware random number generator.
>>
>> (yes, I just ran it out of random numbers)
>>
>> There are ton of "hardware random number generators out there" - quite
>> a few fairly "cheap" ones on usb.
>>
>> The board has internal usb headers, gpios, and i2c. Any other means of
>> generating good random numbers?
>>
>> http://pcengines.ch/pdf/apu2.pdf
>>
>> so I figure that there might be something even simpler out there from
>> the pi-ish or beaglebone world that could be repurposed to suit?
>>
>> I've always wanted to have *3* hwrngs - one designed by the NSA,
>> another by the KGB, and one by open source folk, and to mix them
>> together.
>>
>> --
>> Dave Täht
>> Let's go make home routers and wifi faster! With better software!
>> http://blog.cerowrt.org
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>



-- 
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org

Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Josh Datko]

On Wed, 2016-05-04 at 16:28 -0700, Dave Taht wrote:
> so I figure that there might be something even simpler out there from
> the pi-ish or beaglebone world that could be repurposed to suit?

I've used Atmel's CryptoAuthentication chips routinely. They are i2c
based and have a (proprietary) RNG on them. I have a few linux driver
options for using them.

Presumably, you want this HWRNG thing to be inside the case. Looking at
that pdf, jumper J4 says it's an I2C connector. Those Atmel chips I was
playing with are all i2c, so you could try flywiring those to the
connector.

I'm not sure what pin is what, but PWR and GND should be easy to find
and then SDA/SCL I just plug and and try. If it doesn't work, swap the
pins.

As long as the CPU has access to that i2c bus, (is there an i2c-tools
equivalent on cerowrt?), then you should see it.

miniPCIe has I2C as well. I had this idea once to take a miniPCI card
and solder the atmel chips to the SDA/SCL lines.

8-pin molex connectors should be easy to find and it probably wouldn't
be too bad to make it a "proper" expansion board, but ... loose wires
make life more exciting :)

Josh

links:

Out-of-tree kernel driver for Atmel AT204/108/508 chips with /dev/hwrng
support: https://github.com/cryptotronix/atsha204-i2c

CLI application using the AT204: https://github.com/cryptotronix/hashle
t

Digikey: https://www.digikey.com/product-detail/en/atmel/ATECC508A-SSHD
A-B/ATECC508A-SSHDA-B-ND/5213053

^ The 204A are cheaper, the 508A have ECDSA/ECDH as well as the RNG and
my "eclet" driver will support ecdsa signing/ecdh, so might as well get
those vs. the 204A.

Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Dave Taht]

On Thu, May 5, 2016 at 9:10 AM, Josh Datko <jbdatko@gmail.com> wrote:
> On Wed, 2016-05-04 at 16:28 -0700, Dave Taht wrote:
>> so I figure that there might be something even simpler out there from
>> the pi-ish or beaglebone world that could be repurposed to suit?
>
> I've used Atmel's CryptoAuthentication chips routinely. They are i2c
> based and have a (proprietary) RNG on them. I have a few linux driver
> options for using them.

I forget how fast those chips were (?)

> Presumably, you want this HWRNG thing to be inside the case. Looking at
> that pdf, jumper J4 says it's an I2C connector. Those Atmel chips I was
> playing with are all i2c, so you could try flywiring those to the
> connector.
>
> I'm not sure what pin is what, but PWR and GND should be easy to find
> and then SDA/SCL I just plug and and try. If it doesn't work, swap the
> pins.
>
> As long as the CPU has access to that i2c bus, (is there an i2c-tools
> equivalent on cerowrt?), then you should see it.

"cerowrt" as "cerowrt" is dead, I'm doing as much work as possible in
the easier to debug x86 world.


> miniPCIe has I2C as well. I had this idea once to take a miniPCI card
> and solder the atmel chips to the SDA/SCL lines.

Meh. If there is a decent gpio header on j.random x86 board, I'd just
as soon use that.

>
> 8-pin molex connectors should be easy to find and it probably wouldn't
> be too bad to make it a "proper" expansion board, but ... loose wires
> make life more exciting :)
>
> Josh
>
> links:
>
> Out-of-tree kernel driver for Atmel AT204/108/508 chips with /dev/hwrng
> support: https://github.com/cryptotronix/atsha204-i2c
>
> CLI application using the AT204: https://github.com/cryptotronix/hashle
> t
>
> Digikey: https://www.digikey.com/product-detail/en/atmel/ATECC508A-SSHD
> A-B/ATECC508A-SSHDA-B-ND/5213053
>
> ^ The 204A are cheaper, the 508A have ECDSA/ECDH as well as the RNG and
> my "eclet" driver will support ecdsa signing/ecdh, so might as well get
> those vs. the 204A.
>
>
>



-- 
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org

Re: [Cerowrt-devel] pcengines apu2c4 hardware random number generation

[Josh Datko]

On Fri, 2016-05-06 at 13:19 -0700, Dave Taht wrote:
> On Thu, May 5, 2016 at 9:10 AM, Josh Datko <jbdatko@gmail.com> wrote:
> > 
> I forget how fast those chips were (?)

The get_random command, from the perspective of the Atmel chip, takes
on average, 11ms to return 32bytes of random numbers, with a max of
50ms (from the ATSHA204A datasheet). 

Practically however, you have to account for the kernel processing,
100khz I2C send and return up the stack.

> Meh. If there is a decent gpio header on j.random x86 board, I'd just
> as soon use that.

Yeah, I hear you. What I do is I split my video cable and hijack the
i2c and power lines from that (typically used to read the EDID from the
monitor) so I can develop on my workstation.

You board didn't seem to have a video connection, otherwise I'd suggest
that. I made a VGA2I2C board that you can get on OSHPark if you want to
solder on some N-channel mosfets and some 0603 resistors.

Otherwise, the drivers all use either the kernel's i2c subsytem or in
userspace, the ioctl. So, afaik, there'd have to be an i2c-bitbang
hardware abstract layer used to use random GPIO pins.