random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

Andrey V. Elsukov
Hi,

today I updated one of my test machines and discovered that message from
the subject periodically printed in the console.

FreeBSD 13.0-CURRENT r347327=4f47587(svn_head) GENERIC-NODEBUG amd64
FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on
LLVM 8.0.0)
VT(vga): resolution 640x480
CPU: Intel(R) Xeon(R) CPU E5-2660 v4@ 2.00GHz (2000.04-MHz K8-class CPU)
...
real memory  = 68719476736 (65536 MB)
avail memory = 66722340864 (63631 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <SUPERM SMCI--MB>
FreeBSD/SMP: Multiprocessor System Detected: 28 CPUs
FreeBSD/SMP: 2 package(s) x 14 core(s)
...

% grep -c random /var/run/dmesg.boot
606

% grep random /var/run/dmesg.boot | head -10
__stack_chk_init: WARNING: Initializing stack protection with non-random
cookies!
random: entropy device external interface
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
arc4random: WARNING: initial seeding bypassed the cryptographic random
device because it was not yet seeded and the knob
'bypass_before_seeding' was enabled.
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
returned no entropy.
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
returned no entropy.
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
returned no entropy.
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
returned no entropy.
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
returned no entropy.

% sysctl -a | grep -v random_sources_feed | grep rand
kern.fallback_elf_brand: -1
device random
device rdrand_rng
kern.randompid: 0
kern.elf32.fallback_brand: -1
kern.elf64.fallback_brand: -1
kern.random.fortuna.minpoolsize: 64
kern.random.harvest.mask_symbolic:
PURE_RDRAND,[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
kern.random.harvest.mask_bin: 000000010000000111011111
kern.random.harvest.mask: 66015
kern.random.use_chacha20_cipher: 0
kern.random.block_seeded_status: 0
kern.random.random_sources: 'Intel Secure Key RNG'
kern.random.initial_seeding.disable_bypass_warnings: 0
kern.random.initial_seeding.arc4random_bypassed_before_seeding: 1
kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
kern.random.initial_seeding.bypass_before_seeding: 1
net.inet.ip.portrange.randomtime: 45
net.inet.ip.portrange.randomcps: 10
net.inet.ip.portrange.randomized: 1
net.inet.ip.random_id_total: 0
net.inet.ip.random_id_collisions: 0
net.inet.ip.random_id_period: 0
net.inet.ip.random_id: 0
net.key.int_random: 60
debug.fail_point.status_fill_kinfo_vnode__random_path: off
debug.fail_point.fill_kinfo_vnode__random_path: off
debug.fail_point.status_random_fortuna_pre_read: off
debug.fail_point.random_fortuna_pre_read: off
security.stack_protect.permit_nonrandom_cookies: 1

--
WBR, Andrey V. Elsukov


signature.asc (566 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

Ian Lepore-3
On Wed, 2019-05-08 at 19:13 +0300, Andrey V. Elsukov wrote:

> Hi,
>
> today I updated one of my test machines and discovered that message
> from
> the subject periodically printed in the console.
>
> FreeBSD 13.0-CURRENT r347327=4f47587(svn_head) GENERIC-NODEBUG amd64
> FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on
> LLVM 8.0.0)
> VT(vga): resolution 640x480
> CPU: Intel(R) Xeon(R) CPU E5-2660 v4@ 2.00GHz (2000.04-MHz K8-class
> CPU)
> ...
> real memory  = 68719476736 (65536 MB)
> avail memory = 66722340864 (63631 MB)
> Event timer "LAPIC" quality 600
> ACPI APIC Table: <SUPERM SMCI--MB>
> FreeBSD/SMP: Multiprocessor System Detected: 28 CPUs
> FreeBSD/SMP: 2 package(s) x 14 core(s)
> ...
>
> % grep -c random /var/run/dmesg.boot
> 606
>
> % grep random /var/run/dmesg.boot | head -10
> __stack_chk_init: WARNING: Initializing stack protection with non-
> random
> cookies!
> random: entropy device external interface
> random: registering fast source Intel Secure Key RNG
> random: fast provider: "Intel Secure Key RNG"
> arc4random: WARNING: initial seeding bypassed the cryptographic
> random
> device because it was not yet seeded and the knob
> 'bypass_before_seeding' was enabled.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key
> RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key
> RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key
> RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key
> RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key
> RNG'
> returned no entropy.
>
> % sysctl -a | grep -v random_sources_feed | grep rand
> kern.fallback_elf_brand: -1
> device random
> device rdrand_rng
> kern.randompid: 0
> kern.elf32.fallback_brand: -1
> kern.elf64.fallback_brand: -1
> kern.random.fortuna.minpoolsize: 64
> kern.random.harvest.mask_symbolic:
> PURE_RDRAND,[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN
> ,MOUSE,KEYBOARD,ATTACH,CACHED
> kern.random.harvest.mask_bin: 000000010000000111011111
> kern.random.harvest.mask: 66015
> kern.random.use_chacha20_cipher: 0
> kern.random.block_seeded_status: 0
> kern.random.random_sources: 'Intel Secure Key RNG'
> kern.random.initial_seeding.disable_bypass_warnings: 0
> kern.random.initial_seeding.arc4random_bypassed_before_seeding: 1
> kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
> kern.random.initial_seeding.bypass_before_seeding: 1
> net.inet.ip.portrange.randomtime: 45
> net.inet.ip.portrange.randomcps: 10
> net.inet.ip.portrange.randomized: 1
> net.inet.ip.random_id_total: 0
> net.inet.ip.random_id_collisions: 0
> net.inet.ip.random_id_period: 0
> net.inet.ip.random_id: 0
> net.key.int_random: 60
> debug.fail_point.status_fill_kinfo_vnode__random_path: off
> debug.fail_point.fill_kinfo_vnode__random_path: off
> debug.fail_point.status_random_fortuna_pre_read: off
> debug.fail_point.random_fortuna_pre_read: off
> security.stack_protect.permit_nonrandom_cookies: 1
>

Fixed in r347329.

--Ian

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

Michael Tuexen-2
In reply to this post by Andrey V. Elsukov
> On 8. May 2019, at 18:13, Andrey V. Elsukov <[hidden email]> wrote:
>
> Hi,
>
> today I updated one of my test machines and discovered that message from
> the subject periodically printed in the console.
Fixed in  https://svnweb.freebsd.org/changeset/base/347329

Best regards
Michael

>
> FreeBSD 13.0-CURRENT r347327=4f47587(svn_head) GENERIC-NODEBUG amd64
> FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on
> LLVM 8.0.0)
> VT(vga): resolution 640x480
> CPU: Intel(R) Xeon(R) CPU E5-2660 v4@ 2.00GHz (2000.04-MHz K8-class CPU)
> ...
> real memory  = 68719476736 (65536 MB)
> avail memory = 66722340864 (63631 MB)
> Event timer "LAPIC" quality 600
> ACPI APIC Table: <SUPERM SMCI--MB>
> FreeBSD/SMP: Multiprocessor System Detected: 28 CPUs
> FreeBSD/SMP: 2 package(s) x 14 core(s)
> ...
>
> % grep -c random /var/run/dmesg.boot
> 606
>
> % grep random /var/run/dmesg.boot | head -10
> __stack_chk_init: WARNING: Initializing stack protection with non-random
> cookies!
> random: entropy device external interface
> random: registering fast source Intel Secure Key RNG
> random: fast provider: "Intel Secure Key RNG"
> arc4random: WARNING: initial seeding bypassed the cryptographic random
> device because it was not yet seeded and the knob
> 'bypass_before_seeding' was enabled.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
>
> % sysctl -a | grep -v random_sources_feed | grep rand
> kern.fallback_elf_brand: -1
> device random
> device rdrand_rng
> kern.randompid: 0
> kern.elf32.fallback_brand: -1
> kern.elf64.fallback_brand: -1
> kern.random.fortuna.minpoolsize: 64
> kern.random.harvest.mask_symbolic:
> PURE_RDRAND,[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
> kern.random.harvest.mask_bin: 000000010000000111011111
> kern.random.harvest.mask: 66015
> kern.random.use_chacha20_cipher: 0
> kern.random.block_seeded_status: 0
> kern.random.random_sources: 'Intel Secure Key RNG'
> kern.random.initial_seeding.disable_bypass_warnings: 0
> kern.random.initial_seeding.arc4random_bypassed_before_seeding: 1
> kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
> kern.random.initial_seeding.bypass_before_seeding: 1
> net.inet.ip.portrange.randomtime: 45
> net.inet.ip.portrange.randomcps: 10
> net.inet.ip.portrange.randomized: 1
> net.inet.ip.random_id_total: 0
> net.inet.ip.random_id_collisions: 0
> net.inet.ip.random_id_period: 0
> net.inet.ip.random_id: 0
> net.key.int_random: 60
> debug.fail_point.status_fill_kinfo_vnode__random_path: off
> debug.fail_point.fill_kinfo_vnode__random_path: off
> debug.fail_point.status_random_fortuna_pre_read: off
> debug.fail_point.random_fortuna_pre_read: off
> security.stack_protect.permit_nonrandom_cookies: 1
>
> --
> WBR, Andrey V. Elsukov
>


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' returned no entropy.

Conrad Meyer-2
In reply to this post by Andrey V. Elsukov
Sorry about that. Please update to r347329.

Thanks,
Conrad

On Wed, May 8, 2019 at 9:16 AM Andrey V. Elsukov <[hidden email]> wrote:

> Hi,
>
> today I updated one of my test machines and discovered that message from
> the subject periodically printed in the console.
>
> FreeBSD 13.0-CURRENT r347327=4f47587(svn_head) GENERIC-NODEBUG amd64
> FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on
> LLVM 8.0.0)
> VT(vga): resolution 640x480
> CPU: Intel(R) Xeon(R) CPU E5-2660 v4@ 2.00GHz (2000.04-MHz K8-class CPU)
> ...
> real memory  = 68719476736 (65536 MB)
> avail memory = 66722340864 (63631 MB)
> Event timer "LAPIC" quality 600
> ACPI APIC Table: <SUPERM SMCI--MB>
> FreeBSD/SMP: Multiprocessor System Detected: 28 CPUs
> FreeBSD/SMP: 2 package(s) x 14 core(s)
> ...
>
> % grep -c random /var/run/dmesg.boot
> 606
>
> % grep random /var/run/dmesg.boot | head -10
> __stack_chk_init: WARNING: Initializing stack protection with non-random
> cookies!
> random: entropy device external interface
> random: registering fast source Intel Secure Key RNG
> random: fast provider: "Intel Secure Key RNG"
> arc4random: WARNING: initial seeding bypassed the cryptographic random
> device because it was not yet seeded and the knob
> 'bypass_before_seeding' was enabled.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
> random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG'
> returned no entropy.
>
> % sysctl -a | grep -v random_sources_feed | grep rand
> kern.fallback_elf_brand: -1
> device  random
> device  rdrand_rng
> kern.randompid: 0
> kern.elf32.fallback_brand: -1
> kern.elf64.fallback_brand: -1
> kern.random.fortuna.minpoolsize: 64
> kern.random.harvest.mask_symbolic:
>
> PURE_RDRAND,[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
> kern.random.harvest.mask_bin: 000000010000000111011111
> kern.random.harvest.mask: 66015
> kern.random.use_chacha20_cipher: 0
> kern.random.block_seeded_status: 0
> kern.random.random_sources: 'Intel Secure Key RNG'
> kern.random.initial_seeding.disable_bypass_warnings: 0
> kern.random.initial_seeding.arc4random_bypassed_before_seeding: 1
> kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
> kern.random.initial_seeding.bypass_before_seeding: 1
> net.inet.ip.portrange.randomtime: 45
> net.inet.ip.portrange.randomcps: 10
> net.inet.ip.portrange.randomized: 1
> net.inet.ip.random_id_total: 0
> net.inet.ip.random_id_collisions: 0
> net.inet.ip.random_id_period: 0
> net.inet.ip.random_id: 0
> net.key.int_random: 60
> debug.fail_point.status_fill_kinfo_vnode__random_path: off
> debug.fail_point.fill_kinfo_vnode__random_path: off
> debug.fail_point.status_random_fortuna_pre_read: off
> debug.fail_point.random_fortuna_pre_read: off
> security.stack_protect.permit_nonrandom_cookies: 1
>
> --
> WBR, Andrey V. Elsukov
>
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"