[Soekris] vpn1411 RNG, FreeBSD 7: how to activate?
James R. Van Artsdalen
soekris-tech at jrv.org
Thu Sep 4 08:46:52 UTC 2008
Patrick Lamaizière wrote:
> Le Tue, 02 Sep 2008 18:15:00 -0500,
> "James R. Van Artsdalen" <soekris-tech at jrv.org> a écrit :
>> Has Hi/fn stated what kind of random number generator the 7955 has?
>> How is this enabled in FreeBSD 7? I've added these lines to the
>> kernel config file:
>> device crypto # core crypto support
>> device cryptodev # /dev/crypto for access to h/w
>> device hifn # Hifn 7951, 7781, etc.
>> options HIFN_DEBUG # enable debugging support: hw.hifn.debug
>> options HIFN_RNDTEST # enable rndtest support
>> device rndtest # FIPS 140-2 entropy tester
>> I'm not convinced it's being used instead of the kernal's Yarrow
> It should work.
> By default rndtest only reports failure, use the sysctl
> kern.rndtest.verbose=2 (not sure for the sysctl, something like that) to
> reports success.
Thanks. rndtest is working but the hifn is apparently not being used by
openssl at all - hifnstats reports no activity as a result of "openssl
speed". cryptostats reports no activity either. cryptotest does result
in some activity in cryptostats and hifnstats so it may be an openssl
issue with /dev/crypto
It's still not clear if the kernel is using the hifn for random numbers
or not. And even if it is, I can't find any indication of what sort of
RNG hifn uses or how good it is.
More information about the Soekris-tech