On Wed, Jan 6, 2016 at 5:21 PM, Anatoly Pugachev <mator...@gmail.com> wrote: > On Wed, Jan 6, 2016 at 5:24 AM, Ben Hutchings <b...@decadent.org.uk> wrote: >> Control: tag -1 moreinfo >> >> On Mon, 2016-01-04 at 13:48 +0300, Anatoly Pugachev wrote: >>> Package: src:linux >>> Version: 4.3.3-2 >>> Severity: wishlist >>> >>> Dear Maintainer, >>> >>> Can you please enable CONFIG_TCG_TPM (TPM security chip) and >>> CONFIG_HW_RANDOM_TPM linux kernel config options (as modules), to >>> enable hardware RNG device for use in LDOM (containers) of debian >>> sparc64. >>> >>> Right now, there's no hardware RNG provider is available : >> [...] >> >> Both of those are generic TPM code and won't help you without a driver >> for the specific TPM that's present in LDOMs. >> >> I can't find any hint in the kernel source of which driver is needed >> for an LDOM, even in the UEK patched source, so perhaps it is out-of- >> tree? > > Ben, well, > > I'm going to build a generic (vanilla) kernel with this CONFIGs and > test how it would work. Going to report back soon. Thanks.
Ben, you was right, this modules does not help. root@deb4g:/home/mator# lsmod | grep rng tpm_rng 1020 0 n2_rng 6878 0 rng_core 8172 2 n2_rng,tpm_rng root@deb4g:/home/mator# cat /sys/class/misc/hw_random/rng_available tpm-rng rngd still gives error: root@deb4g:/home/mator# rngd -f -r /dev/hwrng error reading from entropy source:: No such device I don't know, but I probably should report to upstream kernel bugzilla, about n2_rng, that it does not work. Openbsd says [1] it does support it (starting from T1 and T2 processors), Solaris says [2] it does support it (from T2 till M6 processors, including this machine T5 cpu) running show-devs from openboot console for this LDOM, i can see random-number-generator device is being present: {0} ok show-devs /cpu@3 /cpu@2 /cpu@1 /cpu@0 /virtual-devices@100 /reboot-memory@0 /iscsi-hba /virtual-memory /memory@m0,30000000 /aliases /options /openprom /chosen /packages /virtual-devices@100/channel-devices@200 /virtual-devices@100/console@1 /virtual-devices@100/random-number-generator@e /virtual-devices@100/flashprom@0 /virtual-devices@100/channel-devices@200/virtual-domain-service@0 /virtual-devices@100/channel-devices@200/pciv-communication@0 /virtual-devices@100/channel-devices@200/disk@1 /virtual-devices@100/channel-devices@200/disk@0 /virtual-devices@100/channel-devices@200/network@0 /iscsi-hba/disk /openprom/client-services /packages/vnet-helper-pkg /packages/vdisk-helper-pkg /packages/obp-tftp /packages/kbd-translator /packages/SUNW,asr /packages/dropins /packages/terminal-emulator /packages/disk-label /packages/deblocker /packages/SUNW,builtin-drivers {0} ok but n2_rng does not see it. I'm going to test a more recent kernel, instead of 4.1.15. The choice of old 4.1.15 kernel to test, was because oracle sparc linux is using 4.1.8, and i wanted to test it first. Compiling 4.4rc8 right now... Searching on the web, found [3], where cpu is T4 and 4.3.0 kernel, but n2rng gives more messages on boot. Sorry for wrong feature request, please close this bug as non-valid. Thanks. 1. http://undeadly.org/cgi?action=article&sid=20090201164147 2. http://prsync.com/oracle/solaris-random-number-generation-570469/ 3. https://lkml.org/lkml/2015/10/30/678