search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
536 stars 47 forks source link

Hardware TRNGs failing to work with VM #7660

Open TheWanderer1983 opened 2 years ago

TheWanderer1983 commented 2 years ago

How to file a helpful issue

Qubes OS release

xen_version : 4.14.5 Linux 5.15.52-1.fc32.qubes.x86_64

Installed Packages:

grub2-qubes-theme.x86_64 5.14.4-2.fc32 kernel-qubes-vm.x86_64 1000:5.10.90-1.fc32.qubes kernel-qubes-vm.x86_64 1000:5.15.52-1.fc32.qubes python3-qubesadmin.noarch 4.1.23-1.fc32 python3-qubesdb.x86_64 4.1.13-1.fc32 python3-qubesimgconverter.x86_64 4.1.16-1.fc32 qubes-anaconda-addon.noarch 4.1.8-1.fc32 qubes-artwork.noarch 4.1.12-1.fc32 qubes-artwork-anaconda.noarch 4.1.12-1.fc32 qubes-artwork-plymouth.noarch 4.1.12-1.fc32 qubes-audio-daemon.x86_64 4.1.21-1.fc32 qubes-audio-dom0.x86_64 4.1.21-1.fc32 qubes-core-admin-addon-whonix.noarch 4.1.1-1.fc32 qubes-core-admin-client.noarch 4.1.23-1.fc32 qubes-core-dom0.noarch 4.1.27-1.fc32 qubes-core-dom0-linux.x86_64 4.1.23-1.fc32 qubes-core-dom0-linux-kernel-install.x86_64 4.1.23-1.fc32 qubes-core-qrexec.x86_64 4.1.18-1.fc32 qubes-core-qrexec-dom0.x86_64 4.1.18-1.fc32 qubes-core-qrexec-libs.x86_64 4.1.18-1.fc32 qubes-db.x86_64 4.1.13-1.fc32 qubes-db-dom0.x86_64 4.1.13-1.fc32 qubes-db-libs.x86_64 4.1.13-1.fc32 qubes-desktop-linux-common.noarch 4.1.12-1.fc32 qubes-desktop-linux-manager.noarch 4.1.14-1.fc32 qubes-dom0-meta-packages.noarch 4.1.21-1.fc32 qubes-gpg-split-dom0.x86_64 2.0.60-1.fc32 qubes-gui-daemon.x86_64 4.1.21-1.fc32 qubes-gui-dom0.x86_64 4.1.21-1.fc32 qubes-img-converter-dom0.x86_64 1.2.11-1.fc32 qubes-input-proxy.x86_64 1.0.26-1.fc32 qubes-input-proxy-receiver.x86_64 1.0.26-1.fc32 qubes-input-proxy-sender.x86_64 1.0.26-1.fc32 qubes-libvchan-xen.x86_64 4.1.7-1.fc32 qubes-manager.noarch 4.1.23-1.fc32 qubes-menus.noarch 4.1.12-1.fc32 qubes-mgmt-salt.noarch 4.1.14-1.fc32 qubes-mgmt-salt-admin-tools.noarch 4.1.14-1.fc32 qubes-mgmt-salt-base.noarch 4.1.4-1.fc32 qubes-mgmt-salt-base-config.noarch 4.1.1-1.fc32 qubes-mgmt-salt-base-topd.noarch 4.1.3-1.fc32 qubes-mgmt-salt-config.noarch 4.1.14-1.fc32 qubes-mgmt-salt-dom0.noarch 4.1.14-1.fc32 qubes-mgmt-salt-dom0-qvm.noarch 4.1.4-1.fc32 qubes-mgmt-salt-dom0-update.noarch 4.1.9-1.fc32 qubes-mgmt-salt-dom0-virtual-machines.noarch 4.1.17-1.fc32 qubes-pdf-converter-dom0.x86_64 2.1.12-1.fc32 qubes-release.noarch 4.1-2.fc32 qubes-release-notes.noarch 4.1-2.fc32 qubes-repo-templates.noarch 4.1.2-1.fc32 qubes-rpm-oxide.x86_64 0.2.5-1.fc32 qubes-template-focal.noarch 4.0.6-202204180213 qubes-template-parrot.noarch 4.0.6-202204141236 qubes-usb-proxy-dom0.noarch 1.1.1-1.fc32 qubes-utils.x86_64 4.1.16-1.fc32 qubes-utils-libs.x86_64 4.1.16-1.fc32 xfce4-settings-qubes.x86_64 4.0.5-2.fc32

Brief summary

Trying to replicate OneRNG v3.0 and Infinite Noise TRNG on a (cloned) default debian 10 minimal template. Both hardware TRNGs are in working condition and a replicated working setup from a debian 10 non qubes template is used. Both result in same entropy_avail (256) and neither show signs of being used when generating entropy. cat /proc/sys/kernel/random/entropy_avail 256

OneRNG

OneRNG shows detected and drivers loaded in sys-usb but attachment to Debian results in errors in dmesg | less . I won't paste all urb/unlinks but there are many more. I tried adding more memory to the sys-usb but that didn't fix the problem. Those urb/unlinks don't show on the sys-usb side.

[52024.512020] usb 1-1: New USB device found, idVendor=1d50, idProduct=6086, bcd
Device= 0.09
[52024.512074] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3
[52024.512096] usb 1-1: Product: 00
[52024.512107] usb 1-1: Manufacturer: Moonbase Otago http://www.moonbaseotago.co
m/random
[52024.512157] usb 1-1: SerialNumber: 00
[52024.544845] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[52024.545443] usbcore: registered new interface driver cdc_acm
[52024.545466] cdc_acm: USB Abstract Control Model driver for USB modems and ISD
N adapters
[52025.580477] vhci_hcd: unlink->seqnum 34
[52025.580525] vhci_hcd: urb->status -104
[52025.584726] vhci_hcd: unlink->seqnum 35
[52025.584767] vhci_hcd: urb->status -104
[52025.590815] vhci_hcd: unlink->seqnum 36
[52025.590858] vhci_hcd: urb->status -104

lsusb -v 

Bus 001 Device 002: ID 1d50:6086 OpenMoko, Inc. OneRNG entropy device
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            2 Communications
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        32
  idVendor           0x1d50 OpenMoko, Inc.
  idProduct          0x6086 OneRNG entropy device
  bcdDevice            0.09
  iManufacturer           1 
  iProduct                3 
  iSerial                 3 
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0043
    bNumInterfaces          2
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              200mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              0 
      CDC Header:
        bcdCDC               1.10
      CDC ACM:
        bmCapabilities       0x06
          sends break
          line coding and serial state
      CDC Union:
        bMasterInterface        0
        bSlaveInterface         1 
      CDC Call Management:
        bmCapabilities       0x00
        bDataInterface          1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval              64
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 
      bInterfaceProtocol      0 
      iInterface              4 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x85  EP 5 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x05  EP 5 OUT
        bmAttributes            2
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1

sudo systemctl status rng-tools

â rng-tools.service
   Loaded: loaded (/etc/init.d/rng-tools; generated)
   Active: active (running) since Fri 2022-07-29 09:41:13 AEST; 8s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4798 ExecStart=/etc/init.d/rng-tools start (code=exited, status=0/SUCCESS)
    Tasks: 4 (limit: 4632)
   Memory: 368.0K
   CGroup: /system.slice/rng-tools.service
           ââ4800 /usr/sbin/rngd -r /dev/ttyACM0

Jul 29 09:41:13 TRNGDebian10 systemd[1]: Starting rng-tools.service...
Jul 29 09:41:13 TRNGDebian10 rng-tools[4798]: Starting Hardware RNG entropy gatherer daemon: rngd.
Jul 29 09:41:13 TRNGDebian10 systemd[1]: Started rng-tools.service.
Jul 29 09:41:13 TRNGDebian10 rngd[4800]: rngd 2-unofficial-mt.14 starting up...
Jul 29 09:41:13 TRNGDebian10 rngd[4800]: entropy feed to the kernel ready

stat /dev/ttyACM0

  File: /dev/ttyACM0
  Size: 0               Blocks: 0          IO Block: 4096   character special file
Device: 5h/5d   Inode: 416         Links: 1     Device type: a6,0
Access: (0600/crw-------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-07-29 09:41:13.522000000 +1000
Modify: 2022-07-29 09:27:20.522000000 +1000
Change: 2022-07-29 09:27:15.522000000 +1000

Infinite Noise

Infinite noise shows detected in sys-usb and driver loaded without errors on both the Debian Template and sys-usb. Infinite noise has a running service and is working in daemon mode. It has same entropy available as before 256.

dmesg | less

[53917.016644] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(0)
[53917.016671] vhci_hcd vhci_hcd.0: devid(327686) speed(2) speed_str(full-speed)
[53917.016697] vhci_hcd vhci_hcd.0: Device attached
[53917.182171] vhci_hcd: vhci_device speed not set
[53917.234149] usb 1-1: new full-speed USB device number 4 using vhci_hcd
[53917.298279] vhci_hcd: vhci_device speed not set
[53917.350222] usb 1-1: SetAddress Request (4) to port 0
[53917.383883] usb 1-1: New USB device found, idVendor=0403, idProduct=6015, bcdDevice=10.00
[53917.383957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[53917.384018] usb 1-1: Product: Infinite Noise TRNG
[53917.384128] usb 1-1: Manufacturer: 13-37.org
[53917.384171] usb 1-1: SerialNumber: 1337-AEBD06A1
[53917.397521] ftdi_sio 1-1:1.0: FTDI USB Serial Device converter detected
[53917.397643] usb 1-1: Detected FT-X
[53917.406447] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB

sudo systemctl status infnoise

â infnoise.service - Wayward Geek InfNoise TRNG driver
   Loaded: loaded (/lib/systemd/system/infnoise.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-07-29 09:57:29 AEST; 2min 40s ago
  Process: 5854 ExecStart=/usr/sbin/infnoise --dev-random --daemon --pidfile /var/run/infnoise.pid (code=exited, sta
 Main PID: 5857 (infnoise)
    Tasks: 1 (limit: 4632)
   Memory: 692.0K
   CGroup: /system.slice/infnoise.service
           ââ5857 /usr/sbin/infnoise --dev-random --daemon --pidfile /var/run/infnoise.pid

Jul 29 09:57:29 TRNGDebian10 systemd[1]: Starting Wayward Geek InfNoise TRNG driver...
Jul 29 09:57:29 TRNGDebian10 systemd[1]: Started Wayward Geek InfNoise TRNG driver.

cat /proc/sys/kernel/random/entropy_avail

256

Steps to reproduce

1.Clone Debian minimal template

  1. Install OneRNG as per https://onerng.info
  2. Install Infinite Noise as per github repo direction

Expected behavior

Entropy available increase and devices being utilised when generating entropy

Actual behavior

Entropy staying at 256 when both devices attached no signs of devices being used while generating entropy.

brendanhoar commented 2 years ago

An alternate strategy, depending on how many usb controllers are available on your system, would be to attach a pci usb controller to the vm (disable memory balancing) which needs to use these devices. That way you aren't dependent on usbip being issue-free with your device type.

B

TheWanderer1983 commented 2 years ago

An alternate strategy, depending on how many usb controllers are available on your system, would be to attach a pci usb controller to the vm (disable memory balancing) which needs to use these devices. That way you aren't dependent on usbip being issue-free with your device type.

Okay I turned off sys-usb and directly attached the usb controller to the debian template. In advanced setting I tried virtualization PV and HVM, turned off memory balancing. The OneRNG now loads without any unlink or urb errors from dmesg. However there still is no functionality or call on the device. Entropy available still 256. rng-tools is showing /dev/ttyACM0 and active, but no call to the device for example, cat /dev/random > /dev/null. Same with Infinite noise. No change.

TheWanderer1983 commented 2 years ago

Hello all, Just thought I would try with the debian-10 template not the debian-10-minimal. Same issues, didn't fix.