AMD CCP and TPM as enropy sources

[pietrushnic]

We should provide some documentation and tests to show how entropy sources can be used. We should take a look at entropy sources in light of firewall OSes, which may require entropy to provide various services.

This issue was motivated by discussion from IPFire forum

[silentcreek]

This would be interesting. As far as I understand, the CCP is not usable on the APU2. But if I'm not mistaken, a TPM module might be. So maybe the first thing to document would be which TPM module(s) work with the APU2 and where they can be sourced. I checked on PC Engines' website and they don't seem to offer a module. I found two places that offer a module for the APU2, both of which are out of stock, unfortunately. I found one store which has them in stock, but shipping costs would be higher than the costs of the module, so it's quite expensive...

[mkopec]

Looks like the CCP can be used as an entropy source on the APU2, on Debian 11, not sure how much entropy it actually generates though:

cat /sys/devices/virtual/misc/hw_random/rng_available
ccp-1-rng

Also there's some related documentation at the OpenWRT wiki: https://openwrt.org/toh/pcengines/apu2#cryptographic_hardware

This topic seems worth additional investigation

[miczyg1]

I am not sure it is still possible. We have removed PSP Secure OS from PSP firmware a long time ago. It may not be functional anymore

[silentcreek]

@mkopec I just checked on Debian 11, and while it says that ccp-1-rng is the "current" rng, /dev/hwrandom does not provide any entropy. If I check with hexdump, I only get "ffff" back. I also recall trying installing rngd which looks for /dev/hwrng and is supposed to test the quality of the entropy it gets during initialization. On my APU2 rngd fails to start complaining that no hardware rng/entropy source is available. So, I guess it's really not usable.

@miczyg1 That makes me wonder, though, whether the ccp kernel module should be blacklisted entirely on APU2 systems...

[nicklowe]

I am not sure it is still possible. We have removed PSP Secure OS from PSP firmware a long time ago. It may not be functional anymore

Why was it removed? It seems useful to have the CCP functions available if reasonably possible, at least an option to enable them.

[nicklowe]

Seems from https://review.coreboot.org/c/coreboot/+/31075 but I am not sure it fully considered this use case.

[miczyg1]

I wonder why ccp kernel module does not unregister itself if the entropy is not usable or the PSP is not functional. You are free to blacklist the module if you want and we may add a documentation regarding PSP as entropy source.

@nicklowe it has been removed because:

1. PSP was not initialized and used by coreboot.
2. PSP is by many considered a security threat as it is more privileged than the CPU.
3. We never got fTPM or entropy working earlier.

[miczyg1]

But I think it found the culprit quickly... It seems the RNG still works despite the firmware being stripped (which is good). For Linux the workaround is as follows:

# ensure ccp is the rng source
$ cat /sys/devices/virtual/misc/hw_random/rng_current 
ccp-1-rng
$ setpci -s 8.0 48.L=0x0000003d
# check if the value has been set in PCI and does not return 00000000
$ setpci -s 8.0 48.L
0000003d
# read from hwrng
$ dd if=/dev/hwrng count=1K iflag=count_bytes 2> /dev/null |xxd
00000000: fc2b 3a6c 8bcf 668e 7dcf cdce 47d2 66aa  .+:l..f.}...G.f.
00000010: 1640 fa6f c0dd 7356 5c21 dd16 bc02 f409  .@.o..sV\!......
00000020: a3e9 e400 60a3 3a9f d8e4 9e0e bf68 79a5  ....`.:......hy.
00000030: b796 c3ed c81d 0bf5 8bdf 5ad1 f462 501d  ..........Z..bP.
00000040: 96ca 2267 3854 b5f4 d52c eb50 3c8c d3b4  .."g8T...,.P<...
00000050: 3e35 b5ea 73b1 7268 a248 6ad6 650d e232  >5..s.rh.Hj.e..2
00000060: 9199 b1c1 5b11 a26c 0b5f b3ff 1cc6 5b57  ....[..l._....[W
00000070: 7f98 fc34 5093 799e adc2 2cc5 a880 cc37  ...4P.y...,....7
00000080: ec62 4c45 f89f e7b3 40c3 b889 1806 cef0  .bLE....@.......
00000090: 483f 2169 4cf2 aa18 0bfc 7a67 ef7d 7998  H?!iL.....zg.}y.
000000a0: 5de0 6097 6a97 eb84 aba5 266c 9349 5e8f  ].`.j.....&l.I^.
000000b0: dd89 0d2b 4850 5fb1 b1ee b6bb d3ef 2380  ...+HP_.......#.
000000c0: c036 9e33 2aeb 0cc3 877b 3025 678a 78b2  .6.3*....{0%g.x.
000000d0: 226e 0154 f93c dace 781a 4bd6 e992 815e  "n.T.<..x.K....^
000000e0: 56a6 5cf2 c32c 72ff 2c97 7c49 4850 6e0a  V.\..,r.,.|IHPn.
000000f0: b823 4c7c b2f8 ee26 330b 9468 9030 62d6  .#L|...&3..h.0b.
00000100: 21dc 6bd6 74f6 263b 4200 544c 2e71 94d8  !.k.t.&;B.TL.q..
00000110: 119c 7408 4500 0177 61af 56a3 e76f 3b8d  ..t.E..wa.V..o;.
00000120: 42c6 7d1d f516 15b3 3d23 64e5 7603 9369  B.}.....=#d.v..i
00000130: e157 c60a e2db 7273 5d69 f99d 1e2e 5266  .W....rs]i....Rf
00000140: b08d 1467 6727 b265 8df2 3815 1bec 23f7  ...gg'.e..8...#.
00000150: 633b ba49 61c9 3206 0dec e223 5a1b 3c44  c;.Ia.2....#Z.<D
00000160: ab61 7491 c825 c4e1 429e 5c67 f9e1 4b45  .at..%..B.\g..KE
00000170: a034 5ec3 e7a9 c7ba 1277 964d 2602 d0df  .4^......w.M&...
00000180: b3ed 8037 3c03 ab27 e7d2 b5e2 15af a26e  ...7<..'.......n
00000190: 5fc8 7b81 452d c1c1 c0e8 5c16 38f3 0dd1  _.{.E-....\.8...
000001a0: 1e18 d547 dc86 25f8 3239 8e28 b38d 77e1  ...G..%.29.(..w.
000001b0: 0178 eab1 5bd7 6ad2 4eb1 e350 0e53 0703  .x..[.j.N..P.S..
000001c0: 2cbb 64dd 8606 cb26 473b 34fe 67ac 4302  ,.d....&G;4.g.C.
000001d0: 8175 2cb2 9b50 da95 b408 88c1 28b5 dcae  .u,..P......(...
000001e0: 704b 5a76 e5eb 024e 6994 72f2 54f1 bdad  pKZv...Ni.r.T...
000001f0: 8382 cbf7 594a d6d2 f6f1 3956 15aa 8ca6  ....YJ....9V....
00000200: 642e 63b7 481d adcd 357c db26 2a01 5606  d.c.H...5|.&*.V.
00000210: c393 d6ee e60d 8037 b94d fe81 a210 4418  .......7.M....D.
00000220: 8a37 2b15 7db7 8134 c4bc cdb9 5dc3 270f  .7+.}..4....].'.
00000230: 9ada e939 7e54 8a48 3e65 8a36 6227 bc87  ...9~T.H>e.6b'..
00000240: 0592 9d60 6419 079b fb32 3de3 b0a1 172c  ...`d....2=....,
00000250: 62d7 2780 2815 09bf 80ac 3006 0dce c369  b.'.(.....0....i
00000260: 28ec 4e91 386d af8b ab9a cbdc ef73 c0c5  (.N.8m.......s..
00000270: c944 8821 f3fe f214 c186 6b76 e29d 4a9a  .D.!......kv..J.
00000280: a996 b21e d02a a7b0 aabe b933 db13 7df5  .....*.....3..}.
00000290: f913 1415 883c 51b3 22e9 f79b b318 9c25  .....<Q."......%
000002a0: 9198 f82b 58ac 5a32 c58d b2f9 d58b 103f  ...+X.Z2.......?
000002b0: c78d 0a31 4e95 5cf3 0ad0 9552 d593 f96e  ...1N.\....R...n
000002c0: 1e40 fb25 5e19 9cb9 355e 751a 998f 2a2c  .@.%^...5^u...*,
000002d0: 3954 4c50 9b3d 89c2 31d3 0bdc f5f6 f49e  9TLP.=..1.......
000002e0: 0c5d cb03 cebd 1aeb 5312 958d 0260 f167  .]......S....`.g
000002f0: 7ce9 6498 e84d bc41 b2b4 d0ca cc43 fe25  |.d..M.A.....C.%
00000300: 42b4 cc24 fa11 e26a a2ef 9c3e 860e 8df2  B..$...j...>....
00000310: 7641 c977 ff27 1e2c 79c1 9022 ea57 94cc  vA.w.'.,y..".W..
00000320: 2d5c 02e9 7fda d804 ae1c 7177 9700 3108  -\........qw..1.
00000330: b87b 75d7 483e baa1 1108 0dd5 3c62 016e  .{u.H>......<b.n
00000340: 55da 0d7d af75 94a4 6c18 1959 daba 61ff  U..}.u..l..Y..a.
00000350: 94f2 aa1f ecc1 0805 45b3 f61f 75f7 56bb  ........E...u.V.
00000360: 175c 3a2a 4832 a735 4a9e 66ca f598 53ac  .\:*H2.5J.f...S.
00000370: 019c 5f8e 057f 487e 9850 2d34 72e9 1461  .._...H~.P-4r..a
00000380: b8a3 cd98 277f 1f1c 8b0e 93ab 822d c3b7  ....'........-..
00000390: d7f9 67f0 052b e28e 7b28 c2d4 e243 dcad  ..g..+..{(...C..
000003a0: 183b 5d24 d659 dd99 1b4b 5a8e d063 bdd5  .;]$.Y...KZ..c..
000003b0: 7538 786a 3af3 8a2c 2d52 5275 45a3 8368  u8xj:..,-RRuE..h
000003c0: 881f 1108 12af e01b 99e3 75f3 b890 f467  ..........u....g
000003d0: 4df7 1509 ebcc 2b37 aef1 57b4 d9b2 f7e6  M.....+7..W.....
000003e0: 2cf6 6d99 8bce 5f64 91a5 05f1 ee4a edbf  ,.m..._d.....J..
000003f0: 84a5 554e d55d 625c aa56 177d 4032 1eac  ..UN.]b\.V.}@2..

Happy "entropying". In BSD pciconf can probably give the same results although I don't know what is the RNG devnode there,

We can issue a fix in our firmware releases for it.

[pietrushnic]

@miczyg1 wow, those are great news. It took us almost 4 years. This fix has great impact on whole firewall/VPN ecosystem and should be correctly highlighted in documentation. I think our validation also should pick it up, so maybe some *BSD and Linux distros can leverage that and squeeze more from the platform.

[bdd]

@pietrushnic I'm not sure if anything on Linux was relying on /dev/hwrng in terms of performance. Most correctly behaving software would use /dev/{u,}random or even better getrandom(2) CSPRNG as their entropy source. FWIW /dev/hwrng is only readable by root, so wasn't intended for system wide consumption.

I don't intend to be a buzzkill. Certainly enabling CCP is a nice addition. A smoke test with ent shows it matches urandom in "randomness". and ~3MB/sec is certainly neat but not quite sure if too relevant when there's a proper CSPRNG provided by the kernel.

% sudo dd if=/dev/hwrng count=16M iflag=count_bytes | ent -b
32768+0 records in
32768+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 5.98879 s, 2.8 MB/s
Entropy = 1.000000 bits per bit.

Optimum compression would reduce the size
of this 134217728 bit file by 0 percent.

Chi square distribution for 134217728 samples is 0.41, and randomly
would exceed this value 52.09 percent of the times.

Arithmetic mean value of data bits is 0.5000 (0.5 = random).
Monte Carlo value for Pi is 3.140811715 (error 0.02 percent).
Serial correlation coefficient is 0.000020 (totally uncorrelated = 0.0).

% dd if=/dev/urandom count=16M iflag=count_bytes 2>/dev/null | ent -b
Entropy = 1.000000 bits per bit.

Optimum compression would reduce the size
of this 134217728 bit file by 0 percent.

Chi square distribution for 134217728 samples is 1.17, and randomly
would exceed this value 28.04 percent of the times.

Arithmetic mean value of data bits is 0.5000 (0.5 = random).
Monte Carlo value for Pi is 3.141439710 (error 0.00 percent).
Serial correlation coefficient is -0.000047 (totally uncorrelated = 0.0)

[pietrushnic]

@bdd buzzkill is needed when facts say so. Definitely I was happy to see action after almost 4 years, but as you wrote this is not so big thing. Speaking about quality of this RNG I'm not an expert, but reading ent documentation seem that Chi square distribution is quite good for AMD CCP in comparison to urandom. For firewall/VPN probably the only thing here would be CPU offloading which can give small improvement for that old SoC in comparison to devices not using hwrng.

[silentcreek]

@miczyg1 I can confirm, with your workaround rngd starts just fine now and seems to accept /dev/hwrng as a valid entropy source. Well done. Just out of curiosity, what does your setpci workaround actually change?

[nicklowe]

I think this is fantastic as a good source of high quality entropy. Well done, and thank you.

[miczyg1]

@silentcreek I would need to find public references to tell you what it does specifically. It comes from confidential BKDG. Here you may find partial information what the register contains (but not all bits are defined): https://github.com/coreboot/coreboot/blob/master/src/soc/amd/stoneyridge/include/soc/southbridge.h#L149

[mkopec]

Closing as resolved by https://github.com/pcengines/coreboot/pull/505