xref: /freebsd/sys/dev/random/rdseed.c (revision 51e8e8b0f36933814b1be08913857727876aece5) 
1 /*-
2  * Copyright (c) 2013, 2025, David E. O'Brien <deo@NUXI.org>
3  * Copyright (c) 2013 The FreeBSD Foundation
4  * Copyright (c) 2012 Konstantin Belousov <kib@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Portions of this software were developed by Konstantin Belousov
8  * under sponsorship from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer
15  *    in this position and unchanged.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/param.h>
34 #include <sys/kernel.h>
35 #include <sys/conf.h>
36 #include <sys/lock.h>
37 #include <sys/malloc.h>
38 #include <sys/module.h>
39 #include <sys/random.h>
40 #include <sys/sysctl.h>
41 #include <sys/systm.h>
42 
43 #include <machine/md_var.h>
44 #include <machine/specialreg.h>
45 #include <x86/ifunc.h>
46 
47 #include <dev/random/randomdev.h>
48 
49 #define	RETRY_COUNT	10
50 
51 static u_int random_rdseed_read(void *, u_int);
52 
53 static struct random_source random_rdseed = {
54 	.rs_ident = "Intel Secure Key Seed",
55 	.rs_source = RANDOM_PURE_RDSEED,
56 	.rs_read = random_rdseed_read
57 };
58 
59 SYSCTL_NODE(_kern_random, OID_AUTO, rdseed, CTLFLAG_RW, 0,
60     "rdseed (x86) entropy source");
61 /* XXX: kern.random.rdseed.enabled=0 also disables RDRAND */
62 static bool enabled = true;
63 SYSCTL_BOOL(_kern_random_rdseed, OID_AUTO, enabled, CTLFLAG_RDTUN, &enabled, 0,
64     "If zero, disable the use of RDSEED.");
65 
66 static bool
67 x86_rdseed_store(u_long *buf)
68 {
69 	u_long rndval;
70 	int retry;
71 
72 	retry = RETRY_COUNT;
73 	__asm __volatile(
74 	    "1:\n\t"
75 	    "rdseed	%1\n\t"	/* read randomness into rndval */
76 	    "jc		2f\n\t" /* CF is set on success, exit retry loop */
77 	    "dec	%0\n\t" /* otherwise, retry-- */
78 	    "jne	1b\n\t" /* and loop if retries are not exhausted */
79 	    "2:"
80 	    : "+r" (retry), "=r" (rndval) : : "cc");
81 	*buf = rndval;
82 	return (retry != 0);
83 }
84 
85 /* It is required that buf length is a multiple of sizeof(u_long). */
86 static u_int
87 random_rdseed_read(void *buf, u_int c)
88 {
89 	u_long *b, rndval;
90 	u_int count;
91 
92 	KASSERT(c % sizeof(*b) == 0, ("partial read %d", c));
93 	b = buf;
94 	for (count = c; count > 0; count -= sizeof(*b)) {
95 		if (!x86_rdseed_store(&rndval))
96 			break;
97 		*b++ = rndval;
98 	}
99 	return (c - count);
100 }
101 
102 static int
103 rdseed_modevent(module_t mod, int type, void *unused)
104 {
105 	bool has_rdseed;
106 	int error = 0;
107 
108 	has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED);
109 
110 	switch (type) {
111 	case MOD_LOAD:
112 		if (has_rdseed && enabled) {
113 			random_source_register(&random_rdseed);
114 			printf("random: fast provider: \"%s\"\n", random_rdseed.rs_ident);
115 		}
116 		break;
117 
118 	case MOD_UNLOAD:
119 		if (has_rdseed)
120 			random_source_deregister(&random_rdseed);
121 		break;
122 
123 	case MOD_SHUTDOWN:
124 		break;
125 
126 	default:
127 		error = EOPNOTSUPP;
128 		break;
129 
130 	}
131 
132 	return (error);
133 }
134 
135 static moduledata_t rdseed_mod = {
136 	"rdseed",
137 	rdseed_modevent,
138 	0
139 };
140 
141 DECLARE_MODULE(rdseed, rdseed_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH);
142 MODULE_VERSION(rdseed, 1);
143 MODULE_DEPEND(rdseed, random_harvestq, 1, 1, 1);
144 
145 /*
146  * Intel's RDSEED Entropy Assessment Report min-entropy claim is 0.6 Shannons
147  * per bit of data output.  Rrefer to the following Entropy Source Validation
148  * (ESV) certificates:
149  *
150  *	E#87:	Junos OS Physical Entropy Source - Broadwell EP 10-Core Die
151  *		Broadwell-EP-10 FCLGA2011 Intel(R) Xeon(R) E5-2620 V4 Processor
152  *		https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/87
153  *		(URLs below omitted for brevity but follow same format.)
154  *
155  *	E#121:	Junos OS Physical Entropy Source - Intel Atom C3000 Series
156  *		(Denverton) 16 Core Die with FCBGA1310 Package
157  *
158  *	E#122:	Junos OS Physical Entropy Source - Intel Xeon D-1500 Family
159  *		(Broadwell) 8 Core Die with FCBGA1667 Package
160  *
161  *	E#123:	Junos OS Physical Entropy Source - Intel Xeon D-2100 Series
162  *		(Skylake) 18 Core Die with FCBGA2518 Package
163  *
164  *	E#141:	Junos OS Physical Entropy Source - Intel Xeon D-10 Series
165  *		(Ice Lake-D-10) Die with FCBGA2227 Package
166  *
167  *	E#169:	Junos OS Physical Entropy Source - Intel Xeon AWS-1000 v4 and
168  *		E5 v4 (Broadwell EP) 15 Core Die with FCLGA2011 Package
169  */
170