Re: random number generator missing after upgrade
On Sun, Aug 13, 2023 at 5:13 AM Björn Persson <Bjorn@rombobjörn.se> wrote:
>
> Hello, I upgraded from Debian 11 to Debian 12, and my random number
> generator disappeared.
>
> When I boot vmlinuz-5.10.0-23-amd64, there are two hardware random
> number generators available:
>
> # cat /sys/class/misc/hw_random/rng_available
> ccp-1-rng tpm-rng-0
>
> ccp-1-rng is nonfunctional because AMD's "Cryptographic Coprocessor" is
> too secretive to work with Coreboot, so I've been using tpm-rng-0.
>
> When I boot vmlinuz-6.1.0-11-amd64, there is no tpm-rng-0. Only the
> nonfunctional ccp-1-rng is available:
>
> # cat /sys/class/misc/hw_random/rng_available
> ccp-1-rng
>
> The hardware is an APU2 from PC Engines with this TPM board:
> https://www.pcengines.ch/tpm1a.htm
> The actual TPM seems to be SLB 9665TT2.0 from Infineon, (although the
> writing on the actual chip differs from Infineon's rendering):
> https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9665tt2.0/
>
> The TPM seems to still exist as /dev/tpm0, but its random number
> generator is somehow unavailable.
>
> Rebooting to Linux 5.10 makes tpm-rng-0 reappear and provide seemingly
> random numbers like it always did. That rules out a hardware problem.
> It's some difference between the two kernels, but so far I haven't found
> anything obvious in the Linux source code.
>
> Is there anything that can be done, or is support for this random number
> generator just gone from Linux 6.1?
Maybe related to https://www.phoronix.com/news/Linux-Disables-RNG-AMD-fTPMs
Jeff
Reply to: