<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
# $NetBSD: README.seagate,v 1.5 2005/12/11 12:22:02 christos Exp $
The hardware:
The ST01/02, and Future Domain 950 are very simple SCSI controllers. They are
not busmastering, so the processor must do all transfers a la IDE. They support
blind transfer by adding wait states (up to a certain limit). Interrupt is
generated for reconnect and parity errors (maybe also for some other events).
The card consists of one command port that writes to scsi control lines, reads
status lines, and a data port that read/writes to the 8 data lines. The address
decoding gives both data and control ports large memory areas to a single
port. This is used by the code.
The ST01/02 differs from the FD950 in memory address location and SCSI id.
Probing for the card:
A card is recognized by comparing the BIOS signature with known signatures. A
new card may not be recognized if the BIOS signature has changed. Please send
new signatures to me.
Driver function:
A scsi command is sent to scsi_cmd function. The command is either placed in
the queue or an retryable message is returned. The routine may wait for
completion of the command depending on the supplied flags. A timer is started
for every command placed in the queue. The commands are added in the order they
are received. There is a possiblity to make all REQUEST SENSE commands be
queued before all other commands, but I dont think it is a good thing (Linux
do however use this).
The card is mostly controlled by the sea_main function. It is called by
scsi_cmd, the interrupt routine, and the timeout routine. The sea_main routine
runs as long there are something to do (transfer data, issue queued commands,
and handle reconnected commands).
The data transfers may be done in two different ways: Blind and polled
transfers. They differ in the way the driver does it handshaking with the
target. During a blind transfer, the driver code blindly transfers a block
of data without checking for changed phase. During polled transfers, the
phase is checked between every character transfered. The polled transfers
are always used for status information and command transfers.
Because the card does not use DMA in any way, there is no need to handle
physical addresses. There is no problem with the isa-bus address limit of
16MB, making bounce-buffers unnecessary.
The data structures:
Every card has a sea_softc structure keeping the queues of commands waiting to
be issued, and commands currently disconnected. The type of card (Seagate or
Future Domain), data and control port addresses, scsi id, busy flags for all
possible targets, and interrupt vector for the card.
Every scsi command to be issued are stored in a sea_scb structure. It contains
a flag describing status/error of the command, current data buffer position,
and number of bytes remaining to be transfered.
PROBLEMS
I have had problems getting the ST02 boot using the boot floppies. I think it
is some problem with BIOS calls not working. It is unfortunately impossible to
disconnect the ST02 floppy controller.
I have had problem to get the driver talk to a 40 MB Seagate disk. I dont have
access to it any more, so I can't do any more checks on that.
NOTE: The ST02 creates its own description of the disk attached. This is not
the same as the disk says. This translation problem may cause problems when
sharing a disk between both DOS and BSD. It is however not impossible.
3afd44cf08