RNG
From A110 Wiki
The VIA C7-M ULV CPU in the A110 contains a hardware random number generator (RNG) (part of the VIA Padlock system) which can be used for various purposes.
It's quality was proven on several benchmarks on BSD UNIX, and has also been evaluated in c't Magazin, issue 2/2009. VIA/Centaur recommends to run through start-up tests to verify the VIA Padlock engine is not damaged and delivers randomness, as required by certain industrial standards. But hardly ever, a formerly working CPU fails with only VIA Padlock being impaired. For all practical purposes, those startup tests are not so vital. Under USBoot all essential features are properly recognized as demonstrated by tools like portable "SIV sys info vwer".
Contents |
Linux kernel module
In order to be able use the RNG you have to load the via-rng kernel module (it's included in mainline 2.6.25):
$ modprobe via-rng
rngd
TODO
OpenSSL
Per default OpenSSL will not make use of the RNG (which is part of the VIA Padlock system), and that's on purpose:
$ openssl engine (padlock) VIA PadLock (no-RNG, ACE) (dynamic) Dynamic engine loading support
(note the no-RNG)
The OpenSSL source file crypto/engine/eng_padlock.c says:
/* * This code is not engaged. The reason is that it does not comply * with recommendations for VIA RNG usage for secure applications * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it * provide meaningful error control... */
You could enable the usage of the RNG by patching and rebuilding OpenSSL, but it's questionable whether that's a good idea (see above comment).
PolarSSL/XySSL
PolarSSL (previously XySSL) also supports VIA Padlock since release 0.8 (October 2008).
Testing
JCryptool is written in Java and runs on pentoo. It is an open sourced cryto GUI. Since the VIA-supplied JCE relies on a Windows-DLL, Linux support for PADLOCK in Java and RNG is somewhat hackish. pentoo make it easy to get there, though.
