Re: [PATCH 4/4] crypto/fsl: add RNG support

Thu, 04 Jun 2020 03:29:26 -0700 

Hi Horia, Hi Heinrich,

Am 2020-06-04 10:05, schrieb Horia Geantă:

On 6/4/2020 5:31 AM, Heinrich Schuchardt wrote:

On 6/3/20 12:05 AM, Michael Walle wrote:
Register the random number generator with the rng subsystem in u-boot. 
This way it can be used by EFI as well as for the 'rng' command.

Signed-off-by: Michael Walle <mich...@walle.cc>
---
 drivers/crypto/fsl/Kconfig   | 11 +++++
 drivers/crypto/fsl/Makefile  |  1 +
 drivers/crypto/fsl/jobdesc.c |  9 ++++
 drivers/crypto/fsl/jobdesc.h |  3 ++
 drivers/crypto/fsl/jr.c      |  9 ++++
drivers/crypto/fsl/rng.c | 84 ++++++++++++++++++++++++++++++++++++ 
 6 files changed, 117 insertions(+)
 create mode 100644 drivers/crypto/fsl/rng.c

diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
index 181a1e5e99..5936b77494 100644
--- a/drivers/crypto/fsl/Kconfig
+++ b/drivers/crypto/fsl/Kconfig
@@ -45,3 +45,14 @@ config SYS_FSL_SEC_COMPAT

 config SYS_FSL_SEC_LE
        bool "Little-endian access to Freescale Secure Boot"
+
+if FSL_CAAM
+
+config FSL_CAAM_RNG
+       bool "Enable Random Number Generator support"
+       depends on DM_RNG
+       default y
+       help
+ Enable support for the random number generator module of the CAAM. 

Hello Michael,

when typing CAAM into Google I got a lot of answers but "Cryptographic
Accelerator and Assurance Module" was not under the first 50 hits.

If this is a hardware RNG I think we should put this into the text.


Totally agree.


Well I was under the impression that UCLASS_RNG is just for hardware
RNGs.

config DM_RNG
        bool "Driver support for Random Number Generator devices"

Whatever "device" means in that context. But I can certainly add
that this is a h/w rng.


Besides other cryptographic services, CAAM offers:
-a hardware RNG / TRNG
-a PRNG / DRBG (SP800-90A compliant DRBG_Hash) - which is seeded
from the TRNG


Together with that.


Both are accessible by SW, so clarifying what the driver does
would be useful (unless DM_RNG / UCLASS_RNG already implies
one or the other).

From what I see, driver added by Michael is using the PRNG / DRBG
and not the TRNG. Is this acceptable?


Well there is no, expectation from UCLASS_RNG. EFI "blindly" uses
the first RNG device.. so it is just a "better than nothing".

RNG is also used for the BLOB protocol. Will it interfere this if
I instantiate the RNG with PR?


Conceptually this is similar to choosing between
RDSEED vs. RDRDAND x86 instructions:
https://software.intel.com/content/www/us/en/develop/blogs/the-difference-between-rdrand-and-rdseed.html


So how about:

"Enable support the hardware random number generator of Freescale SOCs
using the Cryptographic Accelerator and Assurance Module (CAAM)."


The CAAM acronym is expanded at the top of the same file,
under FSL_CAAM's help:
<<Enables the Freescale's Cryptographic Accelerator and Assurance
Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses
Job Ring as interface to communicate with CAAM.>>


This isn't apparent from the patch. But please note that the new kconfig
option is "if FSL_CAAM", where CAAM is explained.

-michael

Reply via email to