[v4,1/6] crypto: caam - RNG4 TRNG errata
diff mbox series

Message ID 20191121155554.1227-2-andrew.smirnov@gmail.com
State Superseded
Delegated to: Herbert Xu
Headers show
Series
  • enable CAAM's HWRNG as default
Related show

Commit Message

Andrey Smirnov Nov. 21, 2019, 3:55 p.m. UTC
The TRNG as used in RNG4, used in CAAM has a documentation issue. The
effect is that it is possible that the entropy used to instantiate the
DRBG may be old entropy, rather than newly generated entropy. There is
proper programming guidance, but it is not in the documentation.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com>
[andrew.smirnov@gmail.com ported to upstream kernel]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-imx@nxp.com
---
 drivers/crypto/caam/ctrl.c | 11 ++++++++---
 drivers/crypto/caam/regs.h |  3 ++-
 2 files changed, 10 insertions(+), 4 deletions(-)

Comments

Horia Geanta Nov. 25, 2019, 8:02 a.m. UTC | #1
On 11/21/2019 5:56 PM, Andrey Smirnov wrote:
> The TRNG as used in RNG4, used in CAAM has a documentation issue. The
I assume the "erratum" consists in RTMCTL[TRNG_ACC] bit
not being documented, correct?

Is there an ID of the erratum?
Or at least do you know what parts / SoCs have incorrect documentation?

> effect is that it is possible that the entropy used to instantiate the
> DRBG may be old entropy, rather than newly generated entropy. There is
> proper programming guidance, but it is not in the documentation.
> 
Is the "programming guidance" public?

Thanks,
Horia
Andrey Smirnov Nov. 25, 2019, 1:21 p.m. UTC | #2
On Mon, Nov 25, 2019 at 12:02 AM Horia Geanta <horia.geanta@nxp.com> wrote:
>
> On 11/21/2019 5:56 PM, Andrey Smirnov wrote:
> > The TRNG as used in RNG4, used in CAAM has a documentation issue. The
> I assume the "erratum" consists in RTMCTL[TRNG_ACC] bit
> not being documented, correct?
>
> Is there an ID of the erratum?
> Or at least do you know what parts / SoCs have incorrect documentation?
>
> > effect is that it is possible that the entropy used to instantiate the
> > DRBG may be old entropy, rather than newly generated entropy. There is
> > proper programming guidance, but it is not in the documentation.
> >
> Is the "programming guidance" public?
>

I don't know the answers to any of those questions. I am not the
original author of this change, just ported if from NXP tree because
it seemed important. More than happy to drop this if you think it's
bogus.

Thanks,
Andrey Smirnov
Horia Geanta Nov. 26, 2019, 7:44 a.m. UTC | #3
On 11/25/2019 3:22 PM, Andrey Smirnov wrote:
> On Mon, Nov 25, 2019 at 12:02 AM Horia Geanta <horia.geanta@nxp.com> wrote:
>>
>> On 11/21/2019 5:56 PM, Andrey Smirnov wrote:
>>> The TRNG as used in RNG4, used in CAAM has a documentation issue. The
>> I assume the "erratum" consists in RTMCTL[TRNG_ACC] bit
>> not being documented, correct?
>>
>> Is there an ID of the erratum?
>> Or at least do you know what parts / SoCs have incorrect documentation?
>>
>>> effect is that it is possible that the entropy used to instantiate the
>>> DRBG may be old entropy, rather than newly generated entropy. There is
>>> proper programming guidance, but it is not in the documentation.
>>>
>> Is the "programming guidance" public?
>>
> 
> I don't know the answers to any of those questions. I am not the
> original author of this change, just ported if from NXP tree because
> it seemed important. More than happy to drop this if you think it's
> bogus.
> 
The implementation is fine.
I am just trying to understand the commit message.

Maybe Aymen, as author, could help.
Otherwise I suggest rewriting it, i.e. drop the mention of an erratum
and just say what's the problem in the RNG initialization code.

Thanks,
Horia

Patch
diff mbox series

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index d7c3c3805693..df4db10e9fca 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -338,8 +338,12 @@  static void kick_trng(struct platform_device *pdev, int ent_delay)
 	ctrl = (struct caam_ctrl __iomem *)ctrlpriv->ctrl;
 	r4tst = &ctrl->r4tst[0];
 
-	/* put RNG4 into program mode */
-	clrsetbits_32(&r4tst->rtmctl, 0, RTMCTL_PRGM);
+	/*
+	 * Setting both RTMCTL:PRGM and RTMCTL:TRNG_ACC causes TRNG to
+	 * properly invalidate the entropy in the entropy register and
+	 * force re-generation.
+	 */
+	clrsetbits_32(&r4tst->rtmctl, 0, RTMCTL_PRGM | RTMCTL_ACC);
 
 	/*
 	 * Performance-wise, it does not make sense to
@@ -369,7 +373,8 @@  static void kick_trng(struct platform_device *pdev, int ent_delay)
 	 * select raw sampling in both entropy shifter
 	 * and statistical checker; ; put RNG4 into run mode
 	 */
-	clrsetbits_32(&r4tst->rtmctl, RTMCTL_PRGM, RTMCTL_SAMP_MODE_RAW_ES_SC);
+	clrsetbits_32(&r4tst->rtmctl, RTMCTL_PRGM | RTMCTL_ACC,
+		      RTMCTL_SAMP_MODE_RAW_ES_SC);
 }
 
 static int caam_get_era_from_hw(struct caam_ctrl __iomem *ctrl)
diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index 05127b70527d..c191e8fd0fa7 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -487,7 +487,8 @@  struct rngtst {
 
 /* RNG4 TRNG test registers */
 struct rng4tst {
-#define RTMCTL_PRGM	0x00010000	/* 1 -> program mode, 0 -> run mode */
+#define RTMCTL_ACC  BIT(5)  /* TRNG access mode */
+#define RTMCTL_PRGM BIT(16) /* 1 -> program mode, 0 -> run mode */
 #define RTMCTL_SAMP_MODE_VON_NEUMANN_ES_SC	0 /* use von Neumann data in
 						     both entropy shifter and
 						     statistical checker */