Hi Horia, Hi Heinrich,
Am 2020-06-04 10:05, schrieb Horia Geantă:
On 6/4/2020 5:31 AM, Heinrich Schuchardt wrote:
On 6/3/20 12:05 AM, Michael Walle wrote:
Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command.
Signed-off-by: Michael Walle michael@walle.cc
drivers/crypto/fsl/Kconfig | 11 +++++ drivers/crypto/fsl/Makefile | 1 + drivers/crypto/fsl/jobdesc.c | 9 ++++ drivers/crypto/fsl/jobdesc.h | 3 ++ drivers/crypto/fsl/jr.c | 9 ++++ drivers/crypto/fsl/rng.c | 84 ++++++++++++++++++++++++++++++++++++ 6 files changed, 117 insertions(+) create mode 100644 drivers/crypto/fsl/rng.c
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 181a1e5e99..5936b77494 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -45,3 +45,14 @@ config SYS_FSL_SEC_COMPAT
config SYS_FSL_SEC_LE bool "Little-endian access to Freescale Secure Boot"
+if FSL_CAAM
+config FSL_CAAM_RNG
- bool "Enable Random Number Generator support"
- depends on DM_RNG
- default y
- help
Enable support for the random number generator module of theCAAM.
Hello Michael,
when typing CAAM into Google I got a lot of answers but "Cryptographic Accelerator and Assurance Module" was not under the first 50 hits.
If this is a hardware RNG I think we should put this into the text.
Totally agree.
Well I was under the impression that UCLASS_RNG is just for hardware RNGs.
config DM_RNG bool "Driver support for Random Number Generator devices"
Whatever "device" means in that context. But I can certainly add that this is a h/w rng.
Besides other cryptographic services, CAAM offers: -a hardware RNG / TRNG -a PRNG / DRBG (SP800-90A compliant DRBG_Hash) - which is seeded from the TRNG
Together with that.
Both are accessible by SW, so clarifying what the driver does would be useful (unless DM_RNG / UCLASS_RNG already implies one or the other).
From what I see, driver added by Michael is using the PRNG / DRBG and not the TRNG. Is this acceptable?
Well there is no, expectation from UCLASS_RNG. EFI "blindly" uses the first RNG device.. so it is just a "better than nothing".
RNG is also used for the BLOB protocol. Will it interfere this if I instantiate the RNG with PR?
Conceptually this is similar to choosing between RDSEED vs. RDRDAND x86 instructions: https://software.intel.com/content/www/us/en/develop/blogs/the-difference-be...
So how about:
"Enable support the hardware random number generator of Freescale SOCs using the Cryptographic Accelerator and Assurance Module (CAAM)."
The CAAM acronym is expanded at the top of the same file, under FSL_CAAM's help: <<Enables the Freescale's Cryptographic Accelerator and Assurance Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses Job Ring as interface to communicate with CAAM.>>
This isn't apparent from the patch. But please note that the new kconfig option is "if FSL_CAAM", where CAAM is explained.
-michael