On 6/4/2020 5:31 AM, Heinrich Schuchardt wrote:
On 6/3/20 12:05 AM, Michael Walle wrote:
Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command.
Signed-off-by: Michael Walle michael@walle.cc
drivers/crypto/fsl/Kconfig | 11 +++++ drivers/crypto/fsl/Makefile | 1 + drivers/crypto/fsl/jobdesc.c | 9 ++++ drivers/crypto/fsl/jobdesc.h | 3 ++ drivers/crypto/fsl/jr.c | 9 ++++ drivers/crypto/fsl/rng.c | 84 ++++++++++++++++++++++++++++++++++++ 6 files changed, 117 insertions(+) create mode 100644 drivers/crypto/fsl/rng.c
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 181a1e5e99..5936b77494 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -45,3 +45,14 @@ config SYS_FSL_SEC_COMPAT
config SYS_FSL_SEC_LE bool "Little-endian access to Freescale Secure Boot"
+if FSL_CAAM
+config FSL_CAAM_RNG
- bool "Enable Random Number Generator support"
- depends on DM_RNG
- default y
- help
Enable support for the random number generator module of the CAAM.Hello Michael,
when typing CAAM into Google I got a lot of answers but "Cryptographic Accelerator and Assurance Module" was not under the first 50 hits.
If this is a hardware RNG I think we should put this into the text.
Totally agree.
Besides other cryptographic services, CAAM offers: -a hardware RNG / TRNG -a PRNG / DRBG (SP800-90A compliant DRBG_Hash) - which is seeded from the TRNG
Both are accessible by SW, so clarifying what the driver does would be useful (unless DM_RNG / UCLASS_RNG already implies one or the other).
From what I see, driver added by Michael is using the PRNG / DRBG
and not the TRNG. Is this acceptable?
Conceptually this is similar to choosing between RDSEED vs. RDRDAND x86 instructions: https://software.intel.com/content/www/us/en/develop/blogs/the-difference-be...
So how about:
"Enable support the hardware random number generator of Freescale SOCs using the Cryptographic Accelerator and Assurance Module (CAAM)."
The CAAM acronym is expanded at the top of the same file, under FSL_CAAM's help: <<Enables the Freescale's Cryptographic Accelerator and Assurance Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses Job Ring as interface to communicate with CAAM.>>
Horia