[PATCH v4] rockchip: board: Increase rng-seed size to make it sufficient for modern Linux
Increase rng-seed size to make Linux happy and initialize rng pool instantly. Linux 5.19+ requires 32 bytes of entropy to initialize random pool, but u-boot currently provides only 8 bytes. Linux 5.18 and probably some versions before it used to require 64 bytes. Bump min value to 64 bytes to be on a safe side.
Boot with 8 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 0.000000] random: crng init done
Linux source references: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") Reviewed-by: Dragan Simic dsimic@manjaro.org ---
Changes in v4: - fix typos and code style
Changes in v3: - reword warning - increase default rng_seed_size to support older linux as well - reword commit message
Changes in v2: - add env config knob rng_seed_size - add warning for small rng_seed_size - 12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index 3fadf7e412..ca6404776f 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,18 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev; - size_t len = 0x8; + ulong len = env_get_ulong("rng_seed_size", 10, 64); u64 *data;
+ if (len < 64) { + /* + * rng_seed_size should be at least 32 bytes for Linux 5.19+, + * or 64 for older Linux kernel versions + */ + log_warning("Value for rng_seed_size too low (%lu) and likely insufficient for the Linux RNG initialization\n", + len); + } + data = malloc(len); if (!data) { printf("Out of memory\n");
On 10/15/24 12:15 AM, Alex Shumsky wrote:
Increase rng-seed size to make Linux happy and initialize rng pool instantly. Linux 5.19+ requires 32 bytes of entropy to initialize random pool, but u-boot currently provides only 8 bytes. Linux 5.18 and probably some versions before it used to require 64 bytes. Bump min value to 64 bytes to be on a safe side.
Boot with 8 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 0.000000] random: crng init done
Linux source references: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") Reviewed-by: Dragan Simic dsimic@manjaro.org
Reviewed-by: Marek Vasut marex@denx.de
Thanks
Hello Alex,
On 2024-10-15 00:15, Alex Shumsky wrote:
Increase rng-seed size to make Linux happy and initialize rng pool instantly. Linux 5.19+ requires 32 bytes of entropy to initialize random pool, but u-boot currently provides only 8 bytes. Linux 5.18 and probably some versions before it used to require 64 bytes. Bump min value to 64 bytes to be on a safe side.
Boot with 8 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 0.000000] random: crng init done
Linux source references: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") Reviewed-by: Dragan Simic dsimic@manjaro.org
Changes in v4:
- fix typos and code style
The v4 is looking good, thanks!
Changes in v3:
- reword warning
- increase default rng_seed_size to support older linux as well
- reword commit message
Changes in v2:
- add env config knob rng_seed_size
- add warning for small rng_seed_size
- 12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index 3fadf7e412..ca6404776f 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,18 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev;
- size_t len = 0x8;
ulong len = env_get_ulong("rng_seed_size", 10, 64); u64 *data;
if (len < 64) {
/** rng_seed_size should be at least 32 bytes for Linux 5.19+,* or 64 for older Linux kernel versions*/log_warning("Value for rng_seed_size too low (%lu) and likelyinsufficient for the Linux RNG initialization\n",
len);- }
- data = malloc(len); if (!data) { printf("Out of memory\n");
Hi Alex,
On 10/15/24 12:15 AM, Alex Shumsky wrote:
Increase rng-seed size to make Linux happy and initialize rng pool instantly. Linux 5.19+ requires 32 bytes of entropy to initialize random pool, but u-boot currently provides only 8 bytes. Linux 5.18 and probably some versions before it used to require 64 bytes. Bump min value to 64 bytes to be on a safe side.
Boot with 8 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 0.000000] random: crng init done
Linux source references: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv...
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") Reviewed-by: Dragan Simic dsimic@manjaro.org
Changes in v4:
- fix typos and code style
Changes in v3:
- reword warning
- increase default rng_seed_size to support older linux as well
- reword commit message
Changes in v2:
add env config knob rng_seed_size
add warning for small rng_seed_size
12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/board.c index 3fadf7e412..ca6404776f 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,18 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev;
- size_t len = 0x8;
- ulong len = env_get_ulong("rng_seed_size", 10, 64);
I'm wondering if we have somewhere some documentation on the environment variables that exist and what they used for because this would be a nice addition. At the very least, we can mention this variable in: - include/fdt_support.h for the function - common/Kconfig for the symbol
I'm also a bit torn on the base though, I think the assumed base is generally hex and not dec, so maybe we should rather have that?
Looking good otherwise :)
Cheers, Quentin
On Tue, Oct 15, 2024 at 12:34 PM Quentin Schulz quentin.schulz@cherry.de wrote:
I'm wondering if we have somewhere some documentation on the environment variables that exist and what they used for because this would be a nice addition. At the very least, we can mention this variable in:
- include/fdt_support.h for the function
- common/Kconfig for the symbol
I'm not sure if we can expect that all boards can implement the rng_seed_size config knob? Currently rockchip is the only board that implements board_rng_seed.
common/Kconfig BOARD_RNG_SEED description looks rather generic:
It is up to the board code (and more generally the whole BSP) where and how to store (or generate) such a seed, how to ensure a given seed is only used once, how to create a new seed for use on subsequent boots, and whether or not the kernel should account any entropy from the given seed.
I'm also a bit torn on the base though, I think the assumed base is generally hex and not dec, so maybe we should rather have that?
We need a poll here ) Marek Vasut prefers decimal.
Hi Alex,
On 10/15/24 2:42 PM, Alex Shumsky wrote:
On Tue, Oct 15, 2024 at 12:34 PM Quentin Schulz quentin.schulz@cherry.de wrote:
I'm wondering if we have somewhere some documentation on the environment variables that exist and what they used for because this would be a nice addition. At the very least, we can mention this variable in:
- include/fdt_support.h for the function
- common/Kconfig for the symbol
I'm not sure if we can expect that all boards can implement the rng_seed_size config knob? Currently rockchip is the only board that implements board_rng_seed.
That;s the neat part, we're the only implementation so far, so we kinda get to say what's supposed to be "standard". I think allowing to get a specific size makes sense generally.
Basically, I would like to avoid 1) people not knowing how to change this value 2) avoid having different implementations using a different environment variable.
Tom has just told me on IRC that we have doc/usage/environment.rst for environment variables' documentation, so that would be a good place to put some documentation for this new variable :)
common/Kconfig BOARD_RNG_SEED description looks rather generic:
It is up to the board code (and more generally the whole BSP) where and how to store (or generate) such a seed, how to ensure a given seed is only used once, how to create a new seed for use on subsequent boots, and whether or not the kernel should account any entropy from the given seed.
I'm also a bit torn on the base though, I think the assumed base is generally hex and not dec, so maybe we should rather have that?
We need a poll here ) Marek Vasut prefers decimal.
Hehe, I think this "debate" will never end, I already had it with Simon and Tom a few weeks ago. The "issue" is that once that's decided, we cannot really change it as that would basically break compatibility (new env with old U-Boot or vice-versa). Not a blocker as such, but needs to make sure it's aligned with expectations.
https://docs.u-boot.org/en/latest/usage/cmdline.html#representing-numbers
Cheers, Quentin
On 10/15/24 11:34 AM, Quentin Schulz wrote:
Hi Alex,
On 10/15/24 12:15 AM, Alex Shumsky wrote:
Increase rng-seed size to make Linux happy and initialize rng pool instantly. Linux 5.19+ requires 32 bytes of entropy to initialize random pool, but u-boot currently provides only 8 bytes. Linux 5.18 and probably some versions before it used to require 64 bytes. Bump min value to 64 bytes to be on a safe side.
Boot with 8 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 12.089286] random: crng init done Boot with 32 byte rng-seed (Linux 6.11): # dmesg | grep crng [ 0.000000] random: crng init done
Linux source references: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ tree/drivers/char/random.c?h=v5.19#n551 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ tree/drivers/char/random.c?h=v5.18#n236
Signed-off-by: Alex Shumsky alexthreed@gmail.com Fixes: d2048bafae40 ("rockchip: board: Add board_rng_seed() for all Rockchip devices") Reviewed-by: Dragan Simic dsimic@manjaro.org
Changes in v4:
- fix typos and code style
Changes in v3:
- reword warning
- increase default rng_seed_size to support older linux as well
- reword commit message
Changes in v2:
- add env config knob rng_seed_size
- add warning for small rng_seed_size
- 12-character commit SHA in Fixes
arch/arm/mach-rockchip/board.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-rockchip/board.c b/arch/arm/mach-rockchip/ board.c index 3fadf7e412..ca6404776f 100644 --- a/arch/arm/mach-rockchip/board.c +++ b/arch/arm/mach-rockchip/board.c @@ -472,9 +472,18 @@ __weak int misc_init_r(void) __weak int board_rng_seed(struct abuf *buf) { struct udevice *dev; - size_t len = 0x8; + ulong len = env_get_ulong("rng_seed_size", 10, 64);
I'm wondering if we have somewhere some documentation on the environment variables that exist and what they used for because this would be a nice addition. At the very least, we can mention this variable in:
- include/fdt_support.h for the function
- common/Kconfig for the symbol
I'm also a bit torn on the base though, I think the assumed base is generally hex and not dec, so maybe we should rather have that?
It is a decimal number, similar to e.g. bootcount , hence base 10 .
participants (4)
-
Alex Shumsky -
Dragan Simic -
Marek Vasut -
Quentin Schulz