[RFC v2 0/2] rng: Provide a RNG based on the RISC-V Zkr ISA extension
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
If the seed CSR readable, is not determinable by S-mode without risking an exception. For safe driver probing allow to resume via a longjmp after an exception.
As the driver depends on mseccfg.sseed=1 we should wait with merging the driver until a decision has been taken in the RISC-V PRS TG on prescribing this.
Heinrich Schuchardt (2): riscv: allow resume after exception rng: Provide a RNG based on the RISC-V Zkr ISA extension
arch/riscv/lib/interrupts.c | 13 ++++ drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ include/interrupt.h | 22 +++++++ 5 files changed, 160 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c create mode 100644 include/interrupt.h
If CSRs like seed are readable by S-mode, may not be determinable by S-mode. For safe driver probing allow to resume via a longjmp after an exception.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- v2: new patch --- arch/riscv/lib/interrupts.c | 13 +++++++++++++ include/interrupt.h | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 include/interrupt.h
diff --git a/arch/riscv/lib/interrupts.c b/arch/riscv/lib/interrupts.c index 02dbcfd423..a26ccc721f 100644 --- a/arch/riscv/lib/interrupts.c +++ b/arch/riscv/lib/interrupts.c @@ -12,6 +12,7 @@ #include <linux/compat.h> #include <efi_loader.h> #include <hang.h> +#include <interrupt.h> #include <irq_func.h> #include <asm/global_data.h> #include <asm/ptrace.h> @@ -21,6 +22,13 @@
DECLARE_GLOBAL_DATA_PTR;
+static struct resume_data *resume; + +void set_resume(struct resume_data *data) +{ + resume = data; +} + static void show_efi_loaded_images(uintptr_t epc) { efi_print_image_infos((void *)epc); @@ -105,6 +113,11 @@ static void _exit_trap(ulong code, ulong epc, ulong tval, struct pt_regs *regs) "Store/AMO page fault", };
+ if (resume) { + resume->code = code; + longjmp(resume->jump, 1); + } + if (code < ARRAY_SIZE(exception_code)) printf("Unhandled exception: %s\n", exception_code[code]); else diff --git a/include/interrupt.h b/include/interrupt.h new file mode 100644 index 0000000000..1baa60bcf2 --- /dev/null +++ b/include/interrupt.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include <asm/setjmp.h> + +/** + * struct resume_data - data for resume after interrupt + */ +struct resume_data { + /** @jump: longjmp buffer */ + jmp_buf jump; + /** @code: exception code */ + ulong code; +}; + +/** + * set_resume() - set longjmp buffer for resuming after interrupt + * + * When resuming the exception code will be returned in @data->code. + * + * @data: pointer to structure with longjmp address + */ +void set_resume(struct resume_data *data);
On Sun, Oct 29, 2023 at 09:45:32AM +0100, Heinrich Schuchardt wrote:
If CSRs like seed are readable by S-mode, may not be determinable by S-mode. For safe driver probing allow to resume via a longjmp after an exception.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: new patch
arch/riscv/lib/interrupts.c | 13 +++++++++++++ include/interrupt.h | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 include/interrupt.h
Reviewed-by: Leo Yu-Chi Liang ycliang@andestech.com
setjmp can be called in set_resume.
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:56写道:
If CSRs like seed are readable by S-mode, may not be determinable by S-mode. For safe driver probing allow to resume via a longjmp after an exception.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: new patch
arch/riscv/lib/interrupts.c | 13 +++++++++++++ include/interrupt.h | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 include/interrupt.h
diff --git a/arch/riscv/lib/interrupts.c b/arch/riscv/lib/interrupts.c index 02dbcfd423..a26ccc721f 100644 --- a/arch/riscv/lib/interrupts.c +++ b/arch/riscv/lib/interrupts.c @@ -12,6 +12,7 @@ #include <linux/compat.h> #include <efi_loader.h> #include <hang.h> +#include <interrupt.h> #include <irq_func.h> #include <asm/global_data.h> #include <asm/ptrace.h> @@ -21,6 +22,13 @@
DECLARE_GLOBAL_DATA_PTR;
+static struct resume_data *resume;
+void set_resume(struct resume_data *data) +{
resume = data;+}
static void show_efi_loaded_images(uintptr_t epc) { efi_print_image_infos((void *)epc); @@ -105,6 +113,11 @@ static void _exit_trap(ulong code, ulong epc, ulong tval, struct pt_regs *regs) "Store/AMO page fault", };
if (resume) {resume->code = code;longjmp(resume->jump, 1);}if (code < ARRAY_SIZE(exception_code)) printf("Unhandled exception: %s\n", exception_code[code]); elsediff --git a/include/interrupt.h b/include/interrupt.h new file mode 100644 index 0000000000..1baa60bcf2 --- /dev/null +++ b/include/interrupt.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */
+#include <asm/setjmp.h>
+/**
- struct resume_data - data for resume after interrupt
- */
+struct resume_data {
/** @jump: longjmp buffer */jmp_buf jump;/** @code: exception code */ulong code;+};
+/**
- set_resume() - set longjmp buffer for resuming after interrupt
- When resuming the exception code will be returned in @data->code.
- @data: pointer to structure with longjmp address
- */
+void set_resume(struct resume_data *data);
2.40.1
On 10/31/23 09:53, Xiang W wrote:
setjmp can be called in set_resume.
Unfortunately this is not possible. A longjmp buffer only stores register values and not the stack content.
Let's assume that setjmp() is moved into set_resume():
Let a function call set_resume(). The caller's address will be on the stack. Once the set_resume returns and the caller invokes another function the original stack content will be overwritten. When an exception occurs the longjmp will reenter set_resume() with the original stack pointer value pointing to a stack that does not match the original call to set_resume and set_resume will return to a random address.
Best regards
Heinrich
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:56写道:
If CSRs like seed are readable by S-mode, may not be determinable by S-mode. For safe driver probing allow to resume via a longjmp after an exception.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: new patch
arch/riscv/lib/interrupts.c | 13 +++++++++++++ include/interrupt.h | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 include/interrupt.h
diff --git a/arch/riscv/lib/interrupts.c b/arch/riscv/lib/interrupts.c index 02dbcfd423..a26ccc721f 100644 --- a/arch/riscv/lib/interrupts.c +++ b/arch/riscv/lib/interrupts.c @@ -12,6 +12,7 @@ #include <linux/compat.h> #include <efi_loader.h> #include <hang.h> +#include <interrupt.h> #include <irq_func.h> #include <asm/global_data.h> #include <asm/ptrace.h> @@ -21,6 +22,13 @@
DECLARE_GLOBAL_DATA_PTR;
+static struct resume_data *resume;
+void set_resume(struct resume_data *data) +{
resume = data;+}
- static void show_efi_loaded_images(uintptr_t epc) { efi_print_image_infos((void *)epc);
@@ -105,6 +113,11 @@ static void _exit_trap(ulong code, ulong epc, ulong tval, struct pt_regs *regs) "Store/AMO page fault", };
if (resume) {resume->code = code;longjmp(resume->jump, 1);}if (code < ARRAY_SIZE(exception_code)) printf("Unhandled exception: %s\n", exception_code[code]); elsediff --git a/include/interrupt.h b/include/interrupt.h new file mode 100644 index 0000000000..1baa60bcf2 --- /dev/null +++ b/include/interrupt.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */
+#include <asm/setjmp.h>
+/**
- struct resume_data - data for resume after interrupt
- */
+struct resume_data {
/** @jump: longjmp buffer */jmp_buf jump;/** @code: exception code */ulong code;+};
+/**
- set_resume() - set longjmp buffer for resuming after interrupt
- When resuming the exception code will be returned in @data->code.
- @data: pointer to structure with longjmp address
- */
+void set_resume(struct resume_data *data);
2.40.1
Thank you, I understand.
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月31日周二 20:09写道:
On 10/31/23 09:53, Xiang W wrote:
setjmp can be called in set_resume.
Unfortunately this is not possible. A longjmp buffer only stores register values and not the stack content.
Let's assume that setjmp() is moved into set_resume():
Let a function call set_resume(). The caller's address will be on the stack. Once the set_resume returns and the caller invokes another function the original stack content will be overwritten. When an exception occurs the longjmp will reenter set_resume() with the original stack pointer value pointing to a stack that does not match the original call to set_resume and set_resume will return to a random address.
Best regards
Heinrich
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:56写道:
If CSRs like seed are readable by S-mode, may not be determinable by S-mode. For safe driver probing allow to resume via a longjmp after an exception.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: new patch
arch/riscv/lib/interrupts.c | 13 +++++++++++++ include/interrupt.h | 22 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 include/interrupt.h
diff --git a/arch/riscv/lib/interrupts.c b/arch/riscv/lib/interrupts.c index 02dbcfd423..a26ccc721f 100644 --- a/arch/riscv/lib/interrupts.c +++ b/arch/riscv/lib/interrupts.c @@ -12,6 +12,7 @@ #include <linux/compat.h> #include <efi_loader.h> #include <hang.h> +#include <interrupt.h> #include <irq_func.h> #include <asm/global_data.h> #include <asm/ptrace.h> @@ -21,6 +22,13 @@
DECLARE_GLOBAL_DATA_PTR;
+static struct resume_data *resume;
+void set_resume(struct resume_data *data) +{
resume = data;+}
- static void show_efi_loaded_images(uintptr_t epc) { efi_print_image_infos((void *)epc);
@@ -105,6 +113,11 @@ static void _exit_trap(ulong code, ulong epc, ulong tval, struct pt_regs *regs) "Store/AMO page fault", };
if (resume) {resume->code = code;longjmp(resume->jump, 1);}if (code < ARRAY_SIZE(exception_code)) printf("Unhandled exception: %s\n", exception_code[code]); elsediff --git a/include/interrupt.h b/include/interrupt.h new file mode 100644 index 0000000000..1baa60bcf2 --- /dev/null +++ b/include/interrupt.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */
+#include <asm/setjmp.h>
+/**
- struct resume_data - data for resume after interrupt
- */
+struct resume_data {
/** @jump: longjmp buffer */jmp_buf jump;/** @code: exception code */ulong code;+};
+/**
- set_resume() - set longjmp buffer for resuming after interrupt
- When resuming the exception code will be returned in @data->code.
- @data: pointer to structure with longjmp address
- */
+void set_resume(struct resume_data *data);
2.40.1
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- v2: Resume after exception if seed CSR cannot be read. --- drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 994cc35b27..4f6e367169 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -48,6 +48,14 @@ config RNG_OPTEE accessible to normal world but reserved and used by the OP-TEE to avoid the weakness of a software PRNG.
+config RNG_RISCV_ZKR + bool "RISC-V Zkr random number generator" + depends on RISCV_SMODE + help + This driver provides a Random Number Generator based on the + Zkr RISC-V ISA extension which provides an interface to an + NIST SP 800-90B or BSI AIS-31 compliant physical entropy source. + config RNG_STM32 bool "Enable random number generator for STM32" depends on ARCH_STM32 || ARCH_STM32MP diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index 47b323e61e..a5d3ca4130 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_RNG_MSM) += msm_rng.o obj-$(CONFIG_RNG_NPCM) += npcm_rng.o obj-$(CONFIG_RNG_OPTEE) += optee_rng.o obj-$(CONFIG_RNG_STM32) += stm32_rng.o +obj-$(CONFIG_RNG_RISCV_ZKR) += riscv_zkr_rng.o obj-$(CONFIG_RNG_ROCKCHIP) += rockchip_rng.o obj-$(CONFIG_RNG_IPROC200) += iproc_rng200.o obj-$(CONFIG_RNG_SMCCC_TRNG) += smccc_trng.o diff --git a/drivers/rng/riscv_zkr_rng.c b/drivers/rng/riscv_zkr_rng.c new file mode 100644 index 0000000000..8c9e111e2e --- /dev/null +++ b/drivers/rng/riscv_zkr_rng.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * The RISC-V Zkr extension provides CSR seed which provides access to a + * random number generator. + */ + +#define LOG_CATEGORY UCLASS_RNG + +#include <dm.h> +#include <interrupt.h> +#include <log.h> +#include <rng.h> + +#define DRIVER_NAME "riscv_zkr" + +enum opst { + /** @BIST: built in self test running */ + BIST = 0b00, + /** @WAIT: sufficient amount of entropy is not yet available */ + WAIT = 0b01, + /** @ES16: 16bits of entropy available */ + ES16 = 0b10, + /** @DEAD: unrecoverable self-test error */ + DEAD = 0b11, +}; + +static unsigned long read_seed(void) +{ + unsigned long ret; + + __asm__ __volatile__("csrrw %0, seed, x0" : "=r" (ret) : : "memory"); + + return ret; +} + +static int riscv_zkr_read(struct udevice *dev, void *data, size_t len) +{ + u8 *ptr = data; + + while (len) { + u32 val; + + val = read_seed(); + + switch (val >> 30) { + case BIST: + continue; + case WAIT: + continue; + case ES16: + *ptr++ = val & 0xff; + if (--len) { + *ptr++ = val >> 8; + --len; + } + break; + case DEAD: + return -ENODEV; + } + } + + return 0; +} + +/** + * riscv_zkr_probe() - check if the seed register is available + * + * If the SBI software has not set mseccfg.sseed=1 or the Zkr + * extension is not available this probe function will result + * in an exception. Currently we cannot recover from this. + * + * @dev: RNG device + * Return: 0 if successfully probed + */ +static int riscv_zkr_probe(struct udevice *dev) +{ + struct resume_data resume; + int ret; + u32 val; + + /* Check if reading seed leads to interrupt */ + set_resume(&resume); + ret = setjmp(resume.jump); + if (ret) + log_debug("Exception %ld reading seed CSR\n", resume.code); + else + val = read_seed(); + set_resume(NULL); + if (ret) + return -ENODEV; + + do { + val = read_seed(); + val >>= 30; + } while (val == BIST || val == WAIT); + + if (val == DEAD) + return -ENODEV; + + return 0; +} + +static const struct dm_rng_ops riscv_zkr_ops = { + .read = riscv_zkr_read, +}; + +U_BOOT_DRIVER(riscv_zkr) = { + .name = DRIVER_NAME, + .id = UCLASS_RNG, + .ops = &riscv_zkr_ops, + .probe = riscv_zkr_probe, +}; + +U_BOOT_DRVINFO(cpu_riscv_zkr) = { + .name = DRIVER_NAME, +};
On Sun, Oct 29, 2023 at 09:45:33AM +0100, Heinrich Schuchardt wrote:
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: Resume after exception if seed CSR cannot be read.
drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
Reviewed-by: Leo Yu-Chi Liang ycliang@andestech.com
drivers/rng/riscv_zkr_rng.c:10:10: fatal error: interrupt.h: No such file or directory 10 | #include <interrupt.h> | ^~~~~~~~~~~~~ compilation terminated.
Where is this interrupt.h?
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:46写道:
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: Resume after exception if seed CSR cannot be read.
drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 994cc35b27..4f6e367169 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -48,6 +48,14 @@ config RNG_OPTEE accessible to normal world but reserved and used by the OP-TEE to avoid the weakness of a software PRNG.
+config RNG_RISCV_ZKR
bool "RISC-V Zkr random number generator"depends on RISCV_SMODEhelpThis driver provides a Random Number Generator based on theZkr RISC-V ISA extension which provides an interface to anNIST SP 800-90B or BSI AIS-31 compliant physical entropy source.config RNG_STM32 bool "Enable random number generator for STM32" depends on ARCH_STM32 || ARCH_STM32MP diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index 47b323e61e..a5d3ca4130 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_RNG_MSM) += msm_rng.o obj-$(CONFIG_RNG_NPCM) += npcm_rng.o obj-$(CONFIG_RNG_OPTEE) += optee_rng.o obj-$(CONFIG_RNG_STM32) += stm32_rng.o +obj-$(CONFIG_RNG_RISCV_ZKR) += riscv_zkr_rng.o obj-$(CONFIG_RNG_ROCKCHIP) += rockchip_rng.o obj-$(CONFIG_RNG_IPROC200) += iproc_rng200.o obj-$(CONFIG_RNG_SMCCC_TRNG) += smccc_trng.o diff --git a/drivers/rng/riscv_zkr_rng.c b/drivers/rng/riscv_zkr_rng.c new file mode 100644 index 0000000000..8c9e111e2e --- /dev/null +++ b/drivers/rng/riscv_zkr_rng.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/*
- The RISC-V Zkr extension provides CSR seed which provides access to a
- random number generator.
- */
+#define LOG_CATEGORY UCLASS_RNG
+#include <dm.h> +#include <interrupt.h> +#include <log.h> +#include <rng.h>
+#define DRIVER_NAME "riscv_zkr"
+enum opst {
/** @BIST: built in self test running */BIST = 0b00,/** @WAIT: sufficient amount of entropy is not yet available */WAIT = 0b01,/** @ES16: 16bits of entropy available */ES16 = 0b10,/** @DEAD: unrecoverable self-test error */DEAD = 0b11,+};
+static unsigned long read_seed(void) +{
unsigned long ret;__asm__ __volatile__("csrrw %0, seed, x0" : "=r" (ret) : : "memory");return ret;+}
+static int riscv_zkr_read(struct udevice *dev, void *data, size_t len) +{
u8 *ptr = data;while (len) {u32 val;val = read_seed();switch (val >> 30) {case BIST:continue;case WAIT:continue;case ES16:*ptr++ = val & 0xff;if (--len) {*ptr++ = val >> 8;--len;}break;case DEAD:return -ENODEV;}}return 0;+}
+/**
- riscv_zkr_probe() - check if the seed register is available
- If the SBI software has not set mseccfg.sseed=1 or the Zkr
- extension is not available this probe function will result
- in an exception. Currently we cannot recover from this.
- @dev: RNG device
- Return: 0 if successfully probed
- */
+static int riscv_zkr_probe(struct udevice *dev) +{
struct resume_data resume;int ret;u32 val;/* Check if reading seed leads to interrupt */set_resume(&resume);ret = setjmp(resume.jump);if (ret)log_debug("Exception %ld reading seed CSR\n", resume.code);elseval = read_seed();set_resume(NULL);if (ret)return -ENODEV;do {val = read_seed();val >>= 30;} while (val == BIST || val == WAIT);if (val == DEAD)return -ENODEV;return 0;+}
+static const struct dm_rng_ops riscv_zkr_ops = {
.read = riscv_zkr_read,+};
+U_BOOT_DRIVER(riscv_zkr) = {
.name = DRIVER_NAME,.id = UCLASS_RNG,.ops = &riscv_zkr_ops,.probe = riscv_zkr_probe,+};
+U_BOOT_DRVINFO(cpu_riscv_zkr) = {
.name = DRIVER_NAME,+};
2.40.1
merle w merlew4n6@gmail.com schrieb am Di., 31. Okt. 2023, 08:16:
drivers/rng/riscv_zkr_rng.c:10:10: fatal error: interrupt.h: No such file or directory 10 | #include <interrupt.h> | ^~~~~~~~~~~~~ compilation terminated.
Where is this interrupt.h?
Please, see patch 1/2.
Best regards
Heinrich
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:46写道:
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: Resume after exception if seed CSR cannot be read.
drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 994cc35b27..4f6e367169 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -48,6 +48,14 @@ config RNG_OPTEE accessible to normal world but reserved and used by the OP-TEE to avoid the weakness of a software PRNG.
+config RNG_RISCV_ZKR
bool "RISC-V Zkr random number generator"depends on RISCV_SMODEhelpThis driver provides a Random Number Generator based on theZkr RISC-V ISA extension which provides an interface to anNIST SP 800-90B or BSI AIS-31 compliant physical entropysource.
config RNG_STM32 bool "Enable random number generator for STM32" depends on ARCH_STM32 || ARCH_STM32MP diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index 47b323e61e..a5d3ca4130 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_RNG_MSM) += msm_rng.o obj-$(CONFIG_RNG_NPCM) += npcm_rng.o obj-$(CONFIG_RNG_OPTEE) += optee_rng.o obj-$(CONFIG_RNG_STM32) += stm32_rng.o +obj-$(CONFIG_RNG_RISCV_ZKR) += riscv_zkr_rng.o obj-$(CONFIG_RNG_ROCKCHIP) += rockchip_rng.o obj-$(CONFIG_RNG_IPROC200) += iproc_rng200.o obj-$(CONFIG_RNG_SMCCC_TRNG) += smccc_trng.o diff --git a/drivers/rng/riscv_zkr_rng.c b/drivers/rng/riscv_zkr_rng.c new file mode 100644 index 0000000000..8c9e111e2e --- /dev/null +++ b/drivers/rng/riscv_zkr_rng.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/*
- The RISC-V Zkr extension provides CSR seed which provides access to a
- random number generator.
- */
+#define LOG_CATEGORY UCLASS_RNG
+#include <dm.h> +#include <interrupt.h> +#include <log.h> +#include <rng.h>
+#define DRIVER_NAME "riscv_zkr"
+enum opst {
/** @BIST: built in self test running */BIST = 0b00,/** @WAIT: sufficient amount of entropy is not yet available */WAIT = 0b01,/** @ES16: 16bits of entropy available */ES16 = 0b10,/** @DEAD: unrecoverable self-test error */DEAD = 0b11,+};
+static unsigned long read_seed(void) +{
unsigned long ret;__asm__ __volatile__("csrrw %0, seed, x0" : "=r" (ret) : :"memory");
return ret;+}
+static int riscv_zkr_read(struct udevice *dev, void *data, size_t len) +{
u8 *ptr = data;while (len) {u32 val;val = read_seed();switch (val >> 30) {case BIST:continue;case WAIT:continue;case ES16:*ptr++ = val & 0xff;if (--len) {*ptr++ = val >> 8;--len;}break;case DEAD:return -ENODEV;}}return 0;+}
+/**
- riscv_zkr_probe() - check if the seed register is available
- If the SBI software has not set mseccfg.sseed=1 or the Zkr
- extension is not available this probe function will result
- in an exception. Currently we cannot recover from this.
- @dev: RNG device
- Return: 0 if successfully probed
- */
+static int riscv_zkr_probe(struct udevice *dev) +{
struct resume_data resume;int ret;u32 val;/* Check if reading seed leads to interrupt */set_resume(&resume);ret = setjmp(resume.jump);if (ret)log_debug("Exception %ld reading seed CSR\n",resume.code);
elseval = read_seed();set_resume(NULL);if (ret)return -ENODEV;do {val = read_seed();val >>= 30;} while (val == BIST || val == WAIT);if (val == DEAD)return -ENODEV;return 0;+}
+static const struct dm_rng_ops riscv_zkr_ops = {
.read = riscv_zkr_read,+};
+U_BOOT_DRIVER(riscv_zkr) = {
.name = DRIVER_NAME,.id = UCLASS_RNG,.ops = &riscv_zkr_ops,.probe = riscv_zkr_probe,+};
+U_BOOT_DRVINFO(cpu_riscv_zkr) = {
.name = DRIVER_NAME,+};
2.40.1
Hi Xiang, On Tue, Oct 31, 2023 at 02:16:22PM +0800, merle w wrote:
drivers/rng/riscv_zkr_rng.c:10:10: fatal error: interrupt.h: No such file or directory 10 | #include <interrupt.h> | ^~~~~~~~~~~~~ compilation terminated.
Where is this interrupt.h?
I think this file is created by the first patch of this patchset. "[RFC,v2,1/2] riscv: allow resume after exception"
Could you try to apply this patch and then test again? It should compile without error.
Best regards, Leo
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:46写道:
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: Resume after exception if seed CSR cannot be read.
drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 994cc35b27..4f6e367169 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -48,6 +48,14 @@ config RNG_OPTEE accessible to normal world but reserved and used by the OP-TEE to avoid the weakness of a software PRNG.
+config RNG_RISCV_ZKR
bool "RISC-V Zkr random number generator"depends on RISCV_SMODEhelpThis driver provides a Random Number Generator based on theZkr RISC-V ISA extension which provides an interface to anNIST SP 800-90B or BSI AIS-31 compliant physical entropy source.config RNG_STM32 bool "Enable random number generator for STM32" depends on ARCH_STM32 || ARCH_STM32MP diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index 47b323e61e..a5d3ca4130 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_RNG_MSM) += msm_rng.o obj-$(CONFIG_RNG_NPCM) += npcm_rng.o obj-$(CONFIG_RNG_OPTEE) += optee_rng.o obj-$(CONFIG_RNG_STM32) += stm32_rng.o +obj-$(CONFIG_RNG_RISCV_ZKR) += riscv_zkr_rng.o obj-$(CONFIG_RNG_ROCKCHIP) += rockchip_rng.o obj-$(CONFIG_RNG_IPROC200) += iproc_rng200.o obj-$(CONFIG_RNG_SMCCC_TRNG) += smccc_trng.o diff --git a/drivers/rng/riscv_zkr_rng.c b/drivers/rng/riscv_zkr_rng.c new file mode 100644 index 0000000000..8c9e111e2e --- /dev/null +++ b/drivers/rng/riscv_zkr_rng.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/*
- The RISC-V Zkr extension provides CSR seed which provides access to a
- random number generator.
- */
+#define LOG_CATEGORY UCLASS_RNG
+#include <dm.h> +#include <interrupt.h> +#include <log.h> +#include <rng.h>
+#define DRIVER_NAME "riscv_zkr"
+enum opst {
/** @BIST: built in self test running */BIST = 0b00,/** @WAIT: sufficient amount of entropy is not yet available */WAIT = 0b01,/** @ES16: 16bits of entropy available */ES16 = 0b10,/** @DEAD: unrecoverable self-test error */DEAD = 0b11,+};
+static unsigned long read_seed(void) +{
unsigned long ret;__asm__ __volatile__("csrrw %0, seed, x0" : "=r" (ret) : : "memory");return ret;+}
+static int riscv_zkr_read(struct udevice *dev, void *data, size_t len) +{
u8 *ptr = data;while (len) {u32 val;val = read_seed();switch (val >> 30) {case BIST:continue;case WAIT:continue;case ES16:*ptr++ = val & 0xff;if (--len) {*ptr++ = val >> 8;--len;}break;case DEAD:return -ENODEV;}}return 0;+}
+/**
- riscv_zkr_probe() - check if the seed register is available
- If the SBI software has not set mseccfg.sseed=1 or the Zkr
- extension is not available this probe function will result
- in an exception. Currently we cannot recover from this.
- @dev: RNG device
- Return: 0 if successfully probed
- */
+static int riscv_zkr_probe(struct udevice *dev) +{
struct resume_data resume;int ret;u32 val;/* Check if reading seed leads to interrupt */set_resume(&resume);ret = setjmp(resume.jump);if (ret)log_debug("Exception %ld reading seed CSR\n", resume.code);elseval = read_seed();set_resume(NULL);if (ret)return -ENODEV;do {val = read_seed();val >>= 30;} while (val == BIST || val == WAIT);if (val == DEAD)return -ENODEV;return 0;+}
+static const struct dm_rng_ops riscv_zkr_ops = {
.read = riscv_zkr_read,+};
+U_BOOT_DRIVER(riscv_zkr) = {
.name = DRIVER_NAME,.id = UCLASS_RNG,.ops = &riscv_zkr_ops,.probe = riscv_zkr_probe,+};
+U_BOOT_DRVINFO(cpu_riscv_zkr) = {
.name = DRIVER_NAME,+};
2.40.1
Sorry! I missed it.
Regards, Xiang W
Leo Liang ycliang@andestech.com 于2023年10月31日周二 14:47写道:
Hi Xiang, On Tue, Oct 31, 2023 at 02:16:22PM +0800, merle w wrote:
drivers/rng/riscv_zkr_rng.c:10:10: fatal error: interrupt.h: No such file or directory 10 | #include <interrupt.h> | ^~~~~~~~~~~~~ compilation terminated.
Where is this interrupt.h?
I think this file is created by the first patch of this patchset. "[RFC,v2,1/2] riscv: allow resume after exception"
Could you try to apply this patch and then test again? It should compile without error.
Best regards, Leo
Regards, Xiang W
Heinrich Schuchardt heinrich.schuchardt@canonical.com 于2023年10月29日周日 16:46写道:
The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It provides an interface to a physical entropy source.
A RNG driver based on the seed CSR is provided. It depends on mseccfg.sseed being set in the SBI firmware.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
v2: Resume after exception if seed CSR cannot be read.
drivers/rng/Kconfig | 8 +++ drivers/rng/Makefile | 1 + drivers/rng/riscv_zkr_rng.c | 116 ++++++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 drivers/rng/riscv_zkr_rng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 994cc35b27..4f6e367169 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -48,6 +48,14 @@ config RNG_OPTEE accessible to normal world but reserved and used by the OP-TEE to avoid the weakness of a software PRNG.
+config RNG_RISCV_ZKR
bool "RISC-V Zkr random number generator"depends on RISCV_SMODEhelpThis driver provides a Random Number Generator based on theZkr RISC-V ISA extension which provides an interface to anNIST SP 800-90B or BSI AIS-31 compliant physical entropy source.config RNG_STM32 bool "Enable random number generator for STM32" depends on ARCH_STM32 || ARCH_STM32MP diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index 47b323e61e..a5d3ca4130 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_RNG_MSM) += msm_rng.o obj-$(CONFIG_RNG_NPCM) += npcm_rng.o obj-$(CONFIG_RNG_OPTEE) += optee_rng.o obj-$(CONFIG_RNG_STM32) += stm32_rng.o +obj-$(CONFIG_RNG_RISCV_ZKR) += riscv_zkr_rng.o obj-$(CONFIG_RNG_ROCKCHIP) += rockchip_rng.o obj-$(CONFIG_RNG_IPROC200) += iproc_rng200.o obj-$(CONFIG_RNG_SMCCC_TRNG) += smccc_trng.o diff --git a/drivers/rng/riscv_zkr_rng.c b/drivers/rng/riscv_zkr_rng.c new file mode 100644 index 0000000000..8c9e111e2e --- /dev/null +++ b/drivers/rng/riscv_zkr_rng.c @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/*
- The RISC-V Zkr extension provides CSR seed which provides access to a
- random number generator.
- */
+#define LOG_CATEGORY UCLASS_RNG
+#include <dm.h> +#include <interrupt.h> +#include <log.h> +#include <rng.h>
+#define DRIVER_NAME "riscv_zkr"
+enum opst {
/** @BIST: built in self test running */BIST = 0b00,/** @WAIT: sufficient amount of entropy is not yet available */WAIT = 0b01,/** @ES16: 16bits of entropy available */ES16 = 0b10,/** @DEAD: unrecoverable self-test error */DEAD = 0b11,+};
+static unsigned long read_seed(void) +{
unsigned long ret;__asm__ __volatile__("csrrw %0, seed, x0" : "=r" (ret) : : "memory");return ret;+}
+static int riscv_zkr_read(struct udevice *dev, void *data, size_t len) +{
u8 *ptr = data;while (len) {u32 val;val = read_seed();switch (val >> 30) {case BIST:continue;case WAIT:continue;case ES16:*ptr++ = val & 0xff;if (--len) {*ptr++ = val >> 8;--len;}break;case DEAD:return -ENODEV;}}return 0;+}
+/**
- riscv_zkr_probe() - check if the seed register is available
- If the SBI software has not set mseccfg.sseed=1 or the Zkr
- extension is not available this probe function will result
- in an exception. Currently we cannot recover from this.
- @dev: RNG device
- Return: 0 if successfully probed
- */
+static int riscv_zkr_probe(struct udevice *dev) +{
struct resume_data resume;int ret;u32 val;/* Check if reading seed leads to interrupt */set_resume(&resume);ret = setjmp(resume.jump);if (ret)log_debug("Exception %ld reading seed CSR\n", resume.code);elseval = read_seed();set_resume(NULL);if (ret)return -ENODEV;do {val = read_seed();val >>= 30;} while (val == BIST || val == WAIT);if (val == DEAD)return -ENODEV;return 0;+}
+static const struct dm_rng_ops riscv_zkr_ops = {
.read = riscv_zkr_read,+};
+U_BOOT_DRIVER(riscv_zkr) = {
.name = DRIVER_NAME,.id = UCLASS_RNG,.ops = &riscv_zkr_ops,.probe = riscv_zkr_probe,+};
+U_BOOT_DRVINFO(cpu_riscv_zkr) = {
.name = DRIVER_NAME,+};
2.40.1
participants (4)
-
Heinrich Schuchardt -
Leo Liang -
merle w -
Xiang W