[PATCH 0/2] docs: AM62x: Remove SW_PRNG Flag for OPTEE
The CFG_WITH_SOFTWARE_PRNG option was needed once when there were some issues with system crashes/ hangs after a suspend-resume cycle. However this seems to no longer be the case with newer firmwares, and this config is not needed for basic boot support of the SoC either, hence remove it from the docs.
Cc: Kamlesh kamlesh@ti.com Cc: Vibhore Vardhan vibhore@ti.com Cc: Wadim Egorov w.egorov@phytec.de
Dhruva Gole (2): doc: board: beagle: am62x_beagleplay: Delete SW_PRNG flag for OPTEE doc: board: ti: am62x_sk: Remove SW_PRNG Flag for OPTEE
doc/board/beagle/am62x_beagleplay.rst | 1 - doc/board/ti/am62x_sk.rst | 1 - 2 files changed, 2 deletions(-)
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC
Signed-off-by: Dhruva Gole d-gole@ti.com --- doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
.. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps
On 15:59-20231201, Dhruva Gole wrote:
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC
Signed-off-by: Dhruva Gole d-gole@ti.com
doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x
- export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
.. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps -- 2.34.1
NAK. RNG is needed to seed standard distros.
On 12/4/23 1:29 PM, Nishanth Menon wrote:
On 15:59-20231201, Dhruva Gole wrote:
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC
Signed-off-by: Dhruva Gole d-gole@ti.com
doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x
export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
.. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps
-- 2.34.1
NAK. RNG is needed to seed standard distros.
You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW RNG, disabling the HW RNG. Without this line the HW RNG is the default.
Andrew
On 08:46-20231205, Andrew Davis wrote:
On 12/4/23 1:29 PM, Nishanth Menon wrote:
On 15:59-20231201, Dhruva Gole wrote:
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC
Signed-off-by: Dhruva Gole d-gole@ti.com
doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x
- export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" .. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps
-- 2.34.1
NAK. RNG is needed to seed standard distros.
You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW RNG, disabling the HW RNG. Without this line the HW RNG is the default.
That is not the rationale with which the series was posted. I would prefer we use HW RNG by default. but as I understand there are a bunch of f/w bugs preventing us from doing so. if they are resolved, then the commit message argument should be that the bugs are fixed, so we can easily use then with f/w version x.y.z onwards.
On 12/5/23 9:22 AM, Nishanth Menon wrote:
On 08:46-20231205, Andrew Davis wrote:
On 12/4/23 1:29 PM, Nishanth Menon wrote:
On 15:59-20231201, Dhruva Gole wrote:
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC
Signed-off-by: Dhruva Gole d-gole@ti.com
doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x
- export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" .. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps
-- 2.34.1
NAK. RNG is needed to seed standard distros.
You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW RNG, disabling the HW RNG. Without this line the HW RNG is the default.
That is not the rationale with which the series was posted. I would prefer we use HW RNG by default. but as I understand there are a bunch of f/w bugs preventing us from doing so. if they are resolved, then the commit message argument should be that the bugs are fixed, so we can easily use then with f/w version x.y.z onwards.
There was a single FW bug that caused suspend/resume to fail when OP-TEE was using the HW RNG. The HW RNG always worked, disabling it was a hack that allowed us to still demo suspend/resume, not sure how that ended up in this documentation.
The fact we disabled a security feature to workaround a non-security bug shows a lack of good judgement on our part IMHO. Product security is our top priority.
Andrew
This SoC does not require the CFG_WITH_SOFTWARE_PRNG option to be set for base boot support, hence remove it from the U-Boot documentation.
Signed-off-by: Dhruva Gole d-gole@ti.com --- doc/board/ti/am62x_sk.rst | 1 - 1 file changed, 1 deletion(-)
diff --git a/doc/board/ti/am62x_sk.rst b/doc/board/ti/am62x_sk.rst index b12dc85f06b5..35d759e806c0 100644 --- a/doc/board/ti/am62x_sk.rst +++ b/doc/board/ti/am62x_sk.rst @@ -84,7 +84,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
.. am62x_evm_rst_include_start_build_steps
On 15:59-20231201, Dhruva Gole wrote:
The CFG_WITH_SOFTWARE_PRNG option was needed once when there were some issues with system crashes/ hangs after a suspend-resume cycle. However this seems to no longer be the case with newer firmwares, and this config is not needed for basic boot support of the SoC either, hence remove it from the docs.
Cc: Kamlesh kamlesh@ti.com Cc: Vibhore Vardhan vibhore@ti.com Cc: Wadim Egorov w.egorov@phytec.de
Dhruva Gole (2): doc: board: beagle: am62x_beagleplay: Delete SW_PRNG flag for OPTEE doc: board: ti: am62x_sk: Remove SW_PRNG Flag for OPTEE
doc/board/beagle/am62x_beagleplay.rst | 1 - doc/board/ti/am62x_sk.rst | 1 - 2 files changed, 2 deletions(-)
NAK to the series. RNG seed is needed for KASLR. either enable h/w RNG or at least enable S/W RNG in OPTEE.
Hi Nishanth,
On 05/12/23 01:00, Nishanth Menon wrote:
On 15:59-20231201, Dhruva Gole wrote:
The CFG_WITH_SOFTWARE_PRNG option was needed once when there were some issues with system crashes/ hangs after a suspend-resume cycle. However this seems to no longer be the case with newer firmwares, and this config is not needed for basic boot support of the SoC either, hence remove it from the docs.
Cc: Kamlesh kamlesh@ti.com Cc: Vibhore Vardhan vibhore@ti.com Cc: Wadim Egorov <w.egorov@phytec.de >> Dhruva Gole (2): doc: board: beagle: am62x_beagleplay: Delete SW_PRNG flag for OPTEE doc: board: ti: am62x_sk: Remove SW_PRNG Flag for OPTEE
doc/board/beagle/am62x_beagleplay.rst | 1 - doc/board/ti/am62x_sk.rst | 1 - 2 files changed, 2 deletions(-)
NAK to the series. RNG seed is needed for KASLR. either enable h/w RNG
@Wadim: Please take note and ignore my previous suggestion to you to remove this line, keep this line as is.
or at least enable S/W RNG in OPTEE.
Agreed, I will send a patch to use HWRNG later on then. For now let's just keep the PRNG enabled in these docs.
participants (3)
-
Andrew Davis -
Dhruva Gole -
Nishanth Menon