lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <152963052624.16708.17133633012075809772@swboyd.mtv.corp.google.com>
Date:   Thu, 21 Jun 2018 18:22:06 -0700
From:   Stephen Boyd <swboyd@...omium.org>
To:     Vinod <vkoul@...nel.org>
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
        Matt Mackall <mpm@...enic.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH v2 2/2] hwrng: msm - Add support for prng v2

Quoting Vinod (2018-06-20 06:37:25)
> On 19-06-18, 22:58, Stephen Boyd wrote:
> > Quoting Vinod Koul (2018-06-19 02:54:30)
> > > Qcom 8996 and later chips support prng v2 which requires to
> > > implement only .read callback for hwrng.
> > > 
> > > This version of chip has multiple Execution Environments (EE) and
> > > secure world is typically responsible for configuring the prng.
> > 
> > Sometimes secure world is not configuring the rng though. I prefer we
> > have a DT flag for this to indicate if secure world has configured it or
> > not and then skip the init logic when the bool property is present in
> > DT. Then the DT property can be set on firmwares that are making things
> > blow up when we try to read the 'configured' register. I'd also file a
> > bug to qcom to tell them to unlock that config register for reads so
> > that things can work simpler, but who knows how that will work out.
> 
> I dont feel that would be required. See below..
> 
> > It really sounds like the hardware isn't actually different, just the
> > firmware has decided to be more strict about making reads fail now.
> 
> So in this case base hw block seems similar but consists of multiple
> Execution Environment (EEs) and all of these contain only data
> registers. Only secure environment has configuration. Each one has its
> own register space.
> 
> In a case where we dont have secure world, we can point to secure
> environment with v1 ops, so driver shall configure and run.

Are you saying that there are multiple "frames" that each EE can read
from? And then only one of those frames is the "real" one that can also
configure the hardware to actually give us random data?

That sounds like it would work, but then the compatible string should
probably be more like qcom,prng-ee-frame or something like that to
indicate that this is a window into the real hardware, instead of
tacking on a -v2 and making everyone think it's new hardware.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ