lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM0PR04MB60046EC7FF56D13625223BC4E717A@AM0PR04MB6004.eurprd04.prod.outlook.com>
Date:   Mon, 14 Aug 2023 06:34:30 +0000
From:   Gaurav Jain <gaurav.jain@....com>
To:     Meenakshi Aggarwal <meenakshi.aggarwal@....com>,
        Horia Geanta <horia.geanta@....com>,
        Varun Sethi <V.Sethi@....com>,
        Pankaj Gupta <pankaj.gupta@....com>,
        "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] Revert "crypto: caam - optimize RNG sample size"

Reviewed-by: Gaurav Jain <gaurav.jain@....com>

> -----Original Message-----
> From: Meenakshi Aggarwal <meenakshi.aggarwal@....com>
> Sent: Monday, August 14, 2023 11:03 AM
> To: Horia Geanta <horia.geanta@....com>; Varun Sethi <V.Sethi@....com>;
> Pankaj Gupta <pankaj.gupta@....com>; Gaurav Jain <gaurav.jain@....com>;
> herbert@...dor.apana.org.au; davem@...emloft.net; linux-
> crypto@...r.kernel.org; linux-kernel@...r.kernel.org
> Cc: Meenakshi Aggarwal <meenakshi.aggarwal@....com>
> Subject: [PATCH] Revert "crypto: caam - optimize RNG sample size"
> 
> From: Meenakshi Aggarwal <meenakshi.aggarwal@....com>
> 
> This reverts commit 1abc89661ad3cd18d8c6af5c2584bcc63df43bf2.
> 
> Reverting the commit because of RNG instantiation failure observed on imx8mm
> board.
> 
> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@....com>
> ---
>  drivers/crypto/caam/ctrl.c | 52 +++++++++++++++-----------------------
>  drivers/crypto/caam/regs.h | 14 ++--------
>  2 files changed, 22 insertions(+), 44 deletions(-)
> 
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ff9ddbbca377..ee6478eea933 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -358,7 +358,7 @@ static void kick_trng(struct device *dev, int ent_delay)
>  	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>  	struct caam_ctrl __iomem *ctrl;
>  	struct rng4tst __iomem *r4tst;
> -	u32 val, rtsdctl;
> +	u32 val;
> 
>  	ctrl = (struct caam_ctrl __iomem *)ctrlpriv->ctrl;
>  	r4tst = &ctrl->r4tst[0];
> @@ -374,38 +374,26 @@ static void kick_trng(struct device *dev, int ent_delay)
>  	 * Performance-wise, it does not make sense to
>  	 * set the delay to a value that is lower
>  	 * than the last one that worked (i.e. the state handles
> -	 * were instantiated properly).
> +	 * were instantiated properly. Thus, instead of wasting
> +	 * time trying to set the values controlling the sample
> +	 * frequency, the function simply returns.
>  	 */
> -	rtsdctl = rd_reg32(&r4tst->rtsdctl);
> -	val = (rtsdctl & RTSDCTL_ENT_DLY_MASK) >> RTSDCTL_ENT_DLY_SHIFT;
> -	if (ent_delay > val) {
> -		val = ent_delay;
> -		/* min. freq. count, equal to 1/4 of the entropy sample length
> */
> -		wr_reg32(&r4tst->rtfrqmin, val >> 2);
> -		/* max. freq. count, equal to 16 times the entropy sample
> length */
> -		wr_reg32(&r4tst->rtfrqmax, val << 4);
> -	}
> -
> -	wr_reg32(&r4tst->rtsdctl, (val << RTSDCTL_ENT_DLY_SHIFT) |
> -		 RTSDCTL_SAMP_SIZE_VAL);
> -
> -	/*
> -	 * To avoid reprogramming the self-test parameters over and over again,
> -	 * use RTSDCTL[SAMP_SIZE] as an indicator.
> -	 */
> -	if ((rtsdctl & RTSDCTL_SAMP_SIZE_MASK) != RTSDCTL_SAMP_SIZE_VAL)
> {
> -		wr_reg32(&r4tst->rtscmisc, (2 << 16) | 32);
> -		wr_reg32(&r4tst->rtpkrrng, 570);
> -		wr_reg32(&r4tst->rtpkrmax, 1600);
> -		wr_reg32(&r4tst->rtscml, (122 << 16) | 317);
> -		wr_reg32(&r4tst->rtscrl[0], (80 << 16) | 107);
> -		wr_reg32(&r4tst->rtscrl[1], (57 << 16) | 62);
> -		wr_reg32(&r4tst->rtscrl[2], (39 << 16) | 39);
> -		wr_reg32(&r4tst->rtscrl[3], (27 << 16) | 26);
> -		wr_reg32(&r4tst->rtscrl[4], (19 << 16) | 18);
> -		wr_reg32(&r4tst->rtscrl[5], (18 << 16) | 17);
> -	}
> -
> +	val = (rd_reg32(&r4tst->rtsdctl) & RTSDCTL_ENT_DLY_MASK)
> +	      >> RTSDCTL_ENT_DLY_SHIFT;
> +	if (ent_delay <= val)
> +		goto start_rng;
> +
> +	val = rd_reg32(&r4tst->rtsdctl);
> +	val = (val & ~RTSDCTL_ENT_DLY_MASK) |
> +	      (ent_delay << RTSDCTL_ENT_DLY_SHIFT);
> +	wr_reg32(&r4tst->rtsdctl, val);
> +	/* min. freq. count, equal to 1/4 of the entropy sample length */
> +	wr_reg32(&r4tst->rtfrqmin, ent_delay >> 2);
> +	/* max. freq. count, equal to 16 times the entropy sample length */
> +	wr_reg32(&r4tst->rtfrqmax, ent_delay << 4);
> +	/* read the control register */
> +	val = rd_reg32(&r4tst->rtmctl);
> +start_rng:
>  	/*
>  	 * select raw sampling in both entropy shifter
>  	 * and statistical checker; ; put RNG4 into run mode diff --git
> a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index
> 189e74c21f0c..66928f8a0c4b 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -3,7 +3,7 @@
>   * CAAM hardware register-level view
>   *
>   * Copyright 2008-2011 Freescale Semiconductor, Inc.
> - * Copyright 2018, 2023 NXP
> + * Copyright 2018 NXP
>   */
> 
>  #ifndef REGS_H
> @@ -523,8 +523,6 @@ struct rng4tst {
>  #define RTSDCTL_ENT_DLY_MASK (0xffff << RTSDCTL_ENT_DLY_SHIFT)
> #define RTSDCTL_ENT_DLY_MIN 3200  #define RTSDCTL_ENT_DLY_MAX 12800
> -#define RTSDCTL_SAMP_SIZE_MASK 0xffff -#define RTSDCTL_SAMP_SIZE_VAL
> 512
>  	u32 rtsdctl;		/* seed control register */
>  	union {
>  		u32 rtsblim;	/* PRGM=1: sparse bit limit register */
> @@ -536,15 +534,7 @@ struct rng4tst {
>  		u32 rtfrqmax;	/* PRGM=1: freq. count max. limit register */
>  		u32 rtfrqcnt;	/* PRGM=0: freq. count register */
>  	};
> -	union {
> -		u32 rtscmc;	/* statistical check run monobit count */
> -		u32 rtscml;	/* statistical check run monobit limit */
> -	};
> -	union {
> -		u32 rtscrc[6];	/* statistical check run length count */
> -		u32 rtscrl[6];	/* statistical check run length limit */
> -	};
> -	u32 rsvd1[33];
> +	u32 rsvd1[40];
>  #define RDSTA_SKVT 0x80000000
>  #define RDSTA_SKVN 0x40000000
>  #define RDSTA_PR0 BIT(4)
> --
> 2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ