[PATCH 4/4] crypto/fsl: add RNG support

Horia Geantă horia.geanta at nxp.com
Thu Jun 4 10:05:15 CEST 2020


On 6/4/2020 5:31 AM, Heinrich Schuchardt wrote:
> On 6/3/20 12:05 AM, Michael Walle wrote:
>> Register the random number generator with the rng subsystem in u-boot.
>> This way it can be used by EFI as well as for the 'rng' command.
>>
>> Signed-off-by: Michael Walle <michael at walle.cc>
>> ---
>>  drivers/crypto/fsl/Kconfig   | 11 +++++
>>  drivers/crypto/fsl/Makefile  |  1 +
>>  drivers/crypto/fsl/jobdesc.c |  9 ++++
>>  drivers/crypto/fsl/jobdesc.h |  3 ++
>>  drivers/crypto/fsl/jr.c      |  9 ++++
>>  drivers/crypto/fsl/rng.c     | 84 ++++++++++++++++++++++++++++++++++++
>>  6 files changed, 117 insertions(+)
>>  create mode 100644 drivers/crypto/fsl/rng.c
>>
>> diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
>> index 181a1e5e99..5936b77494 100644
>> --- a/drivers/crypto/fsl/Kconfig
>> +++ b/drivers/crypto/fsl/Kconfig
>> @@ -45,3 +45,14 @@ config SYS_FSL_SEC_COMPAT
>>
>>  config SYS_FSL_SEC_LE
>>  	bool "Little-endian access to Freescale Secure Boot"
>> +
>> +if FSL_CAAM
>> +
>> +config FSL_CAAM_RNG
>> +	bool "Enable Random Number Generator support"
>> +	depends on DM_RNG
>> +	default y
>> +	help
>> +	  Enable support for the random number generator module of the CAAM.
> 
> Hello Michael,
> 
> when typing CAAM into Google I got a lot of answers but "Cryptographic
> Accelerator and Assurance Module" was not under the first 50 hits.
> 
> If this is a hardware RNG I think we should put this into the text.
> 
Totally agree.

Besides other cryptographic services, CAAM offers:
-a hardware RNG / TRNG
-a PRNG / DRBG (SP800-90A compliant DRBG_Hash) - which is seeded
from the TRNG

Both are accessible by SW, so clarifying what the driver does
would be useful (unless DM_RNG / UCLASS_RNG already implies
one or the other).

>From what I see, driver added by Michael is using the PRNG / DRBG
and not the TRNG. Is this acceptable?

Conceptually this is similar to choosing between
RDSEED vs. RDRDAND x86 instructions:
https://software.intel.com/content/www/us/en/develop/blogs/the-difference-between-rdrand-and-rdseed.html

> So how about:
> 
> "Enable support the hardware random number generator of Freescale SOCs
> using the Cryptographic Accelerator and Assurance Module (CAAM)."
> 
The CAAM acronym is expanded at the top of the same file,
under FSL_CAAM's help:
<<Enables the Freescale's Cryptographic Accelerator and Assurance
Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses
Job Ring as interface to communicate with CAAM.>>

Horia


More information about the U-Boot mailing list