[PATCH 1/2] doc: board: beagle: am62x_beagleplay: Delete SW_PRNG flag for OPTEE
Andrew Davis
afd at ti.com
Tue Dec 5 17:38:29 CET 2023
On 12/5/23 9:22 AM, Nishanth Menon wrote:
> On 08:46-20231205, Andrew Davis wrote:
>> On 12/4/23 1:29 PM, Nishanth Menon wrote:
>>> On 15:59-20231201, Dhruva Gole wrote:
>>>> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
>>>> requirement for this SoC
>>>>
>>>> Signed-off-by: Dhruva Gole <d-gole at ti.com>
>>>> ---
>>>> doc/board/beagle/am62x_beagleplay.rst | 1 -
>>>> 1 file changed, 1 deletion(-)
>>>>
>>>> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst
>>>> index 7784e62b0b71..50d7d3c620d7 100644
>>>> --- a/doc/board/beagle/am62x_beagleplay.rst
>>>> +++ b/doc/board/beagle/am62x_beagleplay.rst
>>>> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
>>>> # we dont use any extra TFA parameters
>>>> unset TFA_EXTRA_ARGS
>>>> export OPTEE_PLATFORM=k3-am62x
>>>> - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
>>>> .. include:: ../ti/am62x_sk.rst
>>>> :start-after: .. am62x_evm_rst_include_start_build_steps
>>>> --
>>>> 2.34.1
>>>>
>>> NAK. RNG is needed to seed standard distros.
>>
>> You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW
>> RNG, disabling the HW RNG. Without this line the HW RNG is the default.
>
>
> That is not the rationale with which the series was posted. I would
> prefer we use HW RNG by default. but as I understand there are a bunch
> of f/w bugs preventing us from doing so. if they are resolved, then the
> commit message argument should be that the bugs are fixed, so we can
> easily use then with f/w version x.y.z onwards.
There was a single FW bug that caused suspend/resume to fail when OP-TEE
was using the HW RNG. The HW RNG always worked, disabling it was a hack
that allowed us to still demo suspend/resume, not sure how that ended up
in this documentation.
The fact we disabled a security feature to workaround a non-security bug
shows a lack of good judgement on our part IMHO. Product security is our
top priority.
Andrew
More information about the U-Boot
mailing list