[PATCH v3 0/2] rng: Provide a RNG based on the RISC-V Zkr ISA extension
Tom Rini
trini at konsulko.com
Tue Nov 7 22:53:56 CET 2023
On Tue, Nov 07, 2023 at 05:22:58AM -0700, Simon Glass wrote:
> Hi Andre,
>
> On Tue, 7 Nov 2023 at 04:27, Andre Przywara <andre.przywara at arm.com> wrote:
> >
> > On Tue, 7 Nov 2023 01:08:15 +0000
> > Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Simon,
> >
> > > On Mon, 6 Nov 2023 at 21:55, Andre Przywara <andre.przywara at arm.com> wrote:
> > > >
> > > > On Mon, 6 Nov 2023 13:38:39 -0700
> > > > Simon Glass <sjg at chromium.org> wrote:
> > > >
> > > > Hi Simon,
> > > >
> > > > > On Mon, 6 Nov 2023 at 10:26, Andre Przywara <andre.przywara at arm.com> wrote:
> > > > > >
> > > > > > On Sat, 4 Nov 2023 19:45:06 +0000
> > > > > > Simon Glass <sjg at chromium.org> wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > > On Sat, 4 Nov 2023 at 17:13, Andre Przywara <andre.przywara at arm.com> wrote:
> > > > > > > >
> > > > > > > > On Fri, 3 Nov 2023 13:38:58 -0600
> > > > > > > > Simon Glass <sjg at chromium.org> wrote:
> > > > > > > >
> > > > > > > > Hi Simon,
> > > > > > > >
> > > > > > > > > Hi Heinrich,
> > > > > > > > >
> > > > > > > > > On Wed, 1 Nov 2023 at 14:20, Heinrich Schuchardt
> > > > > > > > > <heinrich.schuchardt at canonical.com> wrote:
> > > > > > > > > >
> > > > > > > > > > On 11/1/23 19:05, Andre Przywara wrote:
> > > > > > > > > > > On Tue, 31 Oct 2023 14:55:50 +0200
> > > > > > > > > > > Heinrich Schuchardt <heinrich.schuchardt at canonical.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > Hi Heinrich,
> > > > > > > > > > >
> > > > > > > > > > >> The Zkr ISA extension (ratified Nov 2021) introduced the seed CSR. It
> > > > > > > > > > >> provides an interface to a physical entropy source.
> > > > > > > > > > >>
> > > > > > > > > > >> A RNG driver based on the seed CSR is provided. It depends on
> > > > > > > > > > >> mseccfg.sseed being set in the SBI firmware.
> > > > > > > > > > >
> > > > > > > > > > > As you might have seen, I added a similar driver for the respective Arm
> > > > > > > > > > > functionality:
> > > > > > > > > > > https://lore.kernel.org/u-boot/20230830113230.3925868-1-andre.przywara@arm.com/
> > > > > > > > > > >
> > > > > > > > > > > And I see that you seem to use the same mechanism to probe and init the
> > > > > > > > > > > driver: U_BOOT_DRVINFO and fail in probe() if the feature is not
> > > > > > > > > > > implemented.
> > > > > > > > > > > One downside of this approach is that the driver is always loaded (and
> > > > > > > > > > > visible in the DM tree), even with the feature not being available.
> > > > > > > > > > > That doesn't seem too much of a problem on the first glance, but it
> > > > > > > > > > > occupies a device number, and any subsequent other DM_RNG devices
> > > > > > > > > > > (like virtio-rng) typically get higher device numbers. So without
> > > > > > > > > > > the feature, but with virtio-rng, I get:
> > > > > > > > > > > VExpress64# rng 0
> > > > > > > > > > > No RNG device
> > > > > > > > >
> > > > > > > > > Why do we get this? If the device is not there, the bind() function
> > > > > > > > > can return -ENODEV
> > > > > > > > >
> > > > > > > > > I see this in U-Boot:
> > > > > > > > >
> > > > > > > > > U_BOOT_DRVINFO(cpu_arm_rndr) = {
> > > > > > > > >
> > > > > > > > > We should not use this.
> > > > > > > >
> > > > > > > > Agreed.
> > > > > > > >
> > > > > > > > > Use the devicetree.
> > > > > > > >
> > > > > > > > No, this is definitely not something for the DT, at least not on ARM.
> > > > > > > > It's perfectly discoverable via the architected CPU ID registers.
> > > > > > > > Similar to PCI and USB devices, which we don't probe via the DT as well.
> > > > > > > >
> > > > > > > > It's arguably not proper "driver" material per se, as I've argued before, but
> > > > > > > > it's the simplest solution and fits in nicely otherwise.
> > > > > > > >
> > > > > > > > I was wondering if it might be something for UCLASS_CPU, something like
> > > > > > > > a "CPU feature bus": to let devices register on one on the many CPU
> > > > > > > > features (instead of compatible strings), then only bind() those
> > > > > > > > drivers it the respective bit is set.
> > > > > > > >
> > > > > > > > Does that make sense? Would that be doable without boiling the ocean?
> > > > > > > > As I don't know if we see many users apart from this.
> > > > > > >
> > > > > > > I have seen this so many times, where people want to avoid putting
> > > > > > > things in the DT and then are surprised that everything is difficult,
> > > > > > > broken and confusing. Why not just follow the rules? It is not just
> > > > > > > about whether we can avoid it, etc. It is about how devices fit
> > > > > > > together cohesively in the system, and how U-Boot operates.
> > > > > >
> > > > > > A devicetree is only for peripherals *that cannot be located by probing*.
> > > > >
> > > > > I have to stop you there. It absolutely is not limited to that.
> > > >
> > > > I am very sorry, but I - (and seemingly everyone else in the kernel DT
> > > > community?) - seem to disagree here.
> > >
> > > Really? Where is that even coming from? Certainly not the DT spec.
> >
> > It seems to be common agreement between devicetree folks, and I find it in
> > one of Frank Roward's slidedeck about devicetree in the early days
> > (2015ish). But indeed this should be added to official documents.
> > I poked some people to get this sorted.
>
> Yes I recall those dark days but it is not actually correct. That sort
> of restriction would be very destructive, in fact.
>
> Even if you look at all the PCI stuff you can see that specifying
> probe-able stuff in the DT is fine.
>
> >
> > > > > > Which are traditionally most peripherals in non-server Arm SoCs. While I
> > > > > > do love the DT, the best DT node is the one you don't need.
> > > > >
> > > > > We need it in U-Boot, at least.
> > > > >
> > > > > I'll send a patch with a warning on U_BOOT_DRVINFO() as it seems that
> > > > > some people did not see the header-file comment.
> > > >
> > > > Fair enough.
> > > >
> > > > > Let's just stop this discussion and instead talk about the binding we need.
> > > >
> > > > Alright, if that is your decision, I will send a patch to revert
> > > > that "driver". There will never be a binding for a CPU instruction
> > > > discoverable by the architected CPU ID register.
> > >
> > > That statement just mystifies me. Why not just send a binding? Even
> > > the people that complain that DT should only describe hardware will be
> > > happy with it.
> > >
> > > The code you sent should have been a clue that you need to know
> > > whether the feature is present:
> >
> > Ah, sorry, I sense some misunderstanding: I was arguing about the ARM RNDR
> > driver. The Arm architecture manual describes the FEAT_RNG feature as
> > perfectly discoverable, in a clean way, without any risk or further
> > knowledge about the platform.
> >
> > This thread here was originally about the RISC-V driver (written by
> > Heinrich), where the situation is slightly different: while there seem to
> > be CSRs to discover CPU features, this is apparently not the case for every
> > instruction. So Heinrich did some probing, testing for an illegal
> > instruction, which honestly still sounds better than a DT node to me.
> >
> > > + /* Check if reading seed leads to interrupt */
> > > + set_resume(&resume);
> > > + ret = setjmp(resume.jump);
> > > + if (ret)
> > > + log_debug("Exception %ld reading seed CSR\n", resume.code);
> > > + else
> > > + val = read_seed();
> > > + set_resume(NULL);
> > > + if (ret)
> > > + return -ENODEV;
> > >
> > > I have never seen code like that in a driver. Please let's just have
> > > the binding discussion with the Linux people and hopefully they will
> > > see reason.
> >
> > For the RISC-V case: maybe. But there is already a (newish) binding to list
> > CPU features in the DT:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/devicetree/bindings/riscv/extensions.yaml
> > It's just not a normal device node binding, with a compatible string,
> > instead a string list inside each CPU's node.
>
> Hmm so each CPU has its own random-number generator?
>
> >
> > So one possibility would be some connector code that parses that list
> > and looks for drivers having registered? Like a CPU bus, I think Sean
> > proposed something like this earlier. Or we ditch the idea of this being a
> > regular driver in the first place, instead go with a "CPU entropy
> > instruction abstraction".
> >
> > But for Arm it's a different story.
>
> The key thing here is that U-Boot (mostly) needs to have a DT node for
> each device it creates. In the case of a random-number generator,
Well, "mostly" is not "only". And I certainly never agreed that we would
only and ever find devices based on device tree. Especially in the cases
where we can cleanly run-time probe for a feature. Which in the ARM case
we're talking here is exactly how it was implemented.
> there can be several devices in the system. We want to control which
> one is used for a particular feature. This is normally done with
> aliases, or with a phandle from the feature that uses it.
Then this is what we need to think about. Even then, I wonder what
exactly we're doing for priority and perhaps should be thinking about
that differently? Let the specific RNG driver tell the uclass just how
Good (or trustworthy or whatever) it is. Or maybe they're all equally
Good/Trustworthy/Valid, and we only need one of them really.
> > > > I had some gripes with that "driver" in the first place, but it was so
> > > > temptingly simple and fit in so nicely, for instance into the UEFI
> > > > entropy service without even touching that code, that I couldn't resist
> > > > to just try it. And it actually solved a nasty problem for us, where
> > > > the kernel boot was stuck for minutes waiting for enough entropy to ...
> > > > let a script create a random filename ;-)
> > > > But we also have virtio-rng, so are not limited to the instructions.
> > > >
> > > > But well, I guess I will just bite the bullet and go along the proper
> > > > route and create some RNG instruction abstraction, as sketched in that
> > > > other email.
> > >
> > > I don't know what that is.
> >
> > That's what Tom and I were talking about earlier:
> > ... "a simple get_cpu_random() function, implemented per architecture, and
> > with some kind of success flag, should be easy enough to do. Then either the users
> > (UEFI?) explicitly call this before trying UCLASS_RNG, or we wrap this for
> > every RNG user."
>
> That doesn't solve the problem, though. The TPM may provide random
> numbers. There may be some other crypto thing, or even a remoteproc
> interface.
>
> We already have a perfectly good way of selecting between multiple
> devices. It is used all over U-Boot. We should not be inventing a
> hard-coded hack just because we are confused about whether something
> is a device. Just make it a device.
I think you bringing up TPM is a really good example of why we need to
think about what perhaps U-Boot is doing wrong and needs to figure out
how to handle better. If I recall the long thread about TPM and RNG
correctly, a spec compliant TPM provides an RNG. There is no other
"device" here, nor is it optional. RNG is a function the TPM provides,
by definition and specification. What we're talking about here, in both
the RISC-V and ARM cases is the same thing. The CPU device provides RNG
as a function. It's not another "device", it's a function. Perhaps the
problem is that U-Boot needs to better handle the case where a device
can provide many functions.
> > > In the other email I proposed a binding for this, so I hope that can
> > > make progress.
> >
> > I don't think we need a new DT binding for RISC-V, instead lean on
> > riscv,isa-extensions.
>
> IMO we do need a new DT binding for the reasons given above.
Maybe there's an argument that the RISC-V ISA binding should be
compatibles, or maybe we could use that _if_ it's relevant to us because
we don't just know at run-time.
And further, it's possible to argue I think that "arm,armv8" is an
insufficient compatible and platforms should have been doing
"arm,armv8.5" or something too. But first it's far too late for that
(maybe not for arm,armv9 but....) however I suspect the reason is that
everything that matters from one rev to the next and is a mandated
feature of the core can be determined at run-time and so no, there's not
a further more detailed compatible, and no interest in one being added
and used.
>
> > And I am pretty sure any attempt at a binding for ARM will be NAKed
> > immediately.
>
> Well perhaps you can help resolve that, which seems to be the core
> issue here. I hope you can understand my frustration at this sort of
> tactic. It is quite destructive. U-Boot has suffered for years from an
> inability to upstream bindings. It has been a significant drag on the
> project and its contributors. We need to change the conversation here
> and permit non-Linux projects to contribute to bindings for
> firmware-specific reasons, even ones which Linux doesn't care about. A
> clear statement to that effect would put my mind at ease. It just
> shouldn't be this hard.
And as I also keep saying in these threads, we also need to have a good
reason for the bindings we're submitting.
And maybe also the device tree specification needs to clarify its stance
on bindings about parts of the hardware that can be determined safely at
run time.
In the end, part of the problem is going to be that for any new binding
it will need to be populated by others. And in this thread we do _not_
have a good response to "Why can't you just determine it at run time?"
and then "OK, but why do you need a device? Sounds like a U-Boot
problem, everyone else is fine with run time."
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20231107/a59ae124/attachment.sig>
More information about the U-Boot
mailing list