[PATCH] crypto/rng: double the entropy delay interval for retry

Gaurav Jain gaurav.jain at nxp.com
Fri Sep 26 12:36:23 CEST 2025 


> -----Original Message-----
> From: Peng Fan (OSS) <peng.fan at oss.nxp.com>
> Sent: Tuesday, September 23, 2025 2:43 PM
> To: Gaurav Jain <gaurav.jain at nxp.com>
> Cc: Horia Geanta <horia.geanta at nxp.com>; Pankaj Gupta
> <pankaj.gupta at nxp.com>; Varun Sethi <V.Sethi at nxp.com>; Silvano Di Ninno
> <silvano.dininno at nxp.com>; Meenakshi Aggarwal
> <meenakshi.aggarwal at nxp.com>; Tom Rini <trini at konsulko.com>; Fabio
> Estevam <festevam at gmail.com>; Peng Fan <peng.fan at nxp.com>; Simon Glass
> <sjg at chromium.org>; Baehring, Olaf <olaf.baehring at draeger.com>; Heinrich
> Schuchardt <xypron.glpk at gmx.de>; u-boot at lists.denx.de
> Subject: Re: [PATCH] crypto/rng: double the entropy delay interval for retry
> 
> Hi Gaurav,
> 
> On Fri, Sep 05, 2025 at 03:03:48PM +0530, Gaurav Jain wrote:
> >during entropy evaluation, if the generated samples fail any
> >statistical test, then, all of the bits will be discarded, and a second
> >set of samples will be generated and tested.
> >
> >the entropy delay interval should be doubled before performing retry.
> >
> >Signed-off-by: Gaurav Jain <gaurav.jain at nxp.com>
> >---
> > drivers/crypto/fsl/jr.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index
> >8f7a821ebf3..07d336c074a 100644
> >--- a/drivers/crypto/fsl/jr.c
> >+++ b/drivers/crypto/fsl/jr.c
> >@@ -642,7 +642,7 @@ static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec)
> > 		 */
> > 		if (!inst_handles) {
> > 			kick_trng(ent_delay, sec);
> >-			ent_delay += 400;
> >+			ent_delay = ent_delay * 2;
> 
> I not get the point on why need to double, would you please update the commit
> why not 500, 800 or else. What make ent_delay * 2 the best choice?

The typical reason a re-try is required when the entropy delay value is set too low.
Therefore, when the re-try is attempted the entropy delay is doubled, thus giving twice as long to generate each bit of entropy.
This is done to prevent having too many failures.

Regards
Gaurav Jain
> 
> Thanks,
> Peng
> 
> > 		}
> > 		/*
> > 		 * if instantiate_rng(...) fails, the loop will rerun
> >--
> >2.25.1
> >

More information about the U-Boot mailing list