[PATCH] ARM: implement support for SMCCC TRNG entropy source

[PATCH] ARM: implement support for SMCCC TRNG entropy source

[Ard Biesheuvel]

Implement arch_get_random_seed_*() for ARM based on the firmware
or hypervisor provided entropy source described in ARM DEN0098.

This will make the kernel's random number generator consume entropy
provided by this interface, at early boot, and periodically at
runtime when reseeding.

Cc: Andre Przywara <andre.przywara@arm.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Russell King <linux@armlinux.org.uk>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
Note that this depends on changes to include/linux/arm-smccc.h that
are still under review.

 arch/arm/Kconfig                  |  4 ++
 arch/arm/include/asm/archrandom.h | 55 ++++++++++++++++++++
 arch/arm/kernel/Makefile          |  1 +
 arch/arm/kernel/random.c          | 28 ++++++++++
 arch/arm/kernel/setup.c           |  3 ++
 5 files changed, 91 insertions(+)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index e00d94b16658..dd67500ca8c9 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1682,6 +1682,10 @@ config STACKPROTECTOR_PER_TASK
 	  Enable this option to switch to a different method that uses a
 	  different canary value for each task.
 
+config ARCH_RANDOM
+	def_bool y
+	depends on HAVE_ARM_SMCCC
+
 endmenu
 
 menu "Boot options"
diff --git a/arch/arm/include/asm/archrandom.h b/arch/arm/include/asm/archrandom.h
new file mode 100644
index 000000000000..0fd6de1179f4
--- /dev/null
+++ b/arch/arm/include/asm/archrandom.h
@@ -0,0 +1,55 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_ARCHRANDOM_H
+#define _ASM_ARCHRANDOM_H
+
+#ifdef CONFIG_ARCH_RANDOM
+
+#include <linux/arm-smccc.h>
+#include <linux/kernel.h>
+
+extern bool have_arch_random;
+
+static inline bool __must_check arch_get_random_long(unsigned long *v)
+{
+	return false;
+}
+
+static inline bool __must_check arch_get_random_int(unsigned int *v)
+{
+	return false;
+}
+
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
+{
+	struct arm_smccc_res res;
+
+	if (!have_arch_random)
+		return false;
+
+	arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND32, 8 * sizeof(*v), &res);
+
+	if (res.a0 != 0)
+		return false;
+
+	*v = res.a3;
+	return true;
+}
+
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
+{
+	return arch_get_random_seed_long((unsigned long *)v);
+}
+
+void init_arch_random(void);
+
+#else
+
+static inline bool have_arch_random(void)
+{
+	return false;
+}
+
+static inline void init_arch_random(void) { }
+
+#endif /* CONFIG_ARCH_RANDOM */
+#endif /* _ASM_ARCHRANDOM_H */
diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
index 89e5d864e923..11b13f0e7627 100644
--- a/arch/arm/kernel/Makefile
+++ b/arch/arm/kernel/Makefile
@@ -105,5 +105,6 @@ obj-$(CONFIG_SMP)		+= psci_smp.o
 endif
 
 obj-$(CONFIG_HAVE_ARM_SMCCC)	+= smccc-call.o
+obj-$(CONFIG_ARCH_RANDOM)	+= random.o
 
 extra-y := $(head-y) vmlinux.lds
diff --git a/arch/arm/kernel/random.c b/arch/arm/kernel/random.c
new file mode 100644
index 000000000000..6f1e6eb57ae6
--- /dev/null
+++ b/arch/arm/kernel/random.c
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/arm-smccc.h>
+#include <linux/kernel.h>
+#include <asm/archrandom.h>
+
+#define ARM_SMCCC_TRNG_MIN_VERSION	0x10000UL
+
+bool __ro_after_init have_arch_random;
+
+void __init init_arch_random(void)
+{
+	struct arm_smccc_res res;
+
+	arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_VERSION, &res);
+
+	if ((s32)res.a0 >= ARM_SMCCC_TRNG_MIN_VERSION) {
+		/* double check that the 32-bit flavor is available */
+		arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_FEATURES,
+				     ARM_SMCCC_TRNG_RND32,
+				     &res);
+		if ((s32)res.a0 >= 0)
+			have_arch_random = true;
+	}
+
+	pr_info("SMCCC TRNG entropy source %sdetected\n",
+		have_arch_random ? "" : "not ");
+}
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index bdba280a569d..c08574cad748 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -31,6 +31,7 @@
 #include <linux/psci.h>
 
 #include <asm/unified.h>
+#include <asm/archrandom.h>
 #include <asm/cp15.h>
 #include <asm/cpu.h>
 #include <asm/cputype.h>
@@ -1148,6 +1149,8 @@ void __init setup_arch(char **cmdline_p)
 
 	arm_dt_init_cpu_maps();
 	psci_dt_init();
+	init_arch_random();
+
 #ifdef CONFIG_SMP
 	if (is_smp()) {
 		if (!mdesc->smp_init || !mdesc->smp_init()) {
-- 
2.17.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: implement support for SMCCC TRNG entropy source

[Linus Walleij]

On Tue, Oct 6, 2020 at 12:40 PM Ard Biesheuvel <ardb@kernel.org> wrote:

> Implement arch_get_random_seed_*() for ARM based on the firmware
> or hypervisor provided entropy source described in ARM DEN0098.
>
> This will make the kernel's random number generator consume entropy
> provided by this interface, at early boot, and periodically at
> runtime when reseeding.
>
> Cc: Andre Przywara <andre.przywara@arm.com>
> Cc: Linus Walleij <linus.walleij@linaro.org>
> Cc: Russell King <linux@armlinux.org.uk>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

This is a good place to start for sure.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>

Ideally (if I can dream) I would like to see an interface similar to
"earlycon", where some drivers have special callbacks that can
be used really early to get some debug prints, something like
that but named "earlyrandom", so that any drivers under
drivers/char/hw_random.c
could optionally implement these early callbacks and provide
random seed right out of some register reads or so before the
kernel driver core is up. I do not know how
realistic that is, but for e.g. the nomadik-rng.c it is a simple
register read from a physical address which should be simple
to achieve.

Yours,
Linus Walleij

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: implement support for SMCCC TRNG entropy source

[Ard Biesheuvel]

On Tue, 6 Oct 2020 at 14:55, Linus Walleij <linus.walleij@linaro.org> wrote:
>
> On Tue, Oct 6, 2020 at 12:40 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> > Implement arch_get_random_seed_*() for ARM based on the firmware
> > or hypervisor provided entropy source described in ARM DEN0098.
> >
> > This will make the kernel's random number generator consume entropy
> > provided by this interface, at early boot, and periodically at
> > runtime when reseeding.
> >
> > Cc: Andre Przywara <andre.przywara@arm.com>
> > Cc: Linus Walleij <linus.walleij@linaro.org>
> > Cc: Russell King <linux@armlinux.org.uk>
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
>
> This is a good place to start for sure.
> Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
>

Thanks,

> Ideally (if I can dream) I would like to see an interface similar to
> "earlycon", where some drivers have special callbacks that can
> be used really early to get some debug prints, something like
> that but named "earlyrandom", so that any drivers under
> drivers/char/hw_random.c
> could optionally implement these early callbacks and provide
> random seed right out of some register reads or so before the
> kernel driver core is up. I do not know how
> realistic that is, but for e.g. the nomadik-rng.c it is a simple
> register read from a physical address which should be simple
> to achieve.
>

This only works for peripherals that are always clocked, powered, etc,
which you cannot rely on in the general case. This means you would
need some cooperation from the bootloader/firmware to signal that the
RNG is accessible early, and at which address. It might just as well
pass you a random seed instead ...

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: implement support for SMCCC TRNG entropy source

[Linus Walleij]

On Wed, Oct 7, 2020 at 12:30 PM Ard Biesheuvel <ardb@kernel.org> wrote:
> [Me]
> > Ideally (if I can dream) I would like to see an interface similar to
> > "earlycon", where some drivers have special callbacks that can
> > be used really early to get some debug prints, something like
> > that but named "earlyrandom", so that any drivers under
> > drivers/char/hw_random.c
> > could optionally implement these early callbacks and provide
> > random seed right out of some register reads or so before the
> > kernel driver core is up. I do not know how
> > realistic that is, but for e.g. the nomadik-rng.c it is a simple
> > register read from a physical address which should be simple
> > to achieve.
> >
>
> This only works for peripherals that are always clocked, powered, etc,
> which you cannot rely on in the general case. This means you would
> need some cooperation from the bootloader/firmware to signal that the
> RNG is accessible early, and at which address. It might just as well
> pass you a random seed instead ...

Point taken. Maybe we should provide different ways to do that
if the system does not have firmware, like an added property in the
top of the device tree or even a new (gasp) ATAG
for legacy systems. But people might bikeshed that to pieces
so it's good to begin like this.

Yours,
Linus Walleij

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel