From: Aurelien Jarno <aurelien@aurel32.net>
To: Krzysztof Kozlowski <krzk@kernel.org>
Cc: "Daniel Golle" <daniel@makrotopia.org>,
"Olivia Mackall" <olivia@selenic.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Rob Herring" <robh@kernel.org>,
"Krzysztof Kozlowski" <krzk+dt@kernel.org>,
"Conor Dooley" <conor+dt@kernel.org>,
"Heiko Stuebner" <heiko@sntech.de>,
"Philipp Zabel" <p.zabel@pengutronix.de>,
"Uwe Kleine-König" <ukleinek@debian.org>,
"Sebastian Reichel" <sebastian.reichel@collabora.com>,
"Sascha Hauer" <s.hauer@pengutronix.de>,
"Dragan Simic" <dsimic@manjaro.org>,
"Martin Kaiser" <martin@kaiser.cx>,
"Ard Biesheuvel" <ardb@kernel.org>,
linux-crypto@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 2/3] hwrng: add Rockchip SoC hwrng driver
Date: Sun, 23 Jun 2024 12:42:45 +0200 [thread overview]
Message-ID: <Znf8JeBA4mzVa0V1@aurel32.net> (raw)
In-Reply-To: <612bd49c-c44a-41f2-89e9-c96e62e52a0a@kernel.org>
Hi,
On 2024-06-23 09:00, Krzysztof Kozlowski wrote:
> On 23/06/2024 05:33, Daniel Golle wrote:
> > +
> > + rk_rng->rng.name = dev_driver_string(dev);
> > +#ifndef CONFIG_PM
> > + rk_rng->rng.init = rk_rng_init;
> > + rk_rng->rng.cleanup = rk_rng_cleanup;
> > +#endif
> > + rk_rng->rng.read = rk_rng_read;
> > + rk_rng->rng.priv = (unsigned long) dev;
> > + rk_rng->rng.quality = 900;
>
> I doubt in this value. Usually SoC vendors do not provide datasheet with
> any reliable and verifiable (so one which could be proven by 3rd party)
> information. Can you provide a source? (and vendor downstream tree does
> not really count)
As the original author of the patch, I am the one who have chosen the
value. I did it as explained in the commit message:
| The TRNG device does not seem to have a signal conditionner and the FIPS
| 140-2 test returns a lot of failures. They can be reduced by increasing
| RK_RNG_SAMPLE_CNT, in a tradeoff between quality and speed. This value
| has been adjusted to get ~90% of successes and the quality value has
| been set accordingly.
It is also explained, admittedly more briefly, above the
RK_RNG_SAMPLE_CNT #define, as the commit messages are not really
relevant anymore once the patches are accepted:
| * TRNG collects osc ring output bit every RK_RNG_SAMPLE_CNT time. The value is
| * a tradeoff between speed and quality and has been adjusted to get a quality
| * of ~900 (~90% of FIPS 140-2 successes).
| */
The decision to adjust RK_RNG_SAMPLE_CNT to reach ~90% of FIPS 140-2
successes was based on the quality chosen by most hw_random drivers
currently in the kernel sources. The FIPS 140-2 tests were performed
using rngtest from the rng-tools project.
All that said, I am not an expert in that domain, so feel free to point
to the documentation or provide the correct method to determine the
quality.
Regards
Aurelien
[1] https://git.kernel.org/pub/scm/utils/kernel/rng-tools/rng-tools.git/
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://aurel32.net
WARNING: multiple messages have this Message-ID (diff)
From: Aurelien Jarno <aurelien@aurel32.net>
To: Krzysztof Kozlowski <krzk@kernel.org>
Cc: "Daniel Golle" <daniel@makrotopia.org>,
"Olivia Mackall" <olivia@selenic.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Rob Herring" <robh@kernel.org>,
"Krzysztof Kozlowski" <krzk+dt@kernel.org>,
"Conor Dooley" <conor+dt@kernel.org>,
"Heiko Stuebner" <heiko@sntech.de>,
"Philipp Zabel" <p.zabel@pengutronix.de>,
"Uwe Kleine-König" <ukleinek@debian.org>,
"Sebastian Reichel" <sebastian.reichel@collabora.com>,
"Sascha Hauer" <s.hauer@pengutronix.de>,
"Dragan Simic" <dsimic@manjaro.org>,
"Martin Kaiser" <martin@kaiser.cx>,
"Ard Biesheuvel" <ardb@kernel.org>,
linux-crypto@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 2/3] hwrng: add Rockchip SoC hwrng driver
Date: Sun, 23 Jun 2024 12:42:45 +0200 [thread overview]
Message-ID: <Znf8JeBA4mzVa0V1@aurel32.net> (raw)
In-Reply-To: <612bd49c-c44a-41f2-89e9-c96e62e52a0a@kernel.org>
Hi,
On 2024-06-23 09:00, Krzysztof Kozlowski wrote:
> On 23/06/2024 05:33, Daniel Golle wrote:
> > +
> > + rk_rng->rng.name = dev_driver_string(dev);
> > +#ifndef CONFIG_PM
> > + rk_rng->rng.init = rk_rng_init;
> > + rk_rng->rng.cleanup = rk_rng_cleanup;
> > +#endif
> > + rk_rng->rng.read = rk_rng_read;
> > + rk_rng->rng.priv = (unsigned long) dev;
> > + rk_rng->rng.quality = 900;
>
> I doubt in this value. Usually SoC vendors do not provide datasheet with
> any reliable and verifiable (so one which could be proven by 3rd party)
> information. Can you provide a source? (and vendor downstream tree does
> not really count)
As the original author of the patch, I am the one who have chosen the
value. I did it as explained in the commit message:
| The TRNG device does not seem to have a signal conditionner and the FIPS
| 140-2 test returns a lot of failures. They can be reduced by increasing
| RK_RNG_SAMPLE_CNT, in a tradeoff between quality and speed. This value
| has been adjusted to get ~90% of successes and the quality value has
| been set accordingly.
It is also explained, admittedly more briefly, above the
RK_RNG_SAMPLE_CNT #define, as the commit messages are not really
relevant anymore once the patches are accepted:
| * TRNG collects osc ring output bit every RK_RNG_SAMPLE_CNT time. The value is
| * a tradeoff between speed and quality and has been adjusted to get a quality
| * of ~900 (~90% of FIPS 140-2 successes).
| */
The decision to adjust RK_RNG_SAMPLE_CNT to reach ~90% of FIPS 140-2
successes was based on the quality chosen by most hw_random drivers
currently in the kernel sources. The FIPS 140-2 tests were performed
using rngtest from the rng-tools project.
All that said, I am not an expert in that domain, so feel free to point
to the documentation or provide the correct method to determine the
quality.
Regards
Aurelien
[1] https://git.kernel.org/pub/scm/utils/kernel/rng-tools/rng-tools.git/
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://aurel32.net
_______________________________________________
Linux-rockchip mailing list
Linux-rockchip@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-rockchip
next prev parent reply other threads:[~2024-06-23 10:43 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-23 3:32 [PATCH v4 0/3] hwrng: add hwrng support for Rockchip RK3568 Daniel Golle
2024-06-23 3:32 ` Daniel Golle
2024-06-23 3:32 ` [PATCH v4 1/3] dt-bindings: rng: Add Rockchip RNG bindings Daniel Golle
2024-06-23 3:32 ` Daniel Golle
2024-06-23 7:03 ` Krzysztof Kozlowski
2024-06-23 7:03 ` Krzysztof Kozlowski
2024-06-23 13:08 ` Daniel Golle
2024-06-23 13:08 ` Daniel Golle
2024-06-26 7:30 ` Krzysztof Kozlowski
2024-06-26 7:30 ` Krzysztof Kozlowski
2024-06-23 3:33 ` [PATCH v4 2/3] hwrng: add Rockchip SoC hwrng driver Daniel Golle
2024-06-23 3:33 ` Daniel Golle
2024-06-23 7:00 ` Krzysztof Kozlowski
2024-06-23 7:00 ` Krzysztof Kozlowski
2024-06-23 9:46 ` Uwe Kleine-König
2024-06-23 9:46 ` Uwe Kleine-König
2024-06-23 11:47 ` Dragan Simic
2024-06-23 11:47 ` Dragan Simic
2024-06-23 10:42 ` Aurelien Jarno [this message]
2024-06-23 10:42 ` Aurelien Jarno
2024-06-23 14:10 ` Anand Moon
2024-06-23 14:10 ` Anand Moon
2024-06-23 3:33 ` [PATCH v4 3/3] arm64: dts: rockchip: add DT entry for RNG to RK356x Daniel Golle
2024-06-23 3:33 ` Daniel Golle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Znf8JeBA4mzVa0V1@aurel32.net \
--to=aurelien@aurel32.net \
--cc=ardb@kernel.org \
--cc=conor+dt@kernel.org \
--cc=daniel@makrotopia.org \
--cc=devicetree@vger.kernel.org \
--cc=dsimic@manjaro.org \
--cc=heiko@sntech.de \
--cc=herbert@gondor.apana.org.au \
--cc=krzk+dt@kernel.org \
--cc=krzk@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=martin@kaiser.cx \
--cc=olivia@selenic.com \
--cc=p.zabel@pengutronix.de \
--cc=robh@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=sebastian.reichel@collabora.com \
--cc=ukleinek@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.