From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9EE02C3DA49
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 17 Jul 2024 03:35:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
	:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding:
	Content-Type:Message-ID:References:In-Reply-To:Subject:Cc:To:From:Date:
	MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=COav+P6D8Thnl7OBoNjZIZeMCNp9srdIVybeCzhIGtw=; b=gKnL07HnWrlvmyEDuvIGE/Fbwt
	ZPR4SZ7xQ0jSp3vteGkUAGaEHvQ6k06+Lk7dpHagHFZUrvgSbjBsh1wcxmk/4F7vAyYX4JA/iKclW
	XXskAkCQSCNypxpdUWahMDy705MQFxgKkGiX6IqrUWsPgDXiDurG0QTNlrZeaqUU3lkkde8gmiigK
	RQyr/1jr/k1qigWlZwMjfAB2VTeGQqNrGHHfUGf+JAv46L5AGBUNxXND8L0gS+lBOZ17V5LNEP4Q6
	k742pb18u3XXlXFUGlyfOdbkrcu+qq2SrBFzSj0PFCxOoNpV3SgFNx6IxKhoZweQXI3hfPnI32CS4
	EtnzF+7Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sTvRb-0000000CWvF-24sZ;
	Wed, 17 Jul 2024 03:35:07 +0000
Received: from mail.manjaro.org ([116.203.91.91])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sTvRF-0000000CWrU-48hU;
	Wed, 17 Jul 2024 03:34:47 +0000
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manjaro.org; s=2021;
	t=1721187282;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=COav+P6D8Thnl7OBoNjZIZeMCNp9srdIVybeCzhIGtw=;
	b=p+uAR7xBEblapW+azWLMXCG+GlZoxItPsx4n3sxBTD9eM28VtYID7izMfpBrQ93U+mSe5g
	AyVN4JdqCDWKTFevB7ghr/0mO0mldYbt1uxNpflIz+sH2j0CgNAzRAxGwisOlkHsh2BT41
	bQu1ZYP9aPsC8D05iVs9m9Iyu/idZ55crhrM5AZJCBQuIU/EQKhk8Zd9l9w3teEncZ4tv+
	bTbujhtjVzgwXpumwXmNj6BoGgO4W41fNiKdLD5lFD2okBhjmtEdIZogiAQ769cURmHoi/
	bZjsEDNFJ0w4g8HENPBdES9LUTvMTwROcAhwrFamJVLRW0fZnXUrn2L65nbpCA==
Date: Wed, 17 Jul 2024 05:34:41 +0200
From: Dragan Simic <dsimic@manjaro.org>
To: wens@kernel.org
Cc: Daniel Golle <daniel@makrotopia.org>, Diederik de Haas
 <didi.debian@cknow.org>, linux-rockchip@lists.infradead.org,
 linux-arm-kernel@lists.infradead.org, Rob Herring <robh@kernel.org>, Conor
 Dooley <conor+dt@kernel.org>, linux-kernel@vger.kernel.org, Herbert Xu
 <herbert@gondor.apana.org.au>, Martin Kaiser <martin@kaiser.cx>, Sascha
 Hauer <s.hauer@pengutronix.de>, Sebastian Reichel
 <sebastian.reichel@collabora.com>, Ard Biesheuvel <ardb@kernel.org>,
 =?UTF-8?Q?Uwe_Kleine-K=C3=B6nig?= <ukleinek@debian.org>,
 devicetree@vger.kernel.org, linux-crypto@vger.kernel.org, Philipp Zabel
 <p.zabel@pengutronix.de>, Olivia Mackall <olivia@selenic.com>, Krzysztof
 Kozlowski <krzk+dt@kernel.org>, Aurelien Jarno <aurelien@aurel32.net>, Heiko
 Stuebner <heiko@sntech.de>, Anand Moon <linux.amoon@gmail.com>
Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568
In-Reply-To: <CAGb2v65Mm5s96asU7iaAC_sJnUk=Yuh+zMJJBbmSgETWrPLoFA@mail.gmail.com>
References: <cover.1720969799.git.daniel@makrotopia.org>
 <CAGb2v67zxs03xScN8OfWXR1gf8tddJciXrjw3FQZcL7pR3ocxA@mail.gmail.com>
 <3190961.CRkYR5qTbq@bagend> <3220752.Q7WYUMVHaa@bagend>
 <ZpcrdwZBNFu-YlZt@makrotopia.org>
 <CAGb2v65Mm5s96asU7iaAC_sJnUk=Yuh+zMJJBbmSgETWrPLoFA@mail.gmail.com>
Message-ID: <d5071401e8032af610c01a9d5887f186@manjaro.org>
X-Sender: dsimic@manjaro.org
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Authentication-Results: ORIGINATING;
	auth=pass smtp.auth=dsimic@manjaro.org smtp.mailfrom=dsimic@manjaro.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240716_203446_336112_15B2976F 
X-CRM114-Status: GOOD (  19.44  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Hello Chen-Yu,

On 2024-07-17 04:58, Chen-Yu Tsai wrote:
> On Wed, Jul 17, 2024 at 10:25 AM Daniel Golle <daniel@makrotopia.org> 
> wrote:
>> 
>> On Tue, Jul 16, 2024 at 07:19:35PM +0200, Diederik de Haas wrote:
>> > On Tuesday, 16 July 2024 18:53:43 CEST Diederik de Haas wrote:
>> > > rngtest: FIPS 140-2(2001-10-10) Long run: 0
>> >
>> > I don't know if it means something, but I noticed that I have
>> > ``Long run: 0`` with all my poor results,
>> > while Chen-Yu had ``Long run: 1``.
>> >
>> > Different SoC (RK3399), but Anand had ``Long run: 0`` too on their
>> > very poor result (100% failure):
>> > https://lore.kernel.org/linux-rockchip/CANAwSgTTzZOwBaR9zjJ5VMpxm5BydtW6rB2S7jg+dnoX8hAoWg@mail.gmail.com/
>> 
>> The conclusions I draw from that rather ugly situation are:
>>  - The hwrng should not be enabled by default, but it should by done
>>    for each board on which it is known to work well.
>>  - RK_RNG_SAMPLE_CNT as well as the assumed rng quality should be
>>    defined in DT for each board:
>>    * introduce new 'rochchip,rng-sample-count' property
>>    * read 'quality' property already used for timeriomem_rng
>> 
>> I will prepare a follow-up patch taking those conclusions into 
>> account.
>> 
>> Just for completeness, here my test result on the NanoPi R5C:
>> root@OpenWrt:~# cat /dev/hwrng | rngtest -c 1000
>> rngtest 6.15
>> Copyright (c) 2004 by Henrique de Moraes Holschuh
>> This is free software; see the source for copying conditions.  There 
>> is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
>> PARTICULAR PURPOSE.
>> 
>> rngtest: starting FIPS tests...
>> rngtest: bits received from input: 20000032
>> rngtest: FIPS 140-2 successes: 875
>> rngtest: FIPS 140-2 failures: 125
>> rngtest: FIPS 140-2(2001-10-10) Monobit: 123
>> rngtest: FIPS 140-2(2001-10-10) Poker: 5
>> rngtest: FIPS 140-2(2001-10-10) Runs: 4
>> rngtest: FIPS 140-2(2001-10-10) Long run: 0
>> rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
>> rngtest: input channel speed: (min=85.171; avg=141.102; 
>> max=4882812.500)Kibits/s
>> rngtest: FIPS tests speed: (min=17.809; avg=19.494; 
>> max=60.169)Mibits/s
>> rngtest: Program run time: 139628605 microseconds
> 
> I doubt this is per-board. The RNG is inside the SoC, so it
> could be a chip quality thing.

Totally agreed.  I see no way how a board design could affect the
HWRNGs built into Rockchip SoCs.  I even checked the RK3399 and
RK3566 Hardware Design Guides to be extra sure.

> On the RK3399 we also saw wildly varying results.

In my opinion, that qualifies the RK3399's HWRNG as unsuitable for
general use.  Having a HWRNG that fails to pass the tests on _some_
units is simply not acceptable from the security standpoint.