public inbox for linux-rockchip@lists.infradead.org
 help / color / mirror / Atom feed
From: Dragan Simic <dsimic@manjaro.org>
To: wens@kernel.org
Cc: "Daniel Golle" <daniel@makrotopia.org>,
	"Diederik de Haas" <didi.debian@cknow.org>,
	linux-rockchip@lists.infradead.org,
	linux-arm-kernel@lists.infradead.org,
	"Rob Herring" <robh@kernel.org>,
	"Conor Dooley" <conor+dt@kernel.org>,
	linux-kernel@vger.kernel.org,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"Martin Kaiser" <martin@kaiser.cx>,
	"Sascha Hauer" <s.hauer@pengutronix.de>,
	"Sebastian Reichel" <sebastian.reichel@collabora.com>,
	"Ard Biesheuvel" <ardb@kernel.org>,
	"Uwe Kleine-König" <ukleinek@debian.org>,
	devicetree@vger.kernel.org, linux-crypto@vger.kernel.org,
	"Philipp Zabel" <p.zabel@pengutronix.de>,
	"Olivia Mackall" <olivia@selenic.com>,
	"Krzysztof Kozlowski" <krzk+dt@kernel.org>,
	"Aurelien Jarno" <aurelien@aurel32.net>,
	"Heiko Stuebner" <heiko@sntech.de>,
	"Anand Moon" <linux.amoon@gmail.com>
Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568
Date: Wed, 17 Jul 2024 05:34:41 +0200	[thread overview]
Message-ID: <d5071401e8032af610c01a9d5887f186@manjaro.org> (raw)
In-Reply-To: <CAGb2v65Mm5s96asU7iaAC_sJnUk=Yuh+zMJJBbmSgETWrPLoFA@mail.gmail.com>

Hello Chen-Yu,

On 2024-07-17 04:58, Chen-Yu Tsai wrote:
> On Wed, Jul 17, 2024 at 10:25 AM Daniel Golle <daniel@makrotopia.org> 
> wrote:
>> 
>> On Tue, Jul 16, 2024 at 07:19:35PM +0200, Diederik de Haas wrote:
>> > On Tuesday, 16 July 2024 18:53:43 CEST Diederik de Haas wrote:
>> > > rngtest: FIPS 140-2(2001-10-10) Long run: 0
>> >
>> > I don't know if it means something, but I noticed that I have
>> > ``Long run: 0`` with all my poor results,
>> > while Chen-Yu had ``Long run: 1``.
>> >
>> > Different SoC (RK3399), but Anand had ``Long run: 0`` too on their
>> > very poor result (100% failure):
>> > https://lore.kernel.org/linux-rockchip/CANAwSgTTzZOwBaR9zjJ5VMpxm5BydtW6rB2S7jg+dnoX8hAoWg@mail.gmail.com/
>> 
>> The conclusions I draw from that rather ugly situation are:
>>  - The hwrng should not be enabled by default, but it should by done
>>    for each board on which it is known to work well.
>>  - RK_RNG_SAMPLE_CNT as well as the assumed rng quality should be
>>    defined in DT for each board:
>>    * introduce new 'rochchip,rng-sample-count' property
>>    * read 'quality' property already used for timeriomem_rng
>> 
>> I will prepare a follow-up patch taking those conclusions into 
>> account.
>> 
>> Just for completeness, here my test result on the NanoPi R5C:
>> root@OpenWrt:~# cat /dev/hwrng | rngtest -c 1000
>> rngtest 6.15
>> Copyright (c) 2004 by Henrique de Moraes Holschuh
>> This is free software; see the source for copying conditions.  There 
>> is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
>> PARTICULAR PURPOSE.
>> 
>> rngtest: starting FIPS tests...
>> rngtest: bits received from input: 20000032
>> rngtest: FIPS 140-2 successes: 875
>> rngtest: FIPS 140-2 failures: 125
>> rngtest: FIPS 140-2(2001-10-10) Monobit: 123
>> rngtest: FIPS 140-2(2001-10-10) Poker: 5
>> rngtest: FIPS 140-2(2001-10-10) Runs: 4
>> rngtest: FIPS 140-2(2001-10-10) Long run: 0
>> rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
>> rngtest: input channel speed: (min=85.171; avg=141.102; 
>> max=4882812.500)Kibits/s
>> rngtest: FIPS tests speed: (min=17.809; avg=19.494; 
>> max=60.169)Mibits/s
>> rngtest: Program run time: 139628605 microseconds
> 
> I doubt this is per-board. The RNG is inside the SoC, so it
> could be a chip quality thing.

Totally agreed.  I see no way how a board design could affect the
HWRNGs built into Rockchip SoCs.  I even checked the RK3399 and
RK3566 Hardware Design Guides to be extra sure.

> On the RK3399 we also saw wildly varying results.

In my opinion, that qualifies the RK3399's HWRNG as unsuitable for
general use.  Having a HWRNG that fails to pass the tests on _some_
units is simply not acceptable from the security standpoint.

_______________________________________________
Linux-rockchip mailing list
Linux-rockchip@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-rockchip

  reply	other threads:[~2024-07-17  3:35 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-14 15:15 [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568 Daniel Golle
2024-07-14 15:15 ` [PATCH v7 1/3] dt-bindings: rng: Add Rockchip RK3568 TRNG Daniel Golle
2024-07-14 15:16 ` [PATCH v7 2/3] hwrng: add hwrng driver for Rockchip RK3568 SoC Daniel Golle
2024-07-15 19:47   ` Martin Kaiser
2024-07-21  0:26   ` Jason A. Donenfeld
2024-07-14 15:18 ` [PATCH v7 3/3] arm64: dts: rockchip: add DT entry for RNG to RK356x Daniel Golle
2024-07-14 18:09 ` [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568 Chen-Yu Tsai
2024-07-16 12:34 ` Diederik de Haas
2024-07-16 13:27   ` Daniel Golle
2024-07-16 13:59     ` Diederik de Haas
2024-07-16 14:13       ` Diederik de Haas
2024-07-16 15:18         ` Chen-Yu Tsai
2024-07-16 16:53           ` Diederik de Haas
2024-07-16 17:19             ` Diederik de Haas
2024-07-17  2:24               ` Daniel Golle
2024-07-17  2:58                 ` Chen-Yu Tsai
2024-07-17  3:34                   ` Dragan Simic [this message]
2024-07-17  5:06                   ` Anand Moon
2024-07-17  5:18                     ` Dragan Simic
2024-07-17  8:22                   ` Diederik de Haas
2024-07-17  8:31                     ` Dragan Simic
2024-07-17  8:38                     ` Chen-Yu Tsai
2024-07-17  8:49                       ` Diederik de Haas
2024-07-17 10:44                     ` Daniel Golle
2024-07-17  3:14                 ` Dragan Simic
2024-07-22 17:57             ` Chen-Yu Tsai
2024-07-22 19:03               ` Diederik de Haas
2024-07-24  6:07                 ` Dragan Simic
2024-07-29 23:18                   ` Daniel Golle
2024-07-30  9:03                     ` Diederik de Haas
2024-07-30 10:36                       ` Heiko Stübner
2024-07-30 12:08                         ` Chen-Yu Tsai
2024-08-01 16:48                     ` Dragan Simic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d5071401e8032af610c01a9d5887f186@manjaro.org \
    --to=dsimic@manjaro.org \
    --cc=ardb@kernel.org \
    --cc=aurelien@aurel32.net \
    --cc=conor+dt@kernel.org \
    --cc=daniel@makrotopia.org \
    --cc=devicetree@vger.kernel.org \
    --cc=didi.debian@cknow.org \
    --cc=heiko@sntech.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=krzk+dt@kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-rockchip@lists.infradead.org \
    --cc=linux.amoon@gmail.com \
    --cc=martin@kaiser.cx \
    --cc=olivia@selenic.com \
    --cc=p.zabel@pengutronix.de \
    --cc=robh@kernel.org \
    --cc=s.hauer@pengutronix.de \
    --cc=sebastian.reichel@collabora.com \
    --cc=ukleinek@debian.org \
    --cc=wens@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox