From: Dragan Simic <dsimic@manjaro.org>
To: Daniel Golle <daniel@makrotopia.org>
Cc: "Diederik de Haas" <didi.debian@cknow.org>,
"Chen-Yu Tsai" <wens@kernel.org>,
linux-rockchip@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
"Rob Herring" <robh@kernel.org>,
"Conor Dooley" <conor+dt@kernel.org>,
linux-kernel@vger.kernel.org,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Martin Kaiser" <martin@kaiser.cx>,
"Sascha Hauer" <s.hauer@pengutronix.de>,
"Sebastian Reichel" <sebastian.reichel@collabora.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Uwe Kleine-König" <ukleinek@debian.org>,
devicetree@vger.kernel.org, linux-crypto@vger.kernel.org,
"Philipp Zabel" <p.zabel@pengutronix.de>,
"Olivia Mackall" <olivia@selenic.com>,
"Krzysztof Kozlowski" <krzk+dt@kernel.org>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Heiko Stuebner" <heiko@sntech.de>,
"Anand Moon" <linux.amoon@gmail.com>
Subject: Re: [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568
Date: Wed, 17 Jul 2024 05:14:22 +0200 [thread overview]
Message-ID: <ff7e706b7d4f7924c8a3e0d9c6418d4e@manjaro.org> (raw)
In-Reply-To: <ZpcrdwZBNFu-YlZt@makrotopia.org>
Hello Daniel,
On 2024-07-17 04:24, Daniel Golle wrote:
> On Tue, Jul 16, 2024 at 07:19:35PM +0200, Diederik de Haas wrote:
>> On Tuesday, 16 July 2024 18:53:43 CEST Diederik de Haas wrote:
>> > rngtest: FIPS 140-2(2001-10-10) Long run: 0
>>
>> I don't know if it means something, but I noticed that I have
>> ``Long run: 0`` with all my poor results,
>> while Chen-Yu had ``Long run: 1``.
>>
>> Different SoC (RK3399), but Anand had ``Long run: 0`` too on their
>> very poor result (100% failure):
>> https://lore.kernel.org/linux-rockchip/CANAwSgTTzZOwBaR9zjJ5VMpxm5BydtW6rB2S7jg+dnoX8hAoWg@mail.gmail.com/
>
> The conclusions I draw from that rather ugly situation are:
> - The hwrng should not be enabled by default, but it should by done
> for each board on which it is known to work well.
> - RK_RNG_SAMPLE_CNT as well as the assumed rng quality should be
> defined in DT for each board:
> * introduce new 'rochchip,rng-sample-count' property
> * read 'quality' property already used for timeriomem_rng
>
> I will prepare a follow-up patch taking those conclusions into account.
Please note that Chen-Yu ran the tests on a board based on the RK3568,
while Diederik ran the tests on boards based on the RK3566. The
observed
difference in the test results suggests that something differs betwen
these two SoC variants, instead of having the actual boards contributing
something to the whole thing.
In other words, I think that enabling the HWRNG on per-board basis isn't
the right thing to do, but it should be enabled on per-SoC basis, after
enough testing is performed on the particular SoC. The same applies to
defining any HWRNG properties in the DT.
If we really had to enable the HWRNG on per-board basis, that would mean
that some issues exist for certain SoC batches, affecting some boards.
AFAIK, the actual board design can't affect the operation of the HWRNG,
so any HWRNG issues associated with some boards can have their SoCs as
the only root cause. Consequently, if any board experiences issues,
we should discard its SoC as having unreliable HWRNG, because another
sample of the same board, or a sample of some other board based on the
same SoC, may or may not experience the same issues.
I hope all this makes sense.
> Just for completeness, here my test result on the NanoPi R5C:
> root@OpenWrt:~# cat /dev/hwrng | rngtest -c 1000
> rngtest 6.15
> Copyright (c) 2004 by Henrique de Moraes Holschuh
> This is free software; see the source for copying conditions. There
> is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
>
> rngtest: starting FIPS tests...
> rngtest: bits received from input: 20000032
> rngtest: FIPS 140-2 successes: 875
> rngtest: FIPS 140-2 failures: 125
> rngtest: FIPS 140-2(2001-10-10) Monobit: 123
> rngtest: FIPS 140-2(2001-10-10) Poker: 5
> rngtest: FIPS 140-2(2001-10-10) Runs: 4
> rngtest: FIPS 140-2(2001-10-10) Long run: 0
> rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
> rngtest: input channel speed: (min=85.171; avg=141.102;
> max=4882812.500)Kibits/s
> rngtest: FIPS tests speed: (min=17.809; avg=19.494; max=60.169)Mibits/s
> rngtest: Program run time: 139628605 microseconds
next prev parent reply other threads:[~2024-07-17 3:15 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-14 15:15 [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568 Daniel Golle
2024-07-14 15:15 ` [PATCH v7 1/3] dt-bindings: rng: Add Rockchip RK3568 TRNG Daniel Golle
2024-07-14 15:16 ` [PATCH v7 2/3] hwrng: add hwrng driver for Rockchip RK3568 SoC Daniel Golle
2024-07-15 19:47 ` Martin Kaiser
2024-07-21 0:26 ` Jason A. Donenfeld
2024-07-14 15:18 ` [PATCH v7 3/3] arm64: dts: rockchip: add DT entry for RNG to RK356x Daniel Golle
2024-07-14 18:09 ` [PATCH v7 0/3] hwrng: add hwrng support for Rockchip RK3568 Chen-Yu Tsai
2024-07-16 12:34 ` Diederik de Haas
2024-07-16 13:27 ` Daniel Golle
2024-07-16 13:59 ` Diederik de Haas
2024-07-16 14:13 ` Diederik de Haas
2024-07-16 15:18 ` Chen-Yu Tsai
2024-07-16 16:53 ` Diederik de Haas
2024-07-16 17:19 ` Diederik de Haas
2024-07-17 2:24 ` Daniel Golle
2024-07-17 2:58 ` Chen-Yu Tsai
2024-07-17 3:34 ` Dragan Simic
2024-07-17 5:06 ` Anand Moon
2024-07-17 5:18 ` Dragan Simic
2024-07-17 8:22 ` Diederik de Haas
2024-07-17 8:31 ` Dragan Simic
2024-07-17 8:38 ` Chen-Yu Tsai
2024-07-17 8:49 ` Diederik de Haas
2024-07-17 10:44 ` Daniel Golle
2024-07-17 3:14 ` Dragan Simic [this message]
2024-07-22 17:57 ` Chen-Yu Tsai
2024-07-22 19:03 ` Diederik de Haas
2024-07-24 6:07 ` Dragan Simic
2024-07-29 23:18 ` Daniel Golle
2024-07-30 9:03 ` Diederik de Haas
2024-07-30 10:36 ` Heiko Stübner
2024-07-30 12:08 ` Chen-Yu Tsai
2024-08-01 16:48 ` Dragan Simic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff7e706b7d4f7924c8a3e0d9c6418d4e@manjaro.org \
--to=dsimic@manjaro.org \
--cc=ardb@kernel.org \
--cc=aurelien@aurel32.net \
--cc=conor+dt@kernel.org \
--cc=daniel@makrotopia.org \
--cc=devicetree@vger.kernel.org \
--cc=didi.debian@cknow.org \
--cc=heiko@sntech.de \
--cc=herbert@gondor.apana.org.au \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=linux.amoon@gmail.com \
--cc=martin@kaiser.cx \
--cc=olivia@selenic.com \
--cc=p.zabel@pengutronix.de \
--cc=robh@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=sebastian.reichel@collabora.com \
--cc=ukleinek@debian.org \
--cc=wens@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox