Re: [DistroKit] [PATCH 11/11] v7a: barebox: enable HWRNG drivers and allow fallback to PRNG

[Roland Hieber <rhi@pengutronix.de>]

On Tue, May 27, 2025 at 10:19:51PM +0200, Ahmad Fatoum wrote:
> Hi Roland,
> 
> On 27.05.25 11:15, Roland Hieber wrote:
> > On Mon, May 26, 2025 at 12:59:33PM +0200, Ahmad Fatoum wrote:
> >> Hello Roland,
> >>
> >> On 5/26/25 12:39, Roland Hieber wrote:
> >>> On Mon, May 26, 2025 at 12:20:36PM +0200, Ahmad Fatoum wrote:
> >>>> Hi Roland,
> >>>>
> >>>> On 5/26/25 12:11, Roland Hieber wrote:
> >>>>> Without ALLOW_PRNG_FALLBACK, barebox prints an unsightly error message
> >>>>> on boot:
> >>>>>
> >>>>>     ERROR: no HWRNG available!
> >>>>
> >>>> Is this because of the stack protector? Which platforms lack the RNG?
> >>>
> >>> No, it's directly from get_crypto_bytes() in lib/random.c:
> >>>
> >>>     137         if (!IS_ENABLED(CONFIG_ALLOW_PRNG_FALLBACK)) {
> >>>     138                 pr_err("no HWRNG available!\n");
> >>>     139                 return err;
> >>>     140         }
> >>>
> >>> That's why I enabled CONFIG_ALLOW_PRNG_FALLBACK.
> >>
> >> Yes, but why is get_crypto_bytes called in your case? Things like
> >> MAC address generation don't use a non-secure PRNG anyways.
> > 
> > Ah now I get what you mean. In that case, dmesg seems to suggest it's the stack
> > protector. On riotboard I get:
> > 
> >     […]
> >     register_driver: barebox-environment
> >         probe-> chosen:environment.of
> >     barebox-environment chosen:environment.of: Setting default environment path to /dev/mmc3.barebox-environment
> >     initcall-> stackprot_randomize_guard+0x1/0x38
> >     WARNING: falling back to Pseudo RNG source!
> >     initcall-> eth_register_of_fixup+0x1/0x10
> >     initcall-> dhcp_global_init+0x1/0xf8
> >     […]
> 
> Ah, there is a warning in the stack protector code:
> 
>   WARNING: stackprot: proceeding without randomized stack protector
> 
> But it was only printed, when CONFIG_ALLOW_PRNG_FALLBACK was disabled.
> 
> I add some extra context to the warning message inside get_crypto_bytes
> in [1], so it now looks like this:
> 
>   WARNING: stackprot_randomize_guard: falling back to Pseudo RNG source!
> 
> [1]: https://lore.barebox.org/barebox/20250527201359.889550-9-a.fatoum@pengutronix.de/T/#u

Yes, that seems useful to me!

> Thanks by the way for enabling the stack protector support!
> I have been meaning to do this for some time now. :)

It came enabled indirectly by merging the barebox-stm32mp.config.diff, and you
had enabled it there in commit c3f7ce9d3f09, where you already mentioned the
warning:

    v7a: update barebox to v2023.09.0 -> v2023.12.0

    This lets us drop two patches that fixed issues with v2023.09.0.
    This update also enables some options that are useful for the hardware
    we support:
     
      - on STM32MP1, support for the NAND controller is enabled
      - on STM32MP1, we enable HWRNG and stack protector support

    The latter could be enabled universally for all platforms that are no
    size constrained, but it prints an ugly error message if there's no
    HWRNG as using the fixed fallback canary is insecure. We'll just
    postpone enabling stack protector on other platforms until we enable
    HWRNG support there.

I think it's a good idea to have it enabled.

 - Roland

> 
> Cheers,
> Ahmad
> 
> > 
> >>> In menuconfig there is:
> >>>
> >>>     --- HWRNG Support
> >>>     [ ]   Timer IOMEM HW Random Number Generator support
> >>>     [*]   STM32 Random Number Generator
> >>>     [*]   OP-TEE based Random Number Generator support
> >>>     [*]   Broadcom BCM2835/BCM63xx Random Number Generator support
> >>>     [ ]   Broadcom iProc/STB RNG200 support
> >>>     [*]   OMAP Random Number Generator support
> >>
> >> There is also the CAAM driver for i.MX, which is found separately in
> >> a crypto submenu.
> > 
> > Thanks, that got rid of the PRNG warning on riotboard :-) I'll enable it in v2
> > of this series too:
> > 
> >     --- a/configs/platform-v7a/barebox.config
> >     +++ b/configs/platform-v7a/barebox.config
> >     @@ -1239,7 +1239,9 @@ CONFIG_PHY_STM32_USBPHYC=y
> >      #
> >      # Hardware crypto devices
> >      #
> >     -# CONFIG_CRYPTO_DEV_FSL_CAAM is not set
> >     +CONFIG_CRYPTO_DEV_FSL_CAAM=y
> >     +CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
> >     +CONFIG_CRYPTO_DEV_FSL_CAAM_RNG=y
> >      # end of Hardware crypto devices
> > 
> >  - Roland
> > 
> >>> I'm not sure whether we want CONFIG_HW_RANDOM_TIMERIOMEM, its help text sounds
> >>> more like a workaround than a solution:
> >>>
> >>>     This driver provides barebox support for a generic Random                                                                  │   
> >>>     Number Generator used by reading a 'dumb' iomem address that                                                               │   
> >>>     is to be read no faster than, for example, once a second. 
> >>
> >> I don't think we have hardware in DistroKit that this is useful on.
> >>
> >> Cheers,
> >> Ahmad
> >>
> >>>
> >>>  - Roland
> >>>
> >>>> Cheers,
> >>>> Ahmad
> >>>>
> >>>>>
> >>>>> Since we don't have HWRNG drivers for all available platforms, enable
> >>>>> those that we have (RPi and AM33xx). For the other platforms allow
> >>>>> fallback to the PRNG, which will at least only print a warning on boot
> >>>>> on platforms without HWRNG:
> >>>>>
> >>>>>     WARNING: falling back to Pseudo RNG source!
> >>>>>
> >>>>> … but in this case, this is expected.
> >>>>>
> >>>>> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> >>>>> ---
> >>>>>  configs/platform-v7a/barebox.config | 6 +++---
> >>>>>  1 file changed, 3 insertions(+), 3 deletions(-)
> >>>>>
> >>>>> diff --git a/configs/platform-v7a/barebox.config b/configs/platform-v7a/barebox.config
> >>>>> index 4780b6493a7a..86cb40acbf17 100644
> >>>>> --- a/configs/platform-v7a/barebox.config
> >>>>> +++ b/configs/platform-v7a/barebox.config
> >>>>> @@ -1106,9 +1106,9 @@ CONFIG_HWRNG=y
> >>>>>  # CONFIG_HW_RANDOM_TIMERIOMEM is not set
> >>>>>  CONFIG_HWRNG_STM32=y
> >>>>>  CONFIG_HW_RANDOM_OPTEE=y
> >>>>> -# CONFIG_HW_RANDOM_BCM2835 is not set
> >>>>> +CONFIG_HW_RANDOM_BCM2835=y
> >>>>>  # CONFIG_HW_RANDOM_IPROC_RNG200 is not set
> >>>>> -# CONFIG_HW_RANDOM_OMAP is not set
> >>>>> +CONFIG_HW_RANDOM_OMAP=y
> >>>>>  
> >>>>>  #
> >>>>>  # DMA support
> >>>>> @@ -1380,7 +1380,7 @@ CONFIG_IMAGE_SPARSE=y
> >>>>>  CONFIG_STMP_DEVICE=y
> >>>>>  CONFIG_LIBFDT=y
> >>>>>  # CONFIG_RATP is not set
> >>>>> -# CONFIG_ALLOW_PRNG_FALLBACK is not set
> >>>>> +CONFIG_ALLOW_PRNG_FALLBACK=y
> >>>>>  # CONFIG_CRC_CCITT is not set
> >>>>>  CONFIG_CRC8=y
> > 
> 
> 
> -- 
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 

-- 
Roland Hieber, Pengutronix e.K.          | rhi@pengutronix.de          |
Steuerwalder Str. 21                     | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686         | Fax:   +49-5121-206917-5555 |