From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 26 May 2025 12:59:37 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uJVYP-000UyC-0e for lore@lore.pengutronix.de; Mon, 26 May 2025 12:59:37 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uJVYO-0007zh-Gm; Mon, 26 May 2025 12:59:36 +0200 Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uJVYL-0007zT-8y; Mon, 26 May 2025 12:59:33 +0200 Message-ID: Date: Mon, 26 May 2025 12:59:33 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Roland Hieber References: <20250526101147.1953428-1-rhi@pengutronix.de> <20250526101147.1953428-11-rhi@pengutronix.de> <1748255749-34c5bffa8585872666a04708@pty> Content-Language: en-US, de-DE, de-BE From: Ahmad Fatoum In-Reply-To: <1748255749-34c5bffa8585872666a04708@pty> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: [DistroKit] [PATCH 11/11] v7a: barebox: enable HWRNG drivers and allow fallback to PRNG X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: distrokit@pengutronix.de Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Hello Roland, On 5/26/25 12:39, Roland Hieber wrote: > On Mon, May 26, 2025 at 12:20:36PM +0200, Ahmad Fatoum wrote: >> Hi Roland, >> >> On 5/26/25 12:11, Roland Hieber wrote: >>> Without ALLOW_PRNG_FALLBACK, barebox prints an unsightly error message >>> on boot: >>> >>> ERROR: no HWRNG available! >> >> Is this because of the stack protector? Which platforms lack the RNG? > > No, it's directly from get_crypto_bytes() in lib/random.c: > > 137 if (!IS_ENABLED(CONFIG_ALLOW_PRNG_FALLBACK)) { > 138 pr_err("no HWRNG available!\n"); > 139 return err; > 140 } > > That's why I enabled CONFIG_ALLOW_PRNG_FALLBACK. Yes, but why is get_crypto_bytes called in your case? Things like MAC address generation don't use a non-secure PRNG anyways. > In menuconfig there is: > > --- HWRNG Support > [ ] Timer IOMEM HW Random Number Generator support > [*] STM32 Random Number Generator > [*] OP-TEE based Random Number Generator support > [*] Broadcom BCM2835/BCM63xx Random Number Generator support > [ ] Broadcom iProc/STB RNG200 support > [*] OMAP Random Number Generator support There is also the CAAM driver for i.MX, which is found separately in a crypto submenu. > I'm not sure whether we want CONFIG_HW_RANDOM_TIMERIOMEM, its help text sounds > more like a workaround than a solution: > > This driver provides barebox support for a generic Random │ > Number Generator used by reading a 'dumb' iomem address that │ > is to be read no faster than, for example, once a second. I don't think we have hardware in DistroKit that this is useful on. Cheers, Ahmad > > - Roland > >> Cheers, >> Ahmad >> >>> >>> Since we don't have HWRNG drivers for all available platforms, enable >>> those that we have (RPi and AM33xx). For the other platforms allow >>> fallback to the PRNG, which will at least only print a warning on boot >>> on platforms without HWRNG: >>> >>> WARNING: falling back to Pseudo RNG source! >>> >>> … but in this case, this is expected. >>> >>> Signed-off-by: Roland Hieber >>> --- >>> configs/platform-v7a/barebox.config | 6 +++--- >>> 1 file changed, 3 insertions(+), 3 deletions(-) >>> >>> diff --git a/configs/platform-v7a/barebox.config b/configs/platform-v7a/barebox.config >>> index 4780b6493a7a..86cb40acbf17 100644 >>> --- a/configs/platform-v7a/barebox.config >>> +++ b/configs/platform-v7a/barebox.config >>> @@ -1106,9 +1106,9 @@ CONFIG_HWRNG=y >>> # CONFIG_HW_RANDOM_TIMERIOMEM is not set >>> CONFIG_HWRNG_STM32=y >>> CONFIG_HW_RANDOM_OPTEE=y >>> -# CONFIG_HW_RANDOM_BCM2835 is not set >>> +CONFIG_HW_RANDOM_BCM2835=y >>> # CONFIG_HW_RANDOM_IPROC_RNG200 is not set >>> -# CONFIG_HW_RANDOM_OMAP is not set >>> +CONFIG_HW_RANDOM_OMAP=y >>> >>> # >>> # DMA support >>> @@ -1380,7 +1380,7 @@ CONFIG_IMAGE_SPARSE=y >>> CONFIG_STMP_DEVICE=y >>> CONFIG_LIBFDT=y >>> # CONFIG_RATP is not set >>> -# CONFIG_ALLOW_PRNG_FALLBACK is not set >>> +CONFIG_ALLOW_PRNG_FALLBACK=y >>> # CONFIG_CRC_CCITT is not set >>> CONFIG_CRC8=y >>> >> >> -- >> Pengutronix e.K. | | >> Steuerwalder Str. 21 | http://www.pengutronix.de/ | >> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | >> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | >> >> > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |