Message ID | 20240425230314.497203-2-marex@denx.de |
---|---|
State | New |
Delegated to: | Fabio Estevam |
Headers | show |
Series | [1/3] rng: Introduce SPL_DM_RNG | expand |
On Thu, Apr 25, 2024 at 4:03 PM Marek Vasut <marex@denx.de> wrote: > > Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can > be disabled in SPL if necessary. This may be necessary due to e.g. > size constraints of the SPL. > > Signed-off-by: Marek Vasut <marex@denx.de> > --- > Cc: Angelo Dureghello <angelo@kernel-space.org> > Cc: Emanuele Ghidoli <emanuele.ghidoli@toradex.com> > Cc: Fabio Estevam <festevam@gmail.com> > Cc: Gaurav Jain <gaurav.jain@nxp.com> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Marek Vasut <marex@denx.de> > Cc: Michal Simek <michal.simek@amd.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Stefan Roese <sr@denx.de> > Cc: Sughosh Ganu <sughosh.ganu@linaro.org> > Cc: Svyatoslav Ryhel <clamor95@gmail.com> > Cc: Tim Harvey <tharvey@gateworks.com> > Cc: Tom Rini <trini@konsulko.com> > Cc: u-boot@lists.denx.de > --- > drivers/crypto/fsl/Kconfig | 7 +++++++ > drivers/crypto/fsl/Makefile | 2 +- > 2 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig > index 294e1c8a44e..9f58731bb67 100644 > --- a/drivers/crypto/fsl/Kconfig > +++ b/drivers/crypto/fsl/Kconfig > @@ -78,6 +78,13 @@ config FSL_CAAM_RNG > using the prediction resistance flag which means the DRGB is > reseeded from the TRNG every time random data is generated. > > +config SPL_FSL_CAAM_RNG > + bool "Enable CAAM Random Number Generator support in SPL" > + depends on SPL_DM_RNG > + help > + This option is an SPL-variant of the FSL_CAAM_RNG option. > + See the help of FSL_CAAM_RNG for details. > + > endif > > config FSL_DCP_RNG > diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile > index 7a2543e16cc..4fbce519a0b 100644 > --- a/drivers/crypto/fsl/Makefile > +++ b/drivers/crypto/fsl/Makefile > @@ -6,6 +6,6 @@ obj-y += sec.o > obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o > obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o > obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o > -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o > +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o > obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o > obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o > -- > 2.43.0 > Marek, Thanks - this series does solve the issue I am seeing in the SPL when enabling DM_RNG. Is this going to cause an issue for people who expect it to be currently enabled and now have to manually enable it? Best Regards, Tim
On 4/26/24 2:16 AM, Tim Harvey wrote: >> diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile >> index 7a2543e16cc..4fbce519a0b 100644 >> --- a/drivers/crypto/fsl/Makefile >> +++ b/drivers/crypto/fsl/Makefile >> @@ -6,6 +6,6 @@ obj-y += sec.o >> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o >> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o >> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o >> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o >> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o >> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o >> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o >> -- >> 2.43.0 >> > > Marek, Hi, > Thanks - this series does solve the issue I am seeing in the SPL when > enabling DM_RNG. Is this going to cause an issue for people who expect > it to be currently enabled and now have to manually enable it? That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem to be no users, so I don't think we need to worry here, right ? With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the users that enable DM_RNG, I am not seeing any obvious ones that would require SPL_DM_RNG too. What do you think ?
On 26.04.24 06:03, Marek Vasut wrote: > On 4/26/24 2:16 AM, Tim Harvey wrote: > >>> diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile >>> index 7a2543e16cc..4fbce519a0b 100644 >>> --- a/drivers/crypto/fsl/Makefile >>> +++ b/drivers/crypto/fsl/Makefile >>> @@ -6,6 +6,6 @@ obj-y += sec.o >>> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o >>> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o >>> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o >>> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o >>> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o >>> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o >>> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o >>> -- >>> 2.43.0 >>> >> >> Marek, > > Hi, > >> Thanks - this series does solve the issue I am seeing in the SPL when >> enabling DM_RNG. Is this going to cause an issue for people who expect >> it to be currently enabled and now have to manually enable it? > > That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem > to be no users, so I don't think we need to worry here, right ? > > With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the > users that enable DM_RNG, I am not seeing any obvious ones that would > require SPL_DM_RNG too. What do you think ? Grepping for UCLASS_RNG should find usages. The only possible SPL usage seems to be in net/net_rand.h. Here a fallback to the mac address as seed exists. Best regards Heinrich
On 4/26/24 4:39 PM, Heinrich Schuchardt wrote: > On 26.04.24 06:03, Marek Vasut wrote: >> On 4/26/24 2:16 AM, Tim Harvey wrote: >> >>>> diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile >>>> index 7a2543e16cc..4fbce519a0b 100644 >>>> --- a/drivers/crypto/fsl/Makefile >>>> +++ b/drivers/crypto/fsl/Makefile >>>> @@ -6,6 +6,6 @@ obj-y += sec.o >>>> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o >>>> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o >>>> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o >>>> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o >>>> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o >>>> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o >>>> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o >>>> -- >>>> 2.43.0 >>>> >>> >>> Marek, >> >> Hi, >> >>> Thanks - this series does solve the issue I am seeing in the SPL when >>> enabling DM_RNG. Is this going to cause an issue for people who expect >>> it to be currently enabled and now have to manually enable it? >> >> That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem >> to be no users, so I don't think we need to worry here, right ? >> >> With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the >> users that enable DM_RNG, I am not seeing any obvious ones that would >> require SPL_DM_RNG too. What do you think ? > > Grepping for UCLASS_RNG should find usages. > > The only possible SPL usage seems to be in net/net_rand.h. Here a > fallback to the mac address as seed exists. So this may need to be tested on AM335x with SPL ethernet boot ? +CC Nishanth ?
On Fri, Apr 26, 2024 at 7:45 AM Heinrich Schuchardt <xypron.glpk@gmx.de> wrote: > > On 26.04.24 06:03, Marek Vasut wrote: > > On 4/26/24 2:16 AM, Tim Harvey wrote: > > > >>> diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile > >>> index 7a2543e16cc..4fbce519a0b 100644 > >>> --- a/drivers/crypto/fsl/Makefile > >>> +++ b/drivers/crypto/fsl/Makefile > >>> @@ -6,6 +6,6 @@ obj-y += sec.o > >>> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o > >>> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o > >>> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o > >>> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o > >>> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o > >>> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o > >>> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o > >>> -- > >>> 2.43.0 > >>> > >> > >> Marek, > > > > Hi, > > > >> Thanks - this series does solve the issue I am seeing in the SPL when > >> enabling DM_RNG. Is this going to cause an issue for people who expect > >> it to be currently enabled and now have to manually enable it? > > > > That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem > > to be no users, so I don't think we need to worry here, right ? > > > > With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the > > users that enable DM_RNG, I am not seeing any obvious ones that would > > require SPL_DM_RNG too. What do you think ? > > Grepping for UCLASS_RNG should find usages. > > The only possible SPL usage seems to be in net/net_rand.h. Here a > fallback to the mac address as seed exists. > > Best regards > > Heinrich > Hi Heinrich, looks like its also used in lib/uuid.c by CONFIG_RANDOM_UUID and the few configs have CONFIG_RANDOM_UUID=y do not have DM_RNG=y so not an issue. srand_mac is used in: net/bootp.c which is CONFIG_CMD_BOOTP so not SPL net/dhcpv6.c which is CONIFG_CMD_DHCP6 so not in SPL net/net.c which is used by CONFIG_SPL_DM_ETH and the fallback you refer to but 'git grep DM_RNG=y configs/ | cut -d: -f1 | xargs grep SPL_DM_ETH' shows no results so I think this is ok right? but I also see lib/efi_loader/efi_rng.c where UCLASS_RNG used by efi_rng_protocol - I don't know anything about efi... is this going to be used by SPL? Best Regards, Tim
On 4/26/24 19:34, Tim Harvey wrote: > On Fri, Apr 26, 2024 at 7:45 AM Heinrich Schuchardt <xypron.glpk@gmx.de> wrote: >> >> On 26.04.24 06:03, Marek Vasut wrote: >>> On 4/26/24 2:16 AM, Tim Harvey wrote: >>> >>>>> diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile >>>>> index 7a2543e16cc..4fbce519a0b 100644 >>>>> --- a/drivers/crypto/fsl/Makefile >>>>> +++ b/drivers/crypto/fsl/Makefile >>>>> @@ -6,6 +6,6 @@ obj-y += sec.o >>>>> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o >>>>> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o >>>>> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o >>>>> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o >>>>> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o >>>>> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o >>>>> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o >>>>> -- >>>>> 2.43.0 >>>>> >>>> >>>> Marek, >>> >>> Hi, >>> >>>> Thanks - this series does solve the issue I am seeing in the SPL when >>>> enabling DM_RNG. Is this going to cause an issue for people who expect >>>> it to be currently enabled and now have to manually enable it? >>> >>> That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem >>> to be no users, so I don't think we need to worry here, right ? >>> >>> With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the >>> users that enable DM_RNG, I am not seeing any obvious ones that would >>> require SPL_DM_RNG too. What do you think ? >> >> Grepping for UCLASS_RNG should find usages. >> >> The only possible SPL usage seems to be in net/net_rand.h. Here a >> fallback to the mac address as seed exists. >> >> Best regards >> >> Heinrich >> > > Hi Heinrich, > > looks like its also used in lib/uuid.c by CONFIG_RANDOM_UUID and the > few configs have CONFIG_RANDOM_UUID=y do not have DM_RNG=y so not an > issue. > > srand_mac is used in: > net/bootp.c which is CONFIG_CMD_BOOTP so not SPL > net/dhcpv6.c which is CONIFG_CMD_DHCP6 so not in SPL > net/net.c which is used by CONFIG_SPL_DM_ETH and the fallback you > refer to but 'git grep DM_RNG=y configs/ | cut -d: -f1 | xargs grep > SPL_DM_ETH' shows no results so I think this is ok right? > > but I also see lib/efi_loader/efi_rng.c where UCLASS_RNG used by > efi_rng_protocol - I don't know anything about efi... is this going to > be used by SPL? UEFI is only relevant in main U-Boot. The EFI_RNG_PROTOCOL is used for KASLR by Linux but you can boot without it. Best regards Heinrich
Hi Marek > -----Original Message----- > From: Marek Vasut <marex@denx.de> > Sent: Friday, April 26, 2024 9:33 AM > To: tharvey@gateworks.com > Cc: u-boot@lists.denx.de; Angelo Dureghello <angelo@kernel-space.org>; > Emanuele Ghidoli <emanuele.ghidoli@toradex.com>; Fabio Estevam > <festevam@gmail.com>; Gaurav Jain <gaurav.jain@nxp.com>; Heinrich > Schuchardt <xypron.glpk@gmx.de>; Michal Simek <michal.simek@amd.com>; > Simon Glass <sjg@chromium.org>; Stefan Roese <sr@denx.de>; Sughosh Ganu > <sughosh.ganu@linaro.org>; Svyatoslav Ryhel <clamor95@gmail.com>; Tom Rini > <trini@konsulko.com> > Subject: [EXT] Re: [PATCH 2/3] crypto/fsl: Introduce SPL_FSL_CAAM_RNG > > Caution: This is an external email. Please take care when clicking links or opening > attachments. When in doubt, report the message using the 'Report this email' > button > > > On 4/26/24 2:16 AM, Tim Harvey wrote: > > >> diff --git a/drivers/crypto/fsl/Makefile > >> b/drivers/crypto/fsl/Makefile index 7a2543e16cc..4fbce519a0b 100644 > >> --- a/drivers/crypto/fsl/Makefile > >> +++ b/drivers/crypto/fsl/Makefile > >> @@ -6,6 +6,6 @@ obj-y += sec.o > >> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o > >> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o > >> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o > >> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o > >> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o > >> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o > >> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o > >> -- > >> 2.43.0 > >> > > > > Marek, > > Hi, > > > Thanks - this series does solve the issue I am seeing in the SPL when > > enabling DM_RNG. Is this going to cause an issue for people who expect > > it to be currently enabled and now have to manually enable it? > > That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem to be no > users, so I don't think we need to worry here, right ? > > With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the users > that enable DM_RNG, I am not seeing any obvious ones that would require > SPL_DM_RNG too. What do you think ? FSL_CAAM_RNG is enabled based on DM_RNG. This patch will disable the build of drivers/crypto/fsl/rng.c in SPL. Regards Gaurav Jain
On 4/29/24 11:02 AM, Gaurav Jain wrote: Hi, >>>> diff --git a/drivers/crypto/fsl/Makefile >>>> b/drivers/crypto/fsl/Makefile index 7a2543e16cc..4fbce519a0b 100644 >>>> --- a/drivers/crypto/fsl/Makefile >>>> +++ b/drivers/crypto/fsl/Makefile >>>> @@ -6,6 +6,6 @@ obj-y += sec.o >>>> obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o >>>> obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o >>>> obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o >>>> -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o >>>> +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o >>>> obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o >>>> obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o >>>> -- >>>> 2.43.0 >>>> >>> >>> Marek, >> >> Hi, >> >>> Thanks - this series does solve the issue I am seeing in the SPL when >>> enabling DM_RNG. Is this going to cause an issue for people who expect >>> it to be currently enabled and now have to manually enable it? >> >> That's a good question. If I do '$ git grep FSL_CAAM_RNG' , there seem to be no >> users, so I don't think we need to worry here, right ? >> >> With SPL_DM_RNG i.e. 1/3 I am a bit more concerned. But, looking at the users >> that enable DM_RNG, I am not seeing any obvious ones that would require >> SPL_DM_RNG too. What do you think ? > > FSL_CAAM_RNG is enabled based on DM_RNG. This patch will disable the build of drivers/crypto/fsl/rng.c in SPL. Is that actually a problem for any supported platform ? (that is what is being discussed in this thread already)
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 294e1c8a44e..9f58731bb67 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -78,6 +78,13 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated. +config SPL_FSL_CAAM_RNG + bool "Enable CAAM Random Number Generator support in SPL" + depends on SPL_DM_RNG + help + This option is an SPL-variant of the FSL_CAAM_RNG option. + See the help of FSL_CAAM_RNG for details. + endif config FSL_DCP_RNG diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile index 7a2543e16cc..4fbce519a0b 100644 --- a/drivers/crypto/fsl/Makefile +++ b/drivers/crypto/fsl/Makefile @@ -6,6 +6,6 @@ obj-y += sec.o obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o -obj-$(CONFIG_FSL_CAAM_RNG) += rng.o +obj-$(CONFIG_$(SPL_TPL_)FSL_CAAM_RNG) += rng.o obj-$(CONFIG_FSL_DCP_RNG) += dcp_rng.o obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o
Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de> --- Cc: Angelo Dureghello <angelo@kernel-space.org> Cc: Emanuele Ghidoli <emanuele.ghidoli@toradex.com> Cc: Fabio Estevam <festevam@gmail.com> Cc: Gaurav Jain <gaurav.jain@nxp.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Marek Vasut <marex@denx.de> Cc: Michal Simek <michal.simek@amd.com> Cc: Simon Glass <sjg@chromium.org> Cc: Stefan Roese <sr@denx.de> Cc: Sughosh Ganu <sughosh.ganu@linaro.org> Cc: Svyatoslav Ryhel <clamor95@gmail.com> Cc: Tim Harvey <tharvey@gateworks.com> Cc: Tom Rini <trini@konsulko.com> Cc: u-boot@lists.denx.de --- drivers/crypto/fsl/Kconfig | 7 +++++++ drivers/crypto/fsl/Makefile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)