On Mon, 2 Dec 2019 16:12:09 +0000 Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > (adding some more arm64 folks) > > On Fri, 29 Nov 2019 at 11:30, Neal Liu <neal.liu@xxxxxxxxxxxx> wrote: > > > > On Fri, 2019-11-29 at 18:02 +0800, Lars Persson wrote: > > > Hi Neal, > > > > > > On Wed, Nov 27, 2019 at 3:23 PM Neal Liu <neal.liu@xxxxxxxxxxxx> wrote: > > > > > > > > For MediaTek SoCs on ARMv8 with TrustZone enabled, peripherals like > > > > entropy sources is not accessible from normal world (linux) and > > > > rather accessible from secure world (ATF/TEE) only. This driver aims > > > > to provide a generic interface to ATF rng service. > > > > > > > > > > I am working on several SoCs that also will need this kind of driver > > > to get entropy from Arm trusted firmware. > > > If you intend to make this a generic interface, please clean up the > > > references to MediaTek and give it a more generic name. For example > > > "Arm Trusted Firmware random number driver". > > > > > > It will also be helpful if the SMC call number is configurable. > > > > > > - Lars > > > > Yes, I'm trying to make this to a generic interface. I'll try to make > > HW/platform related dependency to be configurable and let it more > > generic. > > Thanks for your suggestion. > > > > I don't think it makes sense for each arm64 platform to expose an > entropy source via SMC calls in a slightly different way, and model it > as a h/w driver. Instead, we should try to standardize this, and > perhaps expose it via the architectural helpers that already exist > (get_random_seed_long() and friends), so they get plugged into the > kernel random pool driver directly. Absolutely. I'd love to see a standard, ARM-specified, virtualizable RNG that is abstracted from the HW. > Note that in addition to drivers based on vendor SMC calls, we already > have a RNG h/w driver based on OP-TEE as well, where the driver > attaches to a standardized trusted OS interface identified by a UUID, > and which also gets invoked via SMC calls into secure firmware. ... and probably an unhealthy number of hypervisor-specific hacks that do the same thing. The sooner we plug this, the better. Thanks, M. -- Jazz is not dead. It just smells funny...
