Re: [PATCH] crypto: caam - enable prediction resistance conditionally

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jan 11, 2022 at 4:41 AM Fabio Estevam <festevam@xxxxxxxxx> wrote:
>
> From: Fabio Estevam <festevam@xxxxxxx>
>
> Since commit 358ba762d9f1 ("crypto: caam - enable prediction resistance
> in HRWNG") the following CAAM errors can be seen on i.MX6:
>
> caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error
> hwrng: no data available
> caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error
> hwrng: no data available
> caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error
> hwrng: no data available
> caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error
> hwrng: no data available
>
> OP_ALG_PR_ON is enabled unconditionally, which may cause the problem
> on i.MX devices.

Is this true for every i.MX device? I haven't worked with the
i.MX6Q/i.MX8 hardware I was enabling this feature for in a while, so
I'm not 100% up to date on all of the problems we've seen with those,
but last time enabling prediction resistance didn't seem to cause any
issues besides a noticeable slowdown of random data generation.

Can this be a Kconfig option or maybe a runtime flag so that it'd
still be possible for some i.MX users to keep PR enabled?

>
> Fix the problem by only enabling OP_ALG_PR_ON on platforms that have
> Management Complex support.
>
> Fixes: 358ba762d9f1 ("crypto: caam - enable prediction resistance in HRWNG")
> Signed-off-by: Fabio Estevam <festevam@xxxxxxx>
> ---
>  drivers/crypto/caam/caamrng.c | 15 +++++++++++----
>  1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
> index 77d048dfe5d0..3514fe5de2a5 100644
> --- a/drivers/crypto/caam/caamrng.c
> +++ b/drivers/crypto/caam/caamrng.c
> @@ -63,12 +63,19 @@ static void caam_rng_done(struct device *jrdev, u32 *desc, u32 err,
>         complete(jctx->done);
>  }
>
> -static u32 *caam_init_desc(u32 *desc, dma_addr_t dst_dma)
> +static u32 *caam_init_desc(struct device *jrdev, u32 *desc, dma_addr_t dst_dma)
>  {
> +       struct caam_drv_private *priv = dev_get_drvdata(jrdev->parent);
> +
>         init_job_desc(desc, 0); /* + 1 cmd_sz */
>         /* Generate random bytes: + 1 cmd_sz */
> -       append_operation(desc, OP_ALG_ALGSEL_RNG | OP_TYPE_CLASS1_ALG |
> -                        OP_ALG_PR_ON);
> +
> +       if (priv->mc_en)
> +               append_operation(desc, OP_ALG_ALGSEL_RNG | OP_TYPE_CLASS1_ALG |
> +                                 OP_ALG_PR_ON);
> +       else
> +               append_operation(desc, OP_ALG_ALGSEL_RNG | OP_TYPE_CLASS1_ALG);
> +
>         /* Store bytes: + 1 cmd_sz + caam_ptr_sz  */
>         append_fifo_store(desc, dst_dma,
>                           CAAM_RNG_MAX_FIFO_STORE_SIZE, FIFOST_TYPE_RNGSTORE);
> @@ -101,7 +108,7 @@ static int caam_rng_read_one(struct device *jrdev,
>
>         init_completion(done);
>         err = caam_jr_enqueue(jrdev,
> -                             caam_init_desc(desc, dst_dma),
> +                             caam_init_desc(jrdev, desc, dst_dma),
>                               caam_rng_done, &jctx);
>         if (err == -EINPROGRESS) {
>                 wait_for_completion(done);
> --
> 2.25.1
>
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux