Re: [PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality

Jarkko Sakkinen <jarkko@xxxxxxxxxx> · Fri, 29 Oct 2021 06:03:22 +0300

On Thu, Oct 28, 2021 at 10:55:56AM +0200, AngeloGioacchino Del Regno wrote:
> Il 28/10/21 08:47, Jarkko Sakkinen ha scritto:
> > On Wed, Oct 27, 2021 at 02:02:33PM +0200, AngeloGioacchino Del Regno wrote:
> > > To allow this device to fill the kernel's entropy pool at boot,
> > > setup a default quality for the hwrng found in Cr50.
> > > 
> > > After some testing with rngtest and dieharder it was, in short,
> > > discovered that the RNG produces fair quality randomness, giving
> > > around 99.93% successes in rngtest FIPS140-2.
> > > 
> > > Notably, though, when testing with dieharder it was noticed that
> > > the p-values distribution wasn't uniform in all the cases, so a
> > > conservative quality value was chosen.
> > > 
> > > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@xxxxxxxxxxxxx>
> > > ---
> > >   drivers/char/tpm/tpm_tis_spi_cr50.c | 1 +
> > >   1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/drivers/char/tpm/tpm_tis_spi_cr50.c b/drivers/char/tpm/tpm_tis_spi_cr50.c
> > > index ea759af25634..d6195fb58036 100644
> > > --- a/drivers/char/tpm/tpm_tis_spi_cr50.c
> > > +++ b/drivers/char/tpm/tpm_tis_spi_cr50.c
> > > @@ -264,6 +264,7 @@ int cr50_spi_probe(struct spi_device *spi)
> > >   	phy = &cr50_phy->spi_phy;
> > >   	phy->flow_control = cr50_spi_flow_control;
> > >   	phy->wake_after = jiffies;
> > > +	phy->priv.rng_quality = 700;
> > 
> > How did you end up exactly to this number ('700')?
> > 
> > /Jarkko
> > 
> 
> As for what I've seen with rngtest, the number should be much higher, but
> dieharder gave 3 WEAK results over 114, which isn't optimal. As also explained
> in the commit message, the p-values distribution also wasn't uniform in all
> of the cases, so I've applied an arbitrary penalty to the calculated values.
> 
> In any case, that's how it went:
> 
> The dieharder results were averaged, then normalized (0-1000) and re-averaged
> with the rngtest result (where the result was given a score of 99.93% of 1000,
> so 999.3), then aggregated together and averaged again.
> An arbitrary penalty of -100 was applied due to the retrieved value, which
> brings us finally to 700.

Please, add this to the commit message for reference.

In addition, please use a named constant instead of magic number, e.g.

/* Default quality for hwrng. */
#define TPM_CR50_DEFAULT_RNG_QUALITY            700

> Regards,
> - Angelo

/Jarkko