On Tuesday 27 August 2019 08:34:33 Adam Ford wrote:
> On Tue, Aug 27, 2019 at 8:24 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> >
> > On Tuesday 27 August 2019 08:17:55 Adam Ford wrote:
> > > On Tue, Aug 27, 2019 at 3:12 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > >
> > > > On Monday 26 August 2019 11:00:21 Tero Kristo wrote:
> > > > > On 24.8.2019 0.46, Aaro Koskinen wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I was looking at N900 boot logs from the current mainline (v5.3-rc),
> > > > > > and noticed this:
> > > > > >
> > > > > > [ 3.297668] omap3_rom_rng: initializing
> > > > > > [ 3.301940] omap3_rom_rng: unable to get RNG clock
> > > > > > [ 3.307006] omap3-rom-rng: probe of omap3-rom-rng failed with error -2
> > > > > >
> > > > > > It seems some clock data was deleted with 0ed266d7ae5e ("clk: ti: omap3:
> > > > > > cleanup unnecessary clock aliases"), including one for omap3-rom-rng.
> > > > > > How this driver is supposed to work now? I guess it has been broken for
> > > > > > a while. :-(
> > > > >
> > > > > You should have a DT node for the device, which contains the clock handle.
> > >
> > > I am interested in enabling the RNG too, because sshd takes a long
> > > time to initialize without the hwrng.
> > >
> > > I am not able to find addresses in either the DM3730 TRM nor the
> > > OMAP3530 TRM. Can someone from TI make a recommendation as to what
> > > the node address should be? Having this would be a nice starting
> > > point. Also looking at the other omap RNG nodes there are references
> > > to hwmods, but looking at the platdata in pdata quirks, I am not
> > > seeing anything.
> > >
> > > There is also chunks of code that exist insdie
> > > arch/mach-omap2/omap-secure.c which appear to only be referenced from
> > > this driver, so I wonder if there might be some way to
> > > combine/condense this once it's been converted to device tree and
> > > functional again.
> >
> > This part of code calls N900's PPA function via SMC instruction, which
> > is provided by closed Nokia bootloader NOLO/X-Loader. So it is needed.
>
> I am arguing that there is open source code for OMAP2 and OMAP4 RNG, I
> don't understand why we can't have support for everyone. The TRM
> references the RNG, but it doesn't give much info. There are other
> RNG's supported in the open source so I would think if the IP is
> present in the chips, we should be able to use it without a custom
> bootloader.
I do not know about general solution for OMAP3.
But Nokia N900 is HS device, has signed and closed bootloader (Nokia
X-Loader) which is running in secure mode and it does not enable L3
firewall (or how it is called in OMAP world) for accessing RNG blocks
outside of secure mode. It just export PPA function which "other side"
can use to get access to RNG.
Accessing blocks which are not allowed by that firewall cause immediate
reset of board. So kernel must avoid such things.
So for OMAP3 HS devices, like N900, we need signed bootloader which
either enable direct access to RNG (which we do not have) or bootloader
which provide custom PPA call for RNG (which we have).
Exactly same problem is with AES acceleration on N900. See for details:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69540a7c277d96382257216436f41abc040cc878
Later I played a bit with that L3 firewall and reading its configuration
is also disabled. After trying to read it 3 or 4 times from userspace I
got immediate reset of board. I was told that this is normal (firewall
violation) and reset is there for security reasons.
Public GP TRM does not provide information because RNG is part of crypto
IP and it is for HS devices. And IIRC TRM for HS devices is (or was)
available only under NDA and only for licensed customers.
Somebody from TI should really provide up-to-date information about this
topic. All those information are from time when I played with AES which
is from year 2014.
> adam
>
> >
> > > adam
> > > >
> > > > Hello, I have not tested new kernel on N900 for a longer time. And at
> > > > that time (4.9) it worked fine. So it is just missing DT node? Maybe you
> > > > could fix it when you testing it?
> > > >
> > > > --
> > > > Pali Rohár
> > > > pali.rohar@xxxxxxxxx
> >
> > --
> > Pali Rohár
> > pali.rohar@xxxxxxxxx
--
Pali Rohár
pali.rohar@xxxxxxxxx
