On Tue, Aug 27, 2019 at 8:49 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
>
> On Tuesday 27 August 2019 08:34:33 Adam Ford wrote:
> > On Tue, Aug 27, 2019 at 8:24 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > >
> > > On Tuesday 27 August 2019 08:17:55 Adam Ford wrote:
> > > > On Tue, Aug 27, 2019 at 3:12 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > > >
> > > > > On Monday 26 August 2019 11:00:21 Tero Kristo wrote:
> > > > > > On 24.8.2019 0.46, Aaro Koskinen wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > I was looking at N900 boot logs from the current mainline (v5.3-rc),
> > > > > > > and noticed this:
> > > > > > >
> > > > > > > [ 3.297668] omap3_rom_rng: initializing
> > > > > > > [ 3.301940] omap3_rom_rng: unable to get RNG clock
> > > > > > > [ 3.307006] omap3-rom-rng: probe of omap3-rom-rng failed with error -2
> > > > > > >
> > > > > > > It seems some clock data was deleted with 0ed266d7ae5e ("clk: ti: omap3:
> > > > > > > cleanup unnecessary clock aliases"), including one for omap3-rom-rng.
> > > > > > > How this driver is supposed to work now? I guess it has been broken for
> > > > > > > a while. :-(
> > > > > >
> > > > > > You should have a DT node for the device, which contains the clock handle.
> > > >
> > > > I am interested in enabling the RNG too, because sshd takes a long
> > > > time to initialize without the hwrng.
> > > >
> > > > I am not able to find addresses in either the DM3730 TRM nor the
> > > > OMAP3530 TRM. Can someone from TI make a recommendation as to what
> > > > the node address should be? Having this would be a nice starting
> > > > point. Also looking at the other omap RNG nodes there are references
> > > > to hwmods, but looking at the platdata in pdata quirks, I am not
> > > > seeing anything.
> > > >
> > > > There is also chunks of code that exist insdie
> > > > arch/mach-omap2/omap-secure.c which appear to only be referenced from
> > > > this driver, so I wonder if there might be some way to
> > > > combine/condense this once it's been converted to device tree and
> > > > functional again.
> > >
> > > This part of code calls N900's PPA function via SMC instruction, which
> > > is provided by closed Nokia bootloader NOLO/X-Loader. So it is needed.
> >
> > I am arguing that there is open source code for OMAP2 and OMAP4 RNG, I
> > don't understand why we can't have support for everyone. The TRM
> > references the RNG, but it doesn't give much info. There are other
> > RNG's supported in the open source so I would think if the IP is
> > present in the chips, we should be able to use it without a custom
> > bootloader.
>
> I do not know about general solution for OMAP3.
>
> But Nokia N900 is HS device, has signed and closed bootloader (Nokia
> X-Loader) which is running in secure mode and it does not enable L3
> firewall (or how it is called in OMAP world) for accessing RNG blocks
> outside of secure mode. It just export PPA function which "other side"
> can use to get access to RNG.
>
> Accessing blocks which are not allowed by that firewall cause immediate
> reset of board. So kernel must avoid such things.
>
> So for OMAP3 HS devices, like N900, we need signed bootloader which
> either enable direct access to RNG (which we do not have) or bootloader
> which provide custom PPA call for RNG (which we have).
>
> Exactly same problem is with AES acceleration on N900. See for details:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69540a7c277d96382257216436f41abc040cc878
I have an OMAP3 and I am able to access the AES and SHA acceleration
using the cryptodev instructions following:
http://processors.wiki.ti.com/index.php/AM335x_Crypto_Performance
I am able to load the SHA and AES modules without signed bootloaders.
>
> Later I played a bit with that L3 firewall and reading its configuration
> is also disabled. After trying to read it 3 or 4 times from userspace I
> got immediate reset of board. I was told that this is normal (firewall
> violation) and reset is there for security reasons.
If you're using secure world, I would expect this behaviour, but I am
just not seeing why access to the HWRNG would be limited to secure
world when I can use HWRNG for other processors families without it.
>
> Public GP TRM does not provide information because RNG is part of crypto
> IP and it is for HS devices. And IIRC TRM for HS devices is (or was)
> available only under NDA and only for licensed customers.
I agree, yet the omap2 and omap4 rng have open source code. I wonder
how different the omap3 version is from the omap2.
>
> Somebody from TI should really provide up-to-date information about this
> topic. All those information are from time when I played with AES which
> is from year 2014.
I could not agree more.
adam
>
> > adam
> >
> > >
> > > > adam
> > > > >
> > > > > Hello, I have not tested new kernel on N900 for a longer time. And at
> > > > > that time (4.9) it worked fine. So it is just missing DT node? Maybe you
> > > > > could fix it when you testing it?
> > > > >
> > > > > --
> > > > > Pali Rohár
> > > > > pali.rohar@xxxxxxxxx
> > >
> > > --
> > > Pali Rohár
> > > pali.rohar@xxxxxxxxx
>
> --
> Pali Rohár
> pali.rohar@xxxxxxxxx
