Re: OMAP3 ROM RNG probe failure on N900

[Tero Kristo <t-kristo@xxxxxx>]

On 27/08/2019 16:54, Adam Ford wrote:
> On Tue, Aug 27, 2019 at 8:49 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > On Tuesday 27 August 2019 08:34:33 Adam Ford wrote:
> > > On Tue, Aug 27, 2019 at 8:24 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > > On Tuesday 27 August 2019 08:17:55 Adam Ford wrote:
> > > > > On Tue, Aug 27, 2019 at 3:12 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > > > > On Monday 26 August 2019 11:00:21 Tero Kristo wrote:
> > > > > > > On 24.8.2019 0.46, Aaro Koskinen wrote:
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I was looking at N900 boot logs from the current mainline (v5.3-rc),
> > > > > > > > and noticed this:
> > > > > > > >
> > > > > > > > [    3.297668] omap3_rom_rng: initializing
> > > > > > > > [    3.301940] omap3_rom_rng: unable to get RNG clock
> > > > > > > > [    3.307006] omap3-rom-rng: probe of omap3-rom-rng failed with error -2
> > > > > > > >
> > > > > > > > It seems some clock data was deleted with 0ed266d7ae5e ("clk: ti: omap3:
> > > > > > > > cleanup unnecessary clock aliases"), including one for omap3-rom-rng.
> > > > > > > > How this driver is supposed to work now? I guess it has been broken for
> > > > > > > > a while. :-(
> > > > > > >
> > > > > > > You should have a DT node for the device, which contains the clock handle.
> > > > >
> > > > > I am interested in enabling the RNG too, because sshd takes a long
> > > > > time to initialize without the hwrng.
> > > > >
> > > > > I am not able to find addresses in either the DM3730 TRM nor the
> > > > > OMAP3530 TRM.  Can someone from TI make a recommendation as to what
> > > > > the node address should be?  Having this would be a nice starting
> > > > > point.  Also looking at the other omap RNG nodes there are references
> > > > > to hwmods, but looking at the platdata in pdata quirks, I am not
> > > > > seeing anything.
> > > > >
> > > > > There is also chunks of code that exist insdie
> > > > > arch/mach-omap2/omap-secure.c which appear to only be referenced from
> > > > > this driver, so I wonder if there might be some way to
> > > > > combine/condense this once it's been converted to device tree and
> > > > > functional again.
> > > >
> > > > This part of code calls N900's PPA function via SMC instruction, which
> > > > is provided by closed Nokia bootloader NOLO/X-Loader. So it is needed.
> > >
> > > I am arguing that there is open source code for OMAP2 and OMAP4 RNG, I
> > > don't understand why we can't have support for everyone.  The TRM
> > > references the RNG, but it doesn't give much info.  There are other
> > > RNG's supported in the open source so I would think if the IP is
> > > present in the chips, we should be able to use it without a custom
> > > bootloader.
> >
> > I do not know about general solution for OMAP3.
> >
> > But Nokia N900 is HS device, has signed and closed bootloader (Nokia
> > X-Loader) which is running in secure mode and it does not enable L3
> > firewall (or how it is called in OMAP world) for accessing RNG blocks
> > outside of secure mode. It just export PPA function which "other side"
> > can use to get access to RNG.
> >
> > Accessing blocks which are not allowed by that firewall cause immediate
> > reset of board. So kernel must avoid such things.
> >
> > So for OMAP3 HS devices, like N900, we need signed bootloader which
> > either enable direct access to RNG (which we do not have) or bootloader
> > which provide custom PPA call for RNG (which we have).
> >
> > Exactly same problem is with AES acceleration on N900. See for details:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69540a7c277d96382257216436f41abc040cc878
>
> I have an OMAP3 and I am able to access the AES and SHA acceleration
> using the cryptodev instructions following:
> http://processors.wiki.ti.com/index.php/AM335x_Crypto_Performance
>
> I am able to load the SHA and AES modules without signed bootloaders.
>
> > Later I played a bit with that L3 firewall and reading its configuration
> > is also disabled. After trying to read it 3 or 4 times from userspace I
> > got immediate reset of board. I was told that this is normal (firewall
> > violation) and reset is there for security reasons.
>
> If you're using secure world, I would expect this behaviour, but I am
> just not seeing why access to the HWRNG would be limited to secure
> world when I can use HWRNG for other processors families without it.
>
> > Public GP TRM does not provide information because RNG is part of crypto
> > IP and it is for HS devices. And IIRC TRM for HS devices is (or was)
> > available only under NDA and only for licensed customers.
>
> I agree, yet the omap2 and omap4 rng have open source code. I wonder
> how different the omap3 version is from the omap2.
>
> > Somebody from TI should really provide up-to-date information about this
> > topic. All those information are from time when I played with AES which
> > is from year 2014.
>
> I could not agree more.

Delving on the topic of NDA chip features is dangerous area for TI 
people... as we might be violating NDA ourselves and get into trouble 
for it.

I would prefer someone outside TI reverse engineers the support somehow 
against omap2/omap4, and sees what works out. AM35x public TRM might 
have some info on it, that chip is basically a copy of omap3.

-Tero

> adam
> > > adam
> > >
> > > > > adam
> > > > > > Hello, I have not tested new kernel on N900 for a longer time. And at
> > > > > > that time (4.9) it worked fine. So it is just missing DT node? Maybe you
> > > > > > could fix it when you testing it?
> > > > > >
> > > > > > --
> > > > > > Pali Rohár
> > > > > > pali.rohar@xxxxxxxxx
> > > >
> > > > --
> > > > Pali Rohár
> > > > pali.rohar@xxxxxxxxx
> >
> > --
> > Pali Rohár
> > pali.rohar@xxxxxxxxx

--
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki