On Tuesday 27 August 2019 20:42:35 Tero Kristo wrote:
> On 27/08/2019 16:54, Adam Ford wrote:
> > On Tue, Aug 27, 2019 at 8:49 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > >
> > > On Tuesday 27 August 2019 08:34:33 Adam Ford wrote:
> > > > On Tue, Aug 27, 2019 at 8:24 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > > >
> > > > > On Tuesday 27 August 2019 08:17:55 Adam Ford wrote:
> > > > > > On Tue, Aug 27, 2019 at 3:12 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > > > > > >
> > > > > > > On Monday 26 August 2019 11:00:21 Tero Kristo wrote:
> > > > > > > > On 24.8.2019 0.46, Aaro Koskinen wrote:
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > I was looking at N900 boot logs from the current mainline (v5.3-rc),
> > > > > > > > > and noticed this:
> > > > > > > > >
> > > > > > > > > [ 3.297668] omap3_rom_rng: initializing
> > > > > > > > > [ 3.301940] omap3_rom_rng: unable to get RNG clock
> > > > > > > > > [ 3.307006] omap3-rom-rng: probe of omap3-rom-rng failed with error -2
> > > > > > > > >
> > > > > > > > > It seems some clock data was deleted with 0ed266d7ae5e ("clk: ti: omap3:
> > > > > > > > > cleanup unnecessary clock aliases"), including one for omap3-rom-rng.
> > > > > > > > > How this driver is supposed to work now? I guess it has been broken for
> > > > > > > > > a while. :-(
> > > > > > > >
> > > > > > > > You should have a DT node for the device, which contains the clock handle.
> > > > > >
> > > > > > I am interested in enabling the RNG too, because sshd takes a long
> > > > > > time to initialize without the hwrng.
> > > > > >
> > > > > > I am not able to find addresses in either the DM3730 TRM nor the
> > > > > > OMAP3530 TRM. Can someone from TI make a recommendation as to what
> > > > > > the node address should be? Having this would be a nice starting
> > > > > > point. Also looking at the other omap RNG nodes there are references
> > > > > > to hwmods, but looking at the platdata in pdata quirks, I am not
> > > > > > seeing anything.
> > > > > >
> > > > > > There is also chunks of code that exist insdie
> > > > > > arch/mach-omap2/omap-secure.c which appear to only be referenced from
> > > > > > this driver, so I wonder if there might be some way to
> > > > > > combine/condense this once it's been converted to device tree and
> > > > > > functional again.
> > > > >
> > > > > This part of code calls N900's PPA function via SMC instruction, which
> > > > > is provided by closed Nokia bootloader NOLO/X-Loader. So it is needed.
> > > >
> > > > I am arguing that there is open source code for OMAP2 and OMAP4 RNG, I
> > > > don't understand why we can't have support for everyone. The TRM
> > > > references the RNG, but it doesn't give much info. There are other
> > > > RNG's supported in the open source so I would think if the IP is
> > > > present in the chips, we should be able to use it without a custom
> > > > bootloader.
> > >
> > > I do not know about general solution for OMAP3.
> > >
> > > But Nokia N900 is HS device, has signed and closed bootloader (Nokia
> > > X-Loader) which is running in secure mode and it does not enable L3
> > > firewall (or how it is called in OMAP world) for accessing RNG blocks
> > > outside of secure mode. It just export PPA function which "other side"
> > > can use to get access to RNG.
> > >
> > > Accessing blocks which are not allowed by that firewall cause immediate
> > > reset of board. So kernel must avoid such things.
> > >
> > > So for OMAP3 HS devices, like N900, we need signed bootloader which
> > > either enable direct access to RNG (which we do not have) or bootloader
> > > which provide custom PPA call for RNG (which we have).
> > >
> > > Exactly same problem is with AES acceleration on N900. See for details:
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69540a7c277d96382257216436f41abc040cc878
> >
> > I have an OMAP3 and I am able to access the AES and SHA acceleration
> > using the cryptodev instructions following:
> > http://processors.wiki.ti.com/index.php/AM335x_Crypto_Performance
> >
> > I am able to load the SHA and AES modules without signed bootloaders.
> >
> > >
> > > Later I played a bit with that L3 firewall and reading its configuration
> > > is also disabled. After trying to read it 3 or 4 times from userspace I
> > > got immediate reset of board. I was told that this is normal (firewall
> > > violation) and reset is there for security reasons.
> >
> > If you're using secure world, I would expect this behaviour, but I am
> > just not seeing why access to the HWRNG would be limited to secure
> > world when I can use HWRNG for other processors families without it.
> >
> > >
> > > Public GP TRM does not provide information because RNG is part of crypto
> > > IP and it is for HS devices. And IIRC TRM for HS devices is (or was)
> > > available only under NDA and only for licensed customers.
> >
> > I agree, yet the omap2 and omap4 rng have open source code. I wonder
> > how different the omap3 version is from the omap2.
> >
> > >
> > > Somebody from TI should really provide up-to-date information about this
> > > topic. All those information are from time when I played with AES which
> > > is from year 2014.
> >
> > I could not agree more.
>
> Delving on the topic of NDA chip features is dangerous area for TI people...
> as we might be violating NDA ourselves and get into trouble for it.
Is really GP TRM under NDA? I was thought that only HS documentation is
under NDA.
> I would prefer someone outside TI reverse engineers the support somehow
> against omap2/omap4, and sees what works out. AM35x public TRM might have
> some info on it, that chip is basically a copy of omap3.
>
> -Tero
>
> >
> > adam
> > >
> > > > adam
> > > >
> > > > >
> > > > > > adam
> > > > > > >
> > > > > > > Hello, I have not tested new kernel on N900 for a longer time. And at
> > > > > > > that time (4.9) it worked fine. So it is just missing DT node? Maybe you
> > > > > > > could fix it when you testing it?
> > > > > > >
> > > > > > > --
> > > > > > > Pali Rohár
> > > > > > > pali.rohar@xxxxxxxxx
> > > > >
> > > > > --
> > > > > Pali Rohár
> > > > > pali.rohar@xxxxxxxxx
> > >
> > > --
> > > Pali Rohár
> > > pali.rohar@xxxxxxxxx
>
> --
> Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
--
Pali Rohár
pali.rohar@xxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
