| Message ID | 20211029080915.63838-1-angelogioacchino.delregno@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] tpm: tpm_tis_spi_cr50: Add default RNG quality | expand |
On Fri, 2021-10-29 at 10:09 +0200, AngeloGioacchino Del Regno wrote: > To allow this device to fill the kernel's entropy pool at boot, > setup a default quality for the hwrng found in Cr50. > > After some testing with rngtest and dieharder it was, in short, > discovered that the RNG produces fair quality randomness, giving > around 99.93% successes in rngtest FIPS140-2. > > Notably, though, when testing with dieharder it was noticed that > we get 3 WEAK results over 114, which isn't optimal, and also > the p-values distribution wasn't uniform in all the cases, so a > conservative quality value was chosen by applying an arbitrary > penalty to the calculated values. > > For reference, this is how the values were calculated: > > The dieharder results were averaged, then normalized (0-1000) > and re-averaged with the rngtest result (where the result was > given a score of 99.93% of 1000, so 999.3), then aggregated > together and averaged again. > An arbitrary penalty of -100 was applied due to the retrieved > value, which brings us finally to 700. > > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> > --- > drivers/char/tpm/tpm_tis_spi_cr50.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/char/tpm/tpm_tis_spi_cr50.c b/drivers/char/tpm/tpm_tis_spi_cr50.c > index ea759af25634..dae98dbeeeac 100644 > --- a/drivers/char/tpm/tpm_tis_spi_cr50.c > +++ b/drivers/char/tpm/tpm_tis_spi_cr50.c > @@ -36,6 +36,9 @@ > #define TPM_CR50_FW_VER(l) (0x0f90 | ((l) << 12)) > #define TPM_CR50_MAX_FW_VER_LEN 64 > > +/* Default quality for hwrng. */ > +#define TPM_CR50_DEFAULT_RNG_QUALITY 700 > + > struct cr50_spi_phy { > struct tpm_tis_spi_phy spi_phy; > > @@ -264,6 +267,7 @@ int cr50_spi_probe(struct spi_device *spi) > phy = &cr50_phy->spi_phy; > phy->flow_control = cr50_spi_flow_control; > phy->wake_after = jiffies; > + phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY; > init_completion(&phy->ready); > > cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY; Thank you. Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@kernel.org> /Jarkko
On Sun, 2021-10-31 at 19:25 +0200, Jarkko Sakkinen wrote: > On Fri, 2021-10-29 at 10:09 +0200, AngeloGioacchino Del Regno wrote: > > To allow this device to fill the kernel's entropy pool at boot, > > setup a default quality for the hwrng found in Cr50. > > > > After some testing with rngtest and dieharder it was, in short, > > discovered that the RNG produces fair quality randomness, giving > > around 99.93% successes in rngtest FIPS140-2. > > > > Notably, though, when testing with dieharder it was noticed that > > we get 3 WEAK results over 114, which isn't optimal, and also > > the p-values distribution wasn't uniform in all the cases, so a > > conservative quality value was chosen by applying an arbitrary > > penalty to the calculated values. > > > > For reference, this is how the values were calculated: > > > > The dieharder results were averaged, then normalized (0-1000) > > and re-averaged with the rngtest result (where the result was > > given a score of 99.93% of 1000, so 999.3), then aggregated > > together and averaged again. > > An arbitrary penalty of -100 was applied due to the retrieved > > value, which brings us finally to 700. > > > > Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> > > --- > > drivers/char/tpm/tpm_tis_spi_cr50.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/char/tpm/tpm_tis_spi_cr50.c b/drivers/char/tpm/tpm_tis_spi_cr50.c > > index ea759af25634..dae98dbeeeac 100644 > > --- a/drivers/char/tpm/tpm_tis_spi_cr50.c > > +++ b/drivers/char/tpm/tpm_tis_spi_cr50.c > > @@ -36,6 +36,9 @@ > > #define TPM_CR50_FW_VER(l) (0x0f90 | ((l) << 12)) > > #define TPM_CR50_MAX_FW_VER_LEN 64 > > > > +/* Default quality for hwrng. */ > > +#define TPM_CR50_DEFAULT_RNG_QUALITY 700 > > + > > struct cr50_spi_phy { > > struct tpm_tis_spi_phy spi_phy; > > > > @@ -264,6 +267,7 @@ int cr50_spi_probe(struct spi_device *spi) > > phy = &cr50_phy->spi_phy; > > phy->flow_control = cr50_spi_flow_control; > > phy->wake_after = jiffies; > > + phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY; > > init_completion(&phy->ready); > > > > cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY; > > Thank you. > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@kernel.org> Oops, a typo. Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko
diff --git a/drivers/char/tpm/tpm_tis_spi_cr50.c b/drivers/char/tpm/tpm_tis_spi_cr50.c index ea759af25634..dae98dbeeeac 100644 --- a/drivers/char/tpm/tpm_tis_spi_cr50.c +++ b/drivers/char/tpm/tpm_tis_spi_cr50.c @@ -36,6 +36,9 @@ #define TPM_CR50_FW_VER(l) (0x0f90 | ((l) << 12)) #define TPM_CR50_MAX_FW_VER_LEN 64 +/* Default quality for hwrng. */ +#define TPM_CR50_DEFAULT_RNG_QUALITY 700 + struct cr50_spi_phy { struct tpm_tis_spi_phy spi_phy; @@ -264,6 +267,7 @@ int cr50_spi_probe(struct spi_device *spi) phy = &cr50_phy->spi_phy; phy->flow_control = cr50_spi_flow_control; phy->wake_after = jiffies; + phy->priv.rng_quality = TPM_CR50_DEFAULT_RNG_QUALITY; init_completion(&phy->ready); cr50_phy->access_delay = CR50_NOIRQ_ACCESS_DELAY;
To allow this device to fill the kernel's entropy pool at boot, setup a default quality for the hwrng found in Cr50. After some testing with rngtest and dieharder it was, in short, discovered that the RNG produces fair quality randomness, giving around 99.93% successes in rngtest FIPS140-2. Notably, though, when testing with dieharder it was noticed that we get 3 WEAK results over 114, which isn't optimal, and also the p-values distribution wasn't uniform in all the cases, so a conservative quality value was chosen by applying an arbitrary penalty to the calculated values. For reference, this is how the values were calculated: The dieharder results were averaged, then normalized (0-1000) and re-averaged with the rngtest result (where the result was given a score of 99.93% of 1000, so 999.3), then aggregated together and averaged again. An arbitrary penalty of -100 was applied due to the retrieved value, which brings us finally to 700. Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> --- drivers/char/tpm/tpm_tis_spi_cr50.c | 4 ++++ 1 file changed, 4 insertions(+)