Hi,
a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
in arch_get_random_seed_long_early(). Apologies for messing this up
in v5 and thanks to broonie for being on the watch!
Will, Catalin: it would be much appreciated if you could consider taking
patch 1/5. This contains the common definitions, and is a prerequisite
for every other patch, although they are somewhat independent and likely
will need to go through different subsystems.
Cheers,
Andre
==============================
The ARM architected TRNG firmware interface, described in ARM spec
DEN0098[1], defines an ARM SMCCC based interface to a true random number
generator, provided by firmware.
This series collects all the patches implementing this in various
places: as a user feeding into the ARCH_RANDOM pool, both for ARM and
arm64, and as a service provider for KVM guests.
Patch 1 introduces the interface definition used by all three entities.
Patch 2 prepares the Arm SMCCC firmware driver to probe for the
interface. This patch is needed to avoid a later dependency on *two*
patches (there might be a better solution to this problem).
Patch 3 implements the ARM part, patch 4 is the arm64 version.
The final patch 5 adds support to provide random numbers to KVM guests.
This was tested on:
- QEMU -kernel (no SMCCC, regression test)
- Juno w/ prototype of the h/w Trusted RNG support
- mainline KVM (SMCCC, but no TRNG: regression test)
- ARM and arm64 KVM guests, using the KVM service in patch 5/5
Based on v5.11-rc2, please let me know if I should rebase it on
something else. A git repo is accessible at:
https://gitlab.arm.com/linux-arm/linux-ap/-/commits/smccc-trng/v6/
Cheers,
Andre
[1] https://developer.arm.com/documentation/den0098/latest/
Changelog v5 ... v6:
- *really* fixing order of SMCCC vs. RNDR call in the *_early() version
Changelog v4 ... v5:
- change order of SMCCC call vs. RNDR call in arch_get_random_seed_long_early
- adding Sudeep's R-b: tags
Changelog v3 ... v4:
- include cache.h to always have __ro_after_init defined
- change order of SMCCC call vs. RNDR call in arm64's archrandom.h
- adding LinusW's R-b: tags
Changelog v2 ... v3:
- ARM: fix compilation with randconfig
- arm64: use SMCCC call also in arch_get_random_seed_long_early()
- KVM: comment on return value usage
- KVM: use more interesting UUID (enjoy, Marc!)
- KVM: use bitmaps instead of open coded long arrays
- KVM: drop direct usage of arch_get_random() interface
Changelog "v1" ... v2:
- trigger ARCH_RANDOM initialisation from the SMCCC firmware driver
- use a single bool in smccc.c to hold the initialisation state for arm64
- handle endianess correctly in the KVM provider
Andre Przywara (2):
firmware: smccc: Introduce SMCCC TRNG framework
arm64: Add support for SMCCC TRNG entropy source
Ard Biesheuvel (3):
firmware: smccc: Add SMCCC TRNG function call IDs
ARM: implement support for SMCCC TRNG entropy source
KVM: arm64: implement the TRNG hypervisor call
arch/arm/Kconfig | 4 ++
arch/arm/include/asm/archrandom.h | 74 +++++++++++++++++++++++++
arch/arm64/include/asm/archrandom.h | 82 ++++++++++++++++++++++++----
arch/arm64/include/asm/kvm_host.h | 2 +
arch/arm64/kvm/Makefile | 2 +-
arch/arm64/kvm/hypercalls.c | 6 ++
arch/arm64/kvm/trng.c | 85 +++++++++++++++++++++++++++++
drivers/firmware/smccc/smccc.c | 6 ++
include/linux/arm-smccc.h | 31 +++++++++++
9 files changed, 281 insertions(+), 11 deletions(-)
create mode 100644 arch/arm/include/asm/archrandom.h
create mode 100644 arch/arm64/kvm/trng.c
--
2.17.1
*** BLURB HERE ***
Andre Przywara (2):
firmware: smccc: Introduce SMCCC TRNG framework
arm64: Add support for SMCCC TRNG entropy source
Ard Biesheuvel (3):
firmware: smccc: Add SMCCC TRNG function call IDs
ARM: implement support for SMCCC TRNG entropy source
KVM: arm64: implement the TRNG hypervisor call
arch/arm/Kconfig | 4 ++
arch/arm/include/asm/archrandom.h | 74 +++++++++++++++++++++++++
arch/arm64/include/asm/archrandom.h | 82 ++++++++++++++++++++++++----
arch/arm64/include/asm/kvm_host.h | 2 +
arch/arm64/kvm/Makefile | 2 +-
arch/arm64/kvm/hypercalls.c | 6 ++
arch/arm64/kvm/trng.c | 85 +++++++++++++++++++++++++++++
drivers/firmware/smccc/smccc.c | 6 ++
include/linux/arm-smccc.h | 31 +++++++++++
9 files changed, 281 insertions(+), 11 deletions(-)
create mode 100644 arch/arm/include/asm/archrandom.h
create mode 100644 arch/arm64/kvm/trng.c
--
2.17.1
The ARM architected TRNG firmware interface, described in ARM spec
DEN0098, defines an ARM SMCCC based interface to a true random number
generator, provided by firmware.
This can be discovered via the SMCCC >=v1.1 interface, and provides
up to 192 bits of entropy per call.
Hook this SMC call into arm64's arch_get_random_*() implementation,
coming to the rescue when the CPU does not implement the ARM v8.5 RNG
system registers.
For the detection, we piggy back on the PSCI/SMCCC discovery (which gives
us the conduit to use (hvc/smc)), then try to call the
ARM_SMCCC_TRNG_VERSION function, which returns -1 if this interface is
not implemented.
Signed-off-by: Andre Przywara <[email protected]>
---
arch/arm64/include/asm/archrandom.h | 72 ++++++++++++++++++++++++-----
1 file changed, 61 insertions(+), 11 deletions(-)
diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/asm/archrandom.h
index abe07c21da8e..09e43272ccb0 100644
--- a/arch/arm64/include/asm/archrandom.h
+++ b/arch/arm64/include/asm/archrandom.h
@@ -4,13 +4,24 @@
#ifdef CONFIG_ARCH_RANDOM
+#include <linux/arm-smccc.h>
#include <linux/bug.h>
#include <linux/kernel.h>
#include <asm/cpufeature.h>
+#define ARM_SMCCC_TRNG_MIN_VERSION 0x10000UL
+
+extern bool smccc_trng_available;
+
static inline bool __init smccc_probe_trng(void)
{
- return false;
+ struct arm_smccc_res res;
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_VERSION, &res);
+ if ((s32)res.a0 < 0)
+ return false;
+
+ return res.a0 >= ARM_SMCCC_TRNG_MIN_VERSION;
}
static inline bool __arm64_rndr(unsigned long *v)
@@ -43,26 +54,55 @@ static inline bool __must_check arch_get_random_int(unsigned int *v)
static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
{
+ struct arm_smccc_res res;
+
+ /*
+ * We prefer the SMCCC call, since its semantics (return actual
+ * hardware backed entropy) is closer to the idea behind this
+ * function here than what even the RNDRSS register provides
+ * (the output of a pseudo RNG freshly seeded by a TRNG).
+ */
+ if (smccc_trng_available) {
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND64, 64, &res);
+ if ((int)res.a0 >= 0) {
+ *v = res.a3;
+ return true;
+ }
+ }
+
/*
* Only support the generic interface after we have detected
* the system wide capability, avoiding complexity with the
* cpufeature code and with potential scheduling between CPUs
* with and without the feature.
*/
- if (!cpus_have_const_cap(ARM64_HAS_RNG))
- return false;
+ if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v))
+ return true;
- return __arm64_rndr(v);
+ return false;
}
-
static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
{
+ struct arm_smccc_res res;
unsigned long val;
- bool ok = arch_get_random_seed_long(&val);
- *v = val;
- return ok;
+ if (smccc_trng_available) {
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND64, 32, &res);
+ if ((int)res.a0 >= 0) {
+ *v = res.a3 & GENMASK(31, 0);
+ return true;
+ }
+ }
+
+ if (cpus_have_const_cap(ARM64_HAS_RNG)) {
+ if (__arm64_rndr(&val)) {
+ *v = val;
+ return true;
+ }
+ }
+
+ return false;
}
static inline bool __init __early_cpu_has_rndr(void)
@@ -77,10 +117,20 @@ arch_get_random_seed_long_early(unsigned long *v)
{
WARN_ON(system_state != SYSTEM_BOOTING);
- if (!__early_cpu_has_rndr())
- return false;
+ if (smccc_trng_available) {
+ struct arm_smccc_res res;
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND64, 64, &res);
+ if ((int)res.a0 >= 0) {
+ *v = res.a3;
+ return true;
+ }
+ }
- return __arm64_rndr(v);
+ if (__early_cpu_has_rndr() && __arm64_rndr(v))
+ return true;
+
+ return false;
}
#define arch_get_random_seed_long_early arch_get_random_seed_long_early
--
2.17.1
From: Ard Biesheuvel <[email protected]>
Implement arch_get_random_seed_*() for ARM based on the firmware
or hypervisor provided entropy source described in ARM DEN0098.
This will make the kernel's random number generator consume entropy
provided by this interface, at early boot, and periodically at
runtime when reseeding.
Cc: Linus Walleij <[email protected]>
Cc: Russell King <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
[Andre: rework to be initialised by the SMCCC firmware driver]
Signed-off-by: Andre Przywara <[email protected]>
Reviewed-by: Linus Walleij <[email protected]>
---
arch/arm/Kconfig | 4 ++
arch/arm/include/asm/archrandom.h | 64 +++++++++++++++++++++++++++++++
2 files changed, 68 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 138248999df7..bfe642510b0a 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1644,6 +1644,10 @@ config STACKPROTECTOR_PER_TASK
Enable this option to switch to a different method that uses a
different canary value for each task.
+config ARCH_RANDOM
+ def_bool y
+ depends on HAVE_ARM_SMCCC_DISCOVERY
+
endmenu
menu "Boot options"
diff --git a/arch/arm/include/asm/archrandom.h b/arch/arm/include/asm/archrandom.h
index a8e84ca5c2ee..f3e96a5b65f8 100644
--- a/arch/arm/include/asm/archrandom.h
+++ b/arch/arm/include/asm/archrandom.h
@@ -2,9 +2,73 @@
#ifndef _ASM_ARCHRANDOM_H
#define _ASM_ARCHRANDOM_H
+#ifdef CONFIG_ARCH_RANDOM
+
+#include <linux/arm-smccc.h>
+#include <linux/kernel.h>
+
+#define ARM_SMCCC_TRNG_MIN_VERSION 0x10000UL
+
+extern bool smccc_trng_available;
+
+static inline bool __init smccc_probe_trng(void)
+{
+ struct arm_smccc_res res;
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_VERSION, &res);
+ if ((s32)res.a0 < 0)
+ return false;
+ if (res.a0 >= ARM_SMCCC_TRNG_MIN_VERSION) {
+ /* double check that the 32-bit flavor is available */
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_FEATURES,
+ ARM_SMCCC_TRNG_RND32,
+ &res);
+ if ((s32)res.a0 >= 0)
+ return true;
+ }
+
+ return false;
+}
+
+static inline bool __must_check arch_get_random_long(unsigned long *v)
+{
+ return false;
+}
+
+static inline bool __must_check arch_get_random_int(unsigned int *v)
+{
+ return false;
+}
+
+static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
+{
+ struct arm_smccc_res res;
+
+ if (smccc_trng_available) {
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND32, 8 * sizeof(*v), &res);
+
+ if (res.a0 != 0)
+ return false;
+
+ *v = res.a3;
+ return true;
+ }
+
+ return false;
+}
+
+static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
+{
+ return arch_get_random_seed_long((unsigned long *)v);
+}
+
+
+#else /* !CONFIG_ARCH_RANDOM */
+
static inline bool __init smccc_probe_trng(void)
{
return false;
}
+#endif /* CONFIG_ARCH_RANDOM */
#endif /* _ASM_ARCHRANDOM_H */
--
2.17.1
From: Ard Biesheuvel <[email protected]>
Provide a hypervisor implementation of the ARM architected TRNG firmware
interface described in ARM spec DEN0098. All function IDs are implemented,
including both 32-bit and 64-bit versions of the TRNG_RND service, which
is the centerpiece of the API.
The API is backed by the kernel's entropy pool only, to avoid guests
draining more precious direct entropy sources.
Signed-off-by: Ard Biesheuvel <[email protected]>
[Andre: minor fixes, drop arch_get_random() usage]
Signed-off-by: Andre Przywara <[email protected]>
---
arch/arm64/include/asm/kvm_host.h | 2 +
arch/arm64/kvm/Makefile | 2 +-
arch/arm64/kvm/hypercalls.c | 6 +++
arch/arm64/kvm/trng.c | 85 +++++++++++++++++++++++++++++++
4 files changed, 94 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/kvm/trng.c
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 11beda85ee7e..271c79914afd 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -748,4 +748,6 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu);
#define kvm_vcpu_has_pmu(vcpu) \
(test_bit(KVM_ARM_VCPU_PMU_V3, (vcpu)->arch.features))
+int kvm_trng_call(struct kvm_vcpu *vcpu);
+
#endif /* __ARM64_KVM_HOST_H__ */
diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile
index 60fd181df624..8d2b9984ac36 100644
--- a/arch/arm64/kvm/Makefile
+++ b/arch/arm64/kvm/Makefile
@@ -16,7 +16,7 @@ kvm-y := $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o $(KVM)/eventfd.o \
inject_fault.o va_layout.o handle_exit.o \
guest.o debug.o reset.o sys_regs.o \
vgic-sys-reg-v3.o fpsimd.o pmu.o \
- arch_timer.o \
+ arch_timer.o trng.o\
vgic/vgic.o vgic/vgic-init.o \
vgic/vgic-irqfd.o vgic/vgic-v2.o \
vgic/vgic-v3.o vgic/vgic-v4.o \
diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 25ea4ecb6449..ead21b98b620 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -71,6 +71,12 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
if (gpa != GPA_INVALID)
val = gpa;
break;
+ case ARM_SMCCC_TRNG_VERSION:
+ case ARM_SMCCC_TRNG_FEATURES:
+ case ARM_SMCCC_TRNG_GET_UUID:
+ case ARM_SMCCC_TRNG_RND32:
+ case ARM_SMCCC_TRNG_RND64:
+ return kvm_trng_call(vcpu);
default:
return kvm_psci_call(vcpu);
}
diff --git a/arch/arm64/kvm/trng.c b/arch/arm64/kvm/trng.c
new file mode 100644
index 000000000000..99bdd7103c9c
--- /dev/null
+++ b/arch/arm64/kvm/trng.c
@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: GPL-2.0
+// Copyright (C) 2020 Arm Ltd.
+
+#include <linux/arm-smccc.h>
+#include <linux/kvm_host.h>
+
+#include <asm/kvm_emulate.h>
+
+#include <kvm/arm_hypercalls.h>
+
+#define ARM_SMCCC_TRNG_VERSION_1_0 0x10000UL
+
+/* Those values are deliberately separate from the generic SMCCC definitions. */
+#define TRNG_SUCCESS 0UL
+#define TRNG_NOT_SUPPORTED ((unsigned long)-1)
+#define TRNG_INVALID_PARAMETER ((unsigned long)-2)
+#define TRNG_NO_ENTROPY ((unsigned long)-3)
+
+#define TRNG_MAX_BITS64 192
+
+static const uuid_t arm_smc_trng_uuid __aligned(4) = UUID_INIT(
+ 0x0d21e000, 0x4384, 0x11eb, 0x80, 0x70, 0x52, 0x44, 0x55, 0x4e, 0x5a, 0x4c);
+
+static int kvm_trng_do_rnd(struct kvm_vcpu *vcpu, int size)
+{
+ DECLARE_BITMAP(bits, TRNG_MAX_BITS64);
+ u32 num_bits = smccc_get_arg1(vcpu);
+ int i;
+
+ if (num_bits > 3 * size) {
+ smccc_set_retval(vcpu, TRNG_INVALID_PARAMETER, 0, 0, 0);
+ return 1;
+ }
+
+ /* get as many bits as we need to fulfil the request */
+ for (i = 0; i < DIV_ROUND_UP(num_bits, BITS_PER_LONG); i++)
+ bits[i] = get_random_long();
+
+ bitmap_clear(bits, num_bits, TRNG_MAX_BITS64 - num_bits);
+
+ if (size == 32)
+ smccc_set_retval(vcpu, TRNG_SUCCESS, lower_32_bits(bits[1]),
+ upper_32_bits(bits[0]), lower_32_bits(bits[0]));
+ else
+ smccc_set_retval(vcpu, TRNG_SUCCESS, bits[2], bits[1], bits[0]);
+
+ memzero_explicit(bits, sizeof(bits));
+ return 1;
+}
+
+int kvm_trng_call(struct kvm_vcpu *vcpu)
+{
+ const __le32 *u = (__le32 *)arm_smc_trng_uuid.b;
+ u32 func_id = smccc_get_function(vcpu);
+ unsigned long val = TRNG_NOT_SUPPORTED;
+ int size = 64;
+
+ switch (func_id) {
+ case ARM_SMCCC_TRNG_VERSION:
+ val = ARM_SMCCC_TRNG_VERSION_1_0;
+ break;
+ case ARM_SMCCC_TRNG_FEATURES:
+ switch (smccc_get_arg1(vcpu)) {
+ case ARM_SMCCC_TRNG_VERSION:
+ case ARM_SMCCC_TRNG_FEATURES:
+ case ARM_SMCCC_TRNG_GET_UUID:
+ case ARM_SMCCC_TRNG_RND32:
+ case ARM_SMCCC_TRNG_RND64:
+ val = TRNG_SUCCESS;
+ }
+ break;
+ case ARM_SMCCC_TRNG_GET_UUID:
+ smccc_set_retval(vcpu, le32_to_cpu(u[0]), le32_to_cpu(u[1]),
+ le32_to_cpu(u[2]), le32_to_cpu(u[3]));
+ return 1;
+ case ARM_SMCCC_TRNG_RND32:
+ size = 32;
+ fallthrough;
+ case ARM_SMCCC_TRNG_RND64:
+ return kvm_trng_do_rnd(vcpu, size);
+ }
+
+ smccc_set_retval(vcpu, val, 0, 0, 0);
+ return 1;
+}
--
2.17.1
From: Ard Biesheuvel <[email protected]>
The ARM architected TRNG firmware interface, described in ARM spec
DEN0098, define an ARM SMCCC based interface to a true random number
generator, provided by firmware.
Add the definitions of the SMCCC functions as defined by the spec.
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Andre Przywara <[email protected]>
Reviewed-by: Linus Walleij <[email protected]>
Reviewed-by: Sudeep Holla <[email protected]>
---
include/linux/arm-smccc.h | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
index f860645f6512..62c54234576c 100644
--- a/include/linux/arm-smccc.h
+++ b/include/linux/arm-smccc.h
@@ -102,6 +102,37 @@
ARM_SMCCC_OWNER_STANDARD_HYP, \
0x21)
+/* TRNG entropy source calls (defined by ARM DEN0098) */
+#define ARM_SMCCC_TRNG_VERSION \
+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
+ ARM_SMCCC_SMC_32, \
+ ARM_SMCCC_OWNER_STANDARD, \
+ 0x50)
+
+#define ARM_SMCCC_TRNG_FEATURES \
+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
+ ARM_SMCCC_SMC_32, \
+ ARM_SMCCC_OWNER_STANDARD, \
+ 0x51)
+
+#define ARM_SMCCC_TRNG_GET_UUID \
+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
+ ARM_SMCCC_SMC_32, \
+ ARM_SMCCC_OWNER_STANDARD, \
+ 0x52)
+
+#define ARM_SMCCC_TRNG_RND32 \
+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
+ ARM_SMCCC_SMC_32, \
+ ARM_SMCCC_OWNER_STANDARD, \
+ 0x53)
+
+#define ARM_SMCCC_TRNG_RND64 \
+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
+ ARM_SMCCC_SMC_64, \
+ ARM_SMCCC_OWNER_STANDARD, \
+ 0x53)
+
/*
* Return codes defined in ARM DEN 0070A
* ARM DEN 0070A is now merged/consolidated into ARM DEN 0028 C
--
2.17.1
On Wed, Jan 06, 2021 at 10:34:52AM +0000, Andre Przywara wrote:
> The ARM architected TRNG firmware interface, described in ARM spec
> DEN0098, defines an ARM SMCCC based interface to a true random number
> generator, provided by firmware.
> This can be discovered via the SMCCC >=v1.1 interface, and provides
> up to 192 bits of entropy per call.
Reviewed-by: Mark Brown <[email protected]>
On Wed, 20 Jan 2021 at 14:01, Will Deacon <[email protected]> wrote:
>
> On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> > a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
> > in arch_get_random_seed_long_early(). Apologies for messing this up
> > in v5 and thanks to broonie for being on the watch!
> >
> > Will, Catalin: it would be much appreciated if you could consider taking
> > patch 1/5. This contains the common definitions, and is a prerequisite
> > for every other patch, although they are somewhat independent and likely
> > will need to go through different subsystems.
> >
> > [...]
>
> Applied the first patch only to arm64 (for-next/rng), thanks!
>
> [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
> https://git.kernel.org/arm64/c/67c6bb56b649
>
> What's the plan for the rest of the series, and I think the related
> change over at [1]?
>
Given that Ted seems to have lost interest in /dev/random patches, I
was hoping [1] could be taken via the arm64 tree instead. Without this
patch, I don't think we should expose the SMCCC RNG interface via
arch_get_random_seed(), given how insanely often it will be called in
that case.
Note that the KVM patch implements the opposite end of this interface,
and is not affected by [1] at all, so that can be taken at any time.
On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
> in arch_get_random_seed_long_early(). Apologies for messing this up
> in v5 and thanks to broonie for being on the watch!
>
> Will, Catalin: it would be much appreciated if you could consider taking
> patch 1/5. This contains the common definitions, and is a prerequisite
> for every other patch, although they are somewhat independent and likely
> will need to go through different subsystems.
>
> [...]
Applied the first patch only to arm64 (for-next/rng), thanks!
[1/5] firmware: smccc: Add SMCCC TRNG function call IDs
https://git.kernel.org/arm64/c/67c6bb56b649
What's the plan for the rest of the series, and I think the related
change over at [1]?
Cheers,
--
Will
[1] https://lore.kernel.org/linux-arm-kernel/[email protected]/
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev
On 2021-01-20 13:49, Will Deacon wrote:
> On Wed, Jan 20, 2021 at 01:45:24PM +0000, Andre Przywara wrote:
>> On Wed, 20 Jan 2021 13:26:26 +0000
>> Marc Zyngier <[email protected]> wrote:
>>
>> Hi,
>>
>> > On 2021-01-20 13:01, Will Deacon wrote:
>> > > On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
>> > >> a fix to v5, now *really* fixing the wrong priority of SMCCC vs.
>> > >> RNDR in arch_get_random_seed_long_early(). Apologies for messing
>> > >> this up in v5 and thanks to broonie for being on the watch!
>> > >>
>> > >> Will, Catalin: it would be much appreciated if you could consider
>> > >> taking
>> > >> patch 1/5. This contains the common definitions, and is a
>> > >> prerequisite for every other patch, although they are somewhat
>> > >> independent and likely
>> > >> will need to go through different subsystems.
>> > >>
>> > >> [...]
>> > >
>> > > Applied the first patch only to arm64 (for-next/rng), thanks!
>> > >
>> > > [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
>> > > https://git.kernel.org/arm64/c/67c6bb56b649
>> >
>> > I can't see how the rest of the patches can go via any other tree
>> > if all the definitions are in the first one.
>> >
>> > Andre, can you explain what your plan is?
>>
>> Well, I don't really have a great solution for that, other than hoping
>> that 1/5 makes it into Linus' master at some point.
>>
>> I see that it's a stretch, but pulling 1/5 into 5.11 now would
>> prepare the stage for the others to go via any tree, into 5.12-rc1?
>>
>> Or you could maybe take both 1/5 and 5/5 into your kvm-arm tree, and
>> would hope that a git rebase later would sort this out for you?
>>
>> But I think you are much more experienced in those kind of issues, so
>> happy to hear about any other solutions.
>
> for-next/rng is a stable branch, so anybody who wants the first patch
> can
> just pull it (without anything I queue on top).
OK. I'll pull that branch and stash the KVM stuff on top.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
On 2021-01-20 13:01, Will Deacon wrote:
> On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
>> a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
>> in arch_get_random_seed_long_early(). Apologies for messing this up
>> in v5 and thanks to broonie for being on the watch!
>>
>> Will, Catalin: it would be much appreciated if you could consider
>> taking
>> patch 1/5. This contains the common definitions, and is a prerequisite
>> for every other patch, although they are somewhat independent and
>> likely
>> will need to go through different subsystems.
>>
>> [...]
>
> Applied the first patch only to arm64 (for-next/rng), thanks!
>
> [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
> https://git.kernel.org/arm64/c/67c6bb56b649
I can't see how the rest of the patches can go via any other tree
if all the definitions are in the first one.
Andre, can you explain what your plan is?
Thanks,
M.
--
Jazz is not dead. It just smells funny...
On Wed, Jan 20, 2021 at 02:15:59PM +0100, Ard Biesheuvel wrote:
> On Wed, 20 Jan 2021 at 14:01, Will Deacon <[email protected]> wrote:
> >
> > On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> > > a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
> > > in arch_get_random_seed_long_early(). Apologies for messing this up
> > > in v5 and thanks to broonie for being on the watch!
> > >
> > > Will, Catalin: it would be much appreciated if you could consider taking
> > > patch 1/5. This contains the common definitions, and is a prerequisite
> > > for every other patch, although they are somewhat independent and likely
> > > will need to go through different subsystems.
> > >
> > > [...]
> >
> > Applied the first patch only to arm64 (for-next/rng), thanks!
> >
> > [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
> > https://git.kernel.org/arm64/c/67c6bb56b649
> >
> > What's the plan for the rest of the series, and I think the related
> > change over at [1]?
> >
>
> Given that Ted seems to have lost interest in /dev/random patches, I
> was hoping [1] could be taken via the arm64 tree instead. Without this
> patch, I don't think we should expose the SMCCC RNG interface via
> arch_get_random_seed(), given how insanely often it will be called in
> that case.
Ok, let's give that a shot -- I'll additionally pick patches 2 and 4 out
of this series, and merge in the /dev/random change on its own branch in
case there are any late objections.
Will
On Wed, Jan 20, 2021 at 01:45:24PM +0000, Andre Przywara wrote:
> On Wed, 20 Jan 2021 13:26:26 +0000
> Marc Zyngier <[email protected]> wrote:
>
> Hi,
>
> > On 2021-01-20 13:01, Will Deacon wrote:
> > > On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> > >> a fix to v5, now *really* fixing the wrong priority of SMCCC vs.
> > >> RNDR in arch_get_random_seed_long_early(). Apologies for messing
> > >> this up in v5 and thanks to broonie for being on the watch!
> > >>
> > >> Will, Catalin: it would be much appreciated if you could consider
> > >> taking
> > >> patch 1/5. This contains the common definitions, and is a
> > >> prerequisite for every other patch, although they are somewhat
> > >> independent and likely
> > >> will need to go through different subsystems.
> > >>
> > >> [...]
> > >
> > > Applied the first patch only to arm64 (for-next/rng), thanks!
> > >
> > > [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
> > > https://git.kernel.org/arm64/c/67c6bb56b649
> >
> > I can't see how the rest of the patches can go via any other tree
> > if all the definitions are in the first one.
> >
> > Andre, can you explain what your plan is?
>
> Well, I don't really have a great solution for that, other than hoping
> that 1/5 makes it into Linus' master at some point.
>
> I see that it's a stretch, but pulling 1/5 into 5.11 now would
> prepare the stage for the others to go via any tree, into 5.12-rc1?
>
> Or you could maybe take both 1/5 and 5/5 into your kvm-arm tree, and
> would hope that a git rebase later would sort this out for you?
>
> But I think you are much more experienced in those kind of issues, so
> happy to hear about any other solutions.
for-next/rng is a stable branch, so anybody who wants the first patch can
just pull it (without anything I queue on top).
Will
On Wed, 20 Jan 2021 13:26:26 +0000
Marc Zyngier <[email protected]> wrote:
Hi,
> On 2021-01-20 13:01, Will Deacon wrote:
> > On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> >> a fix to v5, now *really* fixing the wrong priority of SMCCC vs.
> >> RNDR in arch_get_random_seed_long_early(). Apologies for messing
> >> this up in v5 and thanks to broonie for being on the watch!
> >>
> >> Will, Catalin: it would be much appreciated if you could consider
> >> taking
> >> patch 1/5. This contains the common definitions, and is a
> >> prerequisite for every other patch, although they are somewhat
> >> independent and likely
> >> will need to go through different subsystems.
> >>
> >> [...]
> >
> > Applied the first patch only to arm64 (for-next/rng), thanks!
> >
> > [1/5] firmware: smccc: Add SMCCC TRNG function call IDs
> > https://git.kernel.org/arm64/c/67c6bb56b649
>
> I can't see how the rest of the patches can go via any other tree
> if all the definitions are in the first one.
>
> Andre, can you explain what your plan is?
Well, I don't really have a great solution for that, other than hoping
that 1/5 makes it into Linus' master at some point.
I see that it's a stretch, but pulling 1/5 into 5.11 now would
prepare the stage for the others to go via any tree, into 5.12-rc1?
Or you could maybe take both 1/5 and 5/5 into your kvm-arm tree, and
would hope that a git rebase later would sort this out for you?
But I think you are much more experienced in those kind of issues, so
happy to hear about any other solutions.
Thanks,
Andre
On Wed, 6 Jan 2021 10:34:48 +0000, Andre Przywara wrote:
> a fix to v5, now *really* fixing the wrong priority of SMCCC vs. RNDR
> in arch_get_random_seed_long_early(). Apologies for messing this up
> in v5 and thanks to broonie for being on the watch!
>
> Will, Catalin: it would be much appreciated if you could consider taking
> patch 1/5. This contains the common definitions, and is a prerequisite
> for every other patch, although they are somewhat independent and likely
> will need to go through different subsystems.
>
> [...]
Applied to kvm-arm64/rng-5.12, thanks!
[5/5] KVM: arm64: implement the TRNG hypervisor call
commit: a8e190cdae1bf8e9e490776b8179babc1962bb25
Cheers,
M.
--
Without deviation from the norm, progress is not possible.
On Wed, 6 Jan 2021 at 11:35, Andre Przywara <[email protected]> wrote:
>
> From: Ard Biesheuvel <[email protected]>
>
> Implement arch_get_random_seed_*() for ARM based on the firmware
> or hypervisor provided entropy source described in ARM DEN0098.
>
> This will make the kernel's random number generator consume entropy
> provided by this interface, at early boot, and periodically at
> runtime when reseeding.
>
> Cc: Linus Walleij <[email protected]>
> Cc: Russell King <[email protected]>
> Signed-off-by: Ard Biesheuvel <[email protected]>
> [Andre: rework to be initialised by the SMCCC firmware driver]
> Signed-off-by: Andre Przywara <[email protected]>
> Reviewed-by: Linus Walleij <[email protected]>
I think this one could be dropped into rmk's patch tracker now, right?
> ---
> arch/arm/Kconfig | 4 ++
> arch/arm/include/asm/archrandom.h | 64 +++++++++++++++++++++++++++++++
> 2 files changed, 68 insertions(+)
>
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 138248999df7..bfe642510b0a 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -1644,6 +1644,10 @@ config STACKPROTECTOR_PER_TASK
> Enable this option to switch to a different method that uses a
> different canary value for each task.
>
> +config ARCH_RANDOM
> + def_bool y
> + depends on HAVE_ARM_SMCCC_DISCOVERY
> +
> endmenu
>
> menu "Boot options"
> diff --git a/arch/arm/include/asm/archrandom.h b/arch/arm/include/asm/archrandom.h
> index a8e84ca5c2ee..f3e96a5b65f8 100644
> --- a/arch/arm/include/asm/archrandom.h
> +++ b/arch/arm/include/asm/archrandom.h
> @@ -2,9 +2,73 @@
> #ifndef _ASM_ARCHRANDOM_H
> #define _ASM_ARCHRANDOM_H
>
> +#ifdef CONFIG_ARCH_RANDOM
> +
> +#include <linux/arm-smccc.h>
> +#include <linux/kernel.h>
> +
> +#define ARM_SMCCC_TRNG_MIN_VERSION 0x10000UL
> +
> +extern bool smccc_trng_available;
> +
> +static inline bool __init smccc_probe_trng(void)
> +{
> + struct arm_smccc_res res;
> +
> + arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_VERSION, &res);
> + if ((s32)res.a0 < 0)
> + return false;
> + if (res.a0 >= ARM_SMCCC_TRNG_MIN_VERSION) {
> + /* double check that the 32-bit flavor is available */
> + arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_FEATURES,
> + ARM_SMCCC_TRNG_RND32,
> + &res);
> + if ((s32)res.a0 >= 0)
> + return true;
> + }
> +
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_long(unsigned long *v)
> +{
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_int(unsigned int *v)
> +{
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
> +{
> + struct arm_smccc_res res;
> +
> + if (smccc_trng_available) {
> + arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND32, 8 * sizeof(*v), &res);
> +
> + if (res.a0 != 0)
> + return false;
> +
> + *v = res.a3;
> + return true;
> + }
> +
> + return false;
> +}
> +
> +static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
> +{
> + return arch_get_random_seed_long((unsigned long *)v);
> +}
> +
> +
> +#else /* !CONFIG_ARCH_RANDOM */
> +
> static inline bool __init smccc_probe_trng(void)
> {
> return false;
> }
>
> +#endif /* CONFIG_ARCH_RANDOM */
> #endif /* _ASM_ARCHRANDOM_H */
> --
> 2.17.1
>