Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3762013pxu; Sun, 11 Oct 2020 23:40:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw94vEFNW8pQX7NnbB5PFbu/L+UK/EPIf3yqUL8YpdA1Z8ebvGXBsRJKJSuG/AQIwcZBmQ3 X-Received: by 2002:a17:906:685a:: with SMTP id a26mr27336139ejs.458.1602484812642; Sun, 11 Oct 2020 23:40:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602484812; cv=none; d=google.com; s=arc-20160816; b=D5a59gYWWUGFbYKx/KIDeeAMTsMlgaB9qRG9LL0z9hjrOqjoM3MFflZyPcGTmOYcsp 0IS+gLqRXnAJRxh+K8xb/gSuv0tVDTGPbdOaQ/Wa5wlPZMdjyXKcRIwj5hGFhQQ9tYNz T23tt5vwOYZirEvHfecZv+yX0sOpQYeByKSEAZNfBdNOH1GAs/+e2gb4/emrsSMOTo9C I9IyOrnBFdE3zVmjt60LAWKhfaYIyQj+IYZklp5x3mFPgYMgKrGJktxGpE3PSZ7lwpfY QXBCU9UNKC90ICvQXUw0a1pMO6ii11yy2Dx3nH4uNl2bGNO5yZi4AVXzcqHCGO0TBihQ aJMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=PjKblL9DsDXICKW1gu+JGS0Ggpf7JTcYqSEvn1myfPk=; b=dt8cjxYl9aodXSVmx/NRbLycI/pfXiOnDSj5zpgWFmGxwf/zfTbg1ETvBSszsB1hQo FKMeQzcgNySgwpEM3UgAKiDlLMjZpio2d5kJNpExc+ilQuUG+IlnGzhRTmnoj6FsMHFS 8RFf1OLfR9n6Sa0vRfh7iazTMizA3sodhkGvrMXjCFcyfWNJQpv9cz/o7JHLo2W+ffKP BWRvkNO0fqAnfC2uLkt4I0GkX4kkCltTul6tBK/+R92QyNcpJwdAhBOqASpJolP4TiMq X32bLfjp6OMqQQucKB8Ygg0GN0MOuvVNvuCeCF9Hnn3RAF6IJvBMY2waSprM3TtqWEBt yynQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=z6YW8pnz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qn3si11588998ejb.655.2020.10.11.23.39.49; Sun, 11 Oct 2020 23:40:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=z6YW8pnz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726216AbgJLGfj (ORCPT + 99 others); Mon, 12 Oct 2020 02:35:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:39656 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725941AbgJLGfi (ORCPT ); Mon, 12 Oct 2020 02:35:38 -0400 Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DEAD52087D for ; Mon, 12 Oct 2020 06:35:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602484538; bh=hXndvJfgUYBEUZBQhxGGgUznUG20iIo9FKCmrLhjA/w=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=z6YW8pnzmnw6m5TdyFrBXQfdQDkK5Jt9JxkadI2WaXG0PzxUUxisu9MiewKoMVY42 knuZQJWkbqWIfUW8TQh6Fdq/Ll9yMaHBieGdY9Wm8c5UAr/7TsvZumHYiPln547/+2 +UniNLM09dVvT05uPJ5rQiGrqo9sNzTffR4LYRM4= Received: by mail-ot1-f52.google.com with SMTP id s66so14925314otb.2 for ; Sun, 11 Oct 2020 23:35:37 -0700 (PDT) X-Gm-Message-State: AOAM530OqhaHGTgn+pHxQ8jK1cQTtkY/IDn+GmfqDDOu/Z/onP+oTaCN sdWLJe55nDEC312wIyO8ehEtHw4znAciih665o8= X-Received: by 2002:a9d:6c92:: with SMTP id c18mr7928149otr.108.1602484537156; Sun, 11 Oct 2020 23:35:37 -0700 (PDT) MIME-Version: 1.0 References: <20201006201808.37665-1-andre.przywara@arm.com> <20201006201808.37665-3-andre.przywara@arm.com> <65057faa-d06b-6baf-4f12-9587cacbe3a9@arm.com> In-Reply-To: From: Ard Biesheuvel Date: Mon, 12 Oct 2020 08:35:26 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] arm64: Add support for SMCCC TRNG firmware interface To: =?UTF-8?Q?Andr=C3=A9_Przywara?= Cc: James Morse , Catalin Marinas , Will Deacon , Mark Rutland , Lorenzo Pieralisi , Richard Henderson , Linux Kernel Mailing List , Mark Brown , Sudeep Holla , Linux ARM Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 7 Oct 2020 at 16:44, Andr=C3=A9 Przywara w= rote: > > On 07/10/2020 15:16, James Morse wrote: > > Hi, > > > On 06/10/2020 21:18, Andre Przywara wrote: > >> The ARM architected TRNG firmware interface, described in ARM spec > >> DEN0098[1], defines an ARM SMCCC based interface to a true random numb= er > >> generator, provided by firmware. > >> This can be discovered via the SMCCC >=3Dv1.1 interface, and provides > >> up to 192 bits of entropy per call. > >> > >> Hook this SMC call into arm64's arch_get_random_*() implementation, > >> coming to the rescue when the CPU does not implement the ARM v8.5 RNG > >> system registers. > >> > >> For the detection, we piggy back on the PSCI/SMCCC discovery (which gi= ves > >> us the conduit to use: hvc or smc), then try to call the > >> ARM_SMCCC_TRNG_VERSION function, which returns -1 if this interface is > >> not implemented. > > > >> arch/arm64/include/asm/archrandom.h | 83 +++++++++++++++++++++++++---= - > >> 1 file changed, 73 insertions(+), 10 deletions(-) > > > >> diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/= asm/archrandom.h > >> index ffb1a40d5475..b6c291c42a48 100644 > >> --- a/arch/arm64/include/asm/archrandom.h > >> +++ b/arch/arm64/include/asm/archrandom.h > >> @@ -7,6 +7,13 @@ > >> #include > >> #include > >> #include > >> +#include > >> + > >> +static enum smc_trng_status { > >> + SMC_TRNG_UNKNOWN, > >> + SMC_TRNG_NOT_SUPPORTED, > >> + SMC_TRNG_SUPPORTED > >> +} smc_trng_status =3D SMC_TRNG_UNKNOWN; > > > > Doesn't this static variable in a header file mean each file that inclu= des this has its > > own copy? Is that intentional? > > Right, and it's not intentional. It doesn't really break, but since > random.h includes archrandom.h, we get an instance everywhere :-( > > I wasn't too happy with this detection method to begin with (and also > not with stuffing everything into a header file), but wanted to > accommodate the early case, where PSCI hasn't been initialised yet, and > so we don't know the SMCCC conduit. A static key sounds better, but gets > a bit hairy with this scenario, I think. > > Any ideas here? I think the early case isn't worth obsessing about. PSCI is initialized in setup_arch(), which gets called way before rand_initialize(), which is where this functionality will get used the first time typically. And kaslr_early_init() is called extremely early, i.e., straight from head.S, and we should avoid adding any more code there that sets global state (if kaslr_early_init() exits successfully, the kernel will be unmapped and remapped again in a different place, and BSS cleared again etc etc) > I could copy Ard's solution and introduce random.c, if that makes more > sense. > > Cheers, > Andre