Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp18493068rwd; Tue, 27 Jun 2023 18:33:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6uuDUvISf+JSAApf/KkBz59zRS0AeBBUPziUPkWp0zY7gYPfThP1aceVCs3z3ZyM4UWG+K X-Received: by 2002:a05:6808:983:b0:3a3:6536:dd89 with SMTP id a3-20020a056808098300b003a36536dd89mr473941oic.49.1687916023802; Tue, 27 Jun 2023 18:33:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687916023; cv=none; d=google.com; s=arc-20160816; b=vDUX8L2nxWICjZDdYK6RexIOYl1uTpSbsaaHPD9TjYRaZ7tGGtjcfvcMfU0sQuahHm 8Os0yos6JK8duysGVvzn5Ip3kP9F+/ME8/Xp9hrJVZwOyfZNZ5HBPkwDWR3ZIzU0a5HD gQBOZOyii8JrvkXVBK3L+Tx0GpMcqVOlOaPDvo62pR7UZzmlhIAenwfwOC8q9EjHJiPm fhGztxDusVZ78XkbwgmN+ppbMA5Zj43Qjw9H5K2jwcBUHOt7VkMnS71zlcO1RR8jNgLk eQrUDke4vBri37gd9S9QCAw2dOaZyeHSXLprm+dupOXDVxdPOHdbVC/xj76lr27smf37 vogQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to :message-id:mime-version:user-agent:feedback-id:dkim-signature :dkim-signature; bh=1CmL+OsJfO32uUM+cLpgDuXbofgPpKxCFNKoabUu/g0=; fh=G1QN8G2eOurPdXYQDvmWIuGw3tfqd8fVN+HE/17Ypn0=; b=KnLoAdol6RjRqy2pylXQ3vBC1gj/oIWGarw68ooHeaKDFbV62ikV0EPqbDhKT1vbt/ /h6pKaYsnT2vZoPRBZnQUbFOktpkoQQ+oXMXZ90qFMpchllUwd6Zdbut9fEV2gNxGW9u 1lzKhVzXYeQcZ6swLav3qYhblBjZaNGxKoNNQxXj3kJKAuvhf3dv0pzpBiBGiEUzHu2S 254gp8GPDqW/qY26OP2RC3UX4MebptcCNmOVm2Q7uk2sEgv0ZwIR2sDCuibllGDRx/g4 O14oI4LytjnVJ61x+NMgt35hwkQ2NtIDb6X3slpgiOQm6B2hyZLnxgCK5yVMoKbN9bag YCHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fastmail.com header.s=fm2 header.b=j64aCXxf; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=c2t31nV3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fastmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c5-20020a17090a674500b0026121515137si749864pjm.45.2023.06.27.18.33.31; Tue, 27 Jun 2023 18:33:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@fastmail.com header.s=fm2 header.b=j64aCXxf; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=c2t31nV3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fastmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230416AbjF1BBU (ORCPT + 99 others); Tue, 27 Jun 2023 21:01:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230412AbjF1BBS (ORCPT ); Tue, 27 Jun 2023 21:01:18 -0400 Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6797A2D58 for ; Tue, 27 Jun 2023 18:01:15 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4950B5C0199; Tue, 27 Jun 2023 21:01:14 -0400 (EDT) Received: from imap50 ([10.202.2.100]) by compute1.internal (MEProxy); Tue, 27 Jun 2023 21:01:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1687914074; x=1688000474; bh=1C mL+OsJfO32uUM+cLpgDuXbofgPpKxCFNKoabUu/g0=; b=j64aCXxfUsfNQh9nG3 nsUxUn4qA8bSWqRgmWTChjAtPWv9ZmLdXyz1FRDFOxrIopA0zIVCbkaeeiMe19ic b3IbGq+ueLd3ULtIqW3AxW5Z6BdI0UdfLcS1TG4itTR46AENALLS9pt08q+g0DL8 CeOsxkzoM7Hdacl0AszgQZQyh2GfW0gZvShHRBSNovgiCNHbN7SQfXniEo3XWR29 kP8THoLfDS2wnCs9afOTBvPLkl5obVwC5Xb797CDpKU7dPhjhkXNg1/kC8DgqoGf jV7YMQpIxA4tzLf/MgC177m8AtiDrFSVhFan7MUmm88EGBfGBPSY4eP9MXKjM4UG 8QTQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1687914074; x=1688000474; bh=1CmL+OsJfO32u UM+cLpgDuXbofgPpKxCFNKoabUu/g0=; b=c2t31nV3sL2V+8FnRj34agaiEh+a0 BhVWCWi4QuiePs3LZXCN5NFi9L7yr2ClKINcXRs8PGYtcvElTUUF9k+rrfYVDL87 DtPeU4Le/XjZWg76GjVFQHaIJDqp9EdzAcAO+4+LAdociR8QYnPwBNZ7Wll7QK5j WTtp7wTcnSss+KFgCXtVSe4ouaCf+sCcgbvMj8XKqaTFNL9B6oT+EY+oyrZwc9aJ htcFjAYMDkP1EnDtbp09r1E1tnIzqlHEM7DuU0gr6Oderf3PIqk/YRHCgo03dquU NDWTuTXR8bfRVXsnWy+LB0/36qANrMtx+OnR5vSG7GUwFofRJJ+OOau0g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddugdegvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdfuthgv fhgrnhcuqfdktfgvrghrfdcuoehsohhrvggrrhesfhgrshhtmhgrihhlrdgtohhmqeenuc ggtffrrghtthgvrhhnpeejueehgedtueetgefhheejjeeigffhieefjeehuddvueegtdfh heevgfeggfektdenucffohhmrghinhepihhnfhhrrgguvggrugdrohhrghenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsohhrvggrrhesfhgr shhtmhgrihhlrdgtohhm X-ME-Proxy: Feedback-ID: i84414492:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id E266A1700089; Tue, 27 Jun 2023 21:01:13 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-499-gf27bbf33e2-fm-20230619.001-gf27bbf33 Mime-Version: 1.0 Message-Id: <644e7acf-905d-42b2-87d9-81b98ccca25c@app.fastmail.com> In-Reply-To: <20230627143747.1599218-4-sameo@rivosinc.com> References: <20230627143747.1599218-1-sameo@rivosinc.com> <20230627143747.1599218-4-sameo@rivosinc.com> Date: Tue, 27 Jun 2023 21:00:53 -0400 From: "Stefan O'Rear" To: "Samuel Ortiz" , "Paul Walmsley" , "Palmer Dabbelt" , "Albert Ou" , linux-riscv@lists.infradead.org Cc: linux@rivosinc.com, "Conor Dooley" , "Andrew Jones" , "Heiko Stuebner" , "Anup Patel" , linux-kernel@vger.kernel.org, "Hongren (Zenithal) Zheng" , "Guo Ren" , "Atish Patra" , =?UTF-8?Q?Bj=C3=B6rn_T=C3=B6pel?= , "Evan Green" Subject: Re: [PATCH 3/3] RISC-V: Implement archrandom when Zkr is available Content-Type: text/plain X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 27, 2023, at 10:37 AM, Samuel Ortiz wrote: > The Zkr extension is ratified and provides 16 bits of entropy seed when > reading the SEED CSR. > > We can implement arch_get_random_seed_longs() by doing multiple csrrw to > that CSR and filling an unsigned long with valid entropy bits. > > Signed-off-by: Samuel Ortiz > --- > arch/riscv/include/asm/archrandom.h | 66 +++++++++++++++++++++++++++++ > arch/riscv/include/asm/csr.h | 9 ++++ > 2 files changed, 75 insertions(+) > create mode 100644 arch/riscv/include/asm/archrandom.h > > diff --git a/arch/riscv/include/asm/archrandom.h > b/arch/riscv/include/asm/archrandom.h > new file mode 100644 > index 000000000000..3d01aab2800a > --- /dev/null > +++ b/arch/riscv/include/asm/archrandom.h > @@ -0,0 +1,66 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * Kernel interface for the RISCV arch_random_* functions > + * > + * Copyright (c) 2022 by Rivos Inc. > + * > + */ > + > +#ifndef ASM_RISCV_ARCHRANDOM_H > +#define ASM_RISCV_ARCHRANDOM_H > + > +#include > + > +#define PR_PREFIX "Zkr Extension: " > +#define SEED_RETRY_LOOPS 10 > + > +static inline bool __must_check csr_seed_long(unsigned long *v) > +{ > + unsigned int retry = SEED_RETRY_LOOPS; > + unsigned int needed_seeds = sizeof(unsigned long) / 2, valid_seeds = > 0; > + u16 *entropy = (u16 *)v; > + > + do { > + /* > + * The SEED CSR (0x015) must be accessed with a read-write > + * instruction. Moreover, implementations must ignore the write > + * value, its purpose is to signal polling for new seed. > + */ > + unsigned long csr_seed = csr_swap(CSR_SEED, 0); > + > + switch (csr_seed & SEED_OPST_MASK) { > + case SEED_OPST_ES16: > + entropy[valid_seeds++] = csr_seed & SEED_ENTROPY_MASK; > + if (valid_seeds == needed_seeds) > + return true; > + break; > + > + case SEED_OPST_DEAD: > + pr_err_once(PR_PREFIX "Unrecoverable error\n"); > + return false; > + > + case SEED_OPST_BIST: > + pr_info(PR_PREFIX "On going Built-in Self Test\n"); > + fallthrough; > + > + case SEED_OPST_WAIT: > + default: > + continue; > + } > + > + } while (--retry); > + > + return false; > +} The Entropy Source specification is annoyingly vague about expected retry counts, only saying that "Without a polling-style mechanism, the entropy source could hang for thousands of cycles under some circumstances." Likewise no constraint is placed on the maximum runtime of a BIST or the maximum number of times SEED_OPST_BIST is repeatedly returned (only that it be returned at least once if the BIST starts and finishes between seed reads). With that, the limit of 10 reads seems suspiciously small. Is there a specific justification or is it known to work on some hardware? -s > + > +static inline size_t __must_check arch_get_random_longs(unsigned long > *v, size_t max_longs) > +{ > + return 0; > +} > + > +static inline size_t __must_check arch_get_random_seed_longs(unsigned > long *v, size_t max_longs) > +{ > + return max_longs && riscv_isa_extension_available(NULL, ZKR) && > csr_seed_long(v) ? 1 : 0; > +} > + > +#endif /* ASM_RISCV_ARCHRANDOM_H */ > diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h > index b98b3b6c9da2..7d0ca9082c66 100644 > --- a/arch/riscv/include/asm/csr.h > +++ b/arch/riscv/include/asm/csr.h > @@ -389,6 +389,15 @@ > #define CSR_VTYPE 0xc21 > #define CSR_VLENB 0xc22 > > +/* Scalar Crypto Extension - Entropy */ > +#define CSR_SEED 0x015 > +#define SEED_OPST_MASK _AC(0xC0000000, UL) > +#define SEED_OPST_BIST _AC(0x00000000, UL) > +#define SEED_OPST_WAIT _AC(0x40000000, UL) > +#define SEED_OPST_ES16 _AC(0x80000000, UL) > +#define SEED_OPST_DEAD _AC(0xC0000000, UL) > +#define SEED_ENTROPY_MASK _AC(0xFFFF, UL) > + > #ifdef CONFIG_RISCV_M_MODE > # define CSR_STATUS CSR_MSTATUS > # define CSR_IE CSR_MIE > -- > 2.41.0 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv