The "Arm True Random Number Generator Firmware Interface"[1] provides
an SMCCC based interface to a true hardware random number generator.
So far we are using that in arch_get_random_seed(), but it might be
useful to expose the entropy through the /dev/hwrng device as well. This
allows to assess the quality of the implementation, by using "rngtest"
from the rng-tools package, for example.
Add a simple platform driver implementing the hw_random interface.
We unconditionally instantiate the platform device in the driver file,
then probe for the existence of the SMCCC TRNG implementation in the
driver's probe routine.
Since the firmware takes care about serialisation, this can happily
coexist with the arch_get_random_seed() bits.
Signed-off-by: Andre Przywara <[email protected]>
[1] https://developer.arm.com/documentation/den0098/latest/
---
Hi,
as Ard mentioned in some recent thread, we might consider this driver
now (which was dismissed when arch_get_random() got SMCCC TRNG support).
The device/driver instantiation is not really great, ideally we let
some generic SMCCC discovery instantiate the device or trigger the driver
probe.
Let me know what you think!
Btw: this can be easily tested in a KVM guest (on a recent host kernel).
Cheers,
Andre
drivers/char/hw_random/Kconfig | 11 ++
drivers/char/hw_random/Makefile | 1 +
drivers/char/hw_random/arm_smccc_trng.c | 162 ++++++++++++++++++++++++
3 files changed, 174 insertions(+)
create mode 100644 drivers/char/hw_random/arm_smccc_trng.c
diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index 1fe006f3f12f..7d65a0da2170 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -524,6 +524,17 @@ config HW_RANDOM_XIPHERA
To compile this driver as a module, choose M here: the
module will be called xiphera-trng.
+config HW_RANDOM_ARM_SMCCC_TRNG
+ tristate "Arm SMCCC TRNG firmware interface support"
+ depends on HAVE_ARM_SMCCC_DISCOVERY
+ default HW_RANDOM
+ help
+ Say 'Y' to enable the True Random Number Generator driver using
+ the Arm SMCCC TRNG firmware interface. This reads entropy from
+ higher exception levels (firmware, hypervisor). Uses SMCCC for
+ communicating with the firmware.
+ https://developer.arm.com/documentation/den0098/latest/
+
endif # HW_RANDOM
config UML_RANDOM
diff --git a/drivers/char/hw_random/Makefile b/drivers/char/hw_random/Makefile
index 8933fada74f2..a5a1c765a394 100644
--- a/drivers/char/hw_random/Makefile
+++ b/drivers/char/hw_random/Makefile
@@ -45,3 +45,4 @@ obj-$(CONFIG_HW_RANDOM_OPTEE) += optee-rng.o
obj-$(CONFIG_HW_RANDOM_NPCM) += npcm-rng.o
obj-$(CONFIG_HW_RANDOM_CCTRNG) += cctrng.o
obj-$(CONFIG_HW_RANDOM_XIPHERA) += xiphera-trng.o
+obj-$(CONFIG_HW_RANDOM_ARM_SMCCC_TRNG) += arm_smccc_trng.o
diff --git a/drivers/char/hw_random/arm_smccc_trng.c b/drivers/char/hw_random/arm_smccc_trng.c
new file mode 100644
index 000000000000..584ed5ffe1ce
--- /dev/null
+++ b/drivers/char/hw_random/arm_smccc_trng.c
@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Randomness driver for the ARM SMCCC TRNG Firmware Interface
+ * https://developer.arm.com/documentation/den0098/latest/
+ *
+ * Copyright (C) 2020 Arm Ltd.
+ *
+ * The ARM TRNG firmware interface specifies a protocol to read entropy
+ * from a higher exception level, to abstract from any machine specific
+ * implemenations and allow easier use in hypervisors.
+ *
+ * The firmware interface is realised using the SMCCC specification.
+ */
+
+#include <linux/bits.h>
+#include <linux/device.h>
+#include <linux/hw_random.h>
+#include <linux/module.h>
+#include <linux/platform_device.h>
+#include <linux/arm-smccc.h>
+
+#ifdef CONFIG_ARM64
+#define ARM_SMCCC_TRNG_RND ARM_SMCCC_TRNG_RND64
+#define MAX_BITS_PER_CALL (3 * 64UL)
+#else
+#define ARM_SMCCC_TRNG_RND ARM_SMCCC_TRNG_RND32
+#define MAX_BITS_PER_CALL (3 * 32UL)
+#endif
+
+/* We don't want to allow the firmware to stall us forever. */
+#define SMCCC_TRNG_MAX_TRIES 20
+
+#define SMCCC_RET_TRNG_INVALID_PARAMETER -2
+#define SMCCC_RET_TRNG_NO_ENTROPY -3
+
+static int smccc_trng_init(struct hwrng *rng)
+{
+ return 0;
+}
+
+static int copy_from_registers(char *buf, struct arm_smccc_res *res,
+ size_t bytes)
+{
+ unsigned int chunk, copied;
+
+ if (bytes == 0)
+ return 0;
+
+ chunk = min(bytes, sizeof(long));
+ memcpy(buf, &res->a3, chunk);
+ copied = chunk;
+ if (copied >= bytes)
+ return copied;
+
+ chunk = min((bytes - copied), sizeof(long));
+ memcpy(&buf[copied], &res->a2, chunk);
+ copied += chunk;
+ if (copied >= bytes)
+ return copied;
+
+ chunk = min((bytes - copied), sizeof(long));
+ memcpy(&buf[copied], &res->a1, chunk);
+
+ return copied + chunk;
+}
+
+static int smccc_trng_read(struct hwrng *rng, void *data, size_t max, bool wait)
+{
+ struct arm_smccc_res res;
+ u8 *buf = data;
+ unsigned int copied = 0;
+ int tries = 0;
+
+ while (copied < max) {
+ size_t bits = min_t(size_t, (max - copied) * BITS_PER_BYTE,
+ MAX_BITS_PER_CALL);
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND, bits, &res);
+ if ((int)res.a0 < 0)
+ return (int)res.a0;
+
+ switch ((int)res.a0) {
+ case SMCCC_RET_SUCCESS:
+ copied += copy_from_registers(buf + copied, &res,
+ bits / BITS_PER_BYTE);
+ tries = 0;
+ break;
+ case SMCCC_RET_TRNG_NO_ENTROPY:
+ if (!wait)
+ return copied;
+ tries++;
+ if (tries >= SMCCC_TRNG_MAX_TRIES)
+ return copied;
+ cond_resched();
+ break;
+ }
+ }
+
+ return copied;
+}
+
+static int smccc_trng_probe(struct platform_device *pdev)
+{
+ struct arm_smccc_res res;
+ struct hwrng *trng;
+ u32 version;
+ int ret;
+
+ /* We need ARM SMCCC v1.1, with its autodetection feature. */
+ if (arm_smccc_get_version() < ARM_SMCCC_VERSION_1_1)
+ return -ENODEV;
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_VERSION, &res);
+ if ((int)res.a0 < 0)
+ return -ENODEV;
+ version = res.a0;
+
+ arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_FEATURES,
+ ARM_SMCCC_TRNG_RND, &res);
+ if ((int)res.a0 < 0)
+ return -ENODEV;
+
+ trng = devm_kzalloc(&pdev->dev, sizeof(*trng), GFP_KERNEL);
+ if (!trng)
+ return -ENOMEM;
+
+ trng->name = "smccc_trng";
+ trng->init = smccc_trng_init;
+ trng->read = smccc_trng_read;
+
+ platform_set_drvdata(pdev, trng);
+ ret = devm_hwrng_register(&pdev->dev, trng);
+ if (ret)
+ return -ENOENT;
+
+ dev_info(&pdev->dev,
+ "ARM SMCCC TRNG firmware random number generator v%d.%d\n",
+ version >> 16, version & 0xffff);
+
+ return 0;
+}
+
+static struct platform_driver smccc_trng_driver = {
+ .driver = {
+ .name = "smccc_trng",
+ },
+ .probe = smccc_trng_probe,
+};
+
+module_platform_driver(smccc_trng_driver);
+
+static int __init smccc_trng_dev_init(void)
+{
+ platform_device_register_simple("smccc_trng", -1, NULL, 0);
+
+ return 0;
+}
+
+device_initcall(smccc_trng_dev_init);
+
+MODULE_AUTHOR("Andre Przywara");
+MODULE_LICENSE("GPL");
--
2.17.5
On Fri, Jun 04, 2021 at 06:02:16PM +0100, Andre Przywara wrote:
> +static int __init smccc_trng_dev_init(void)
> +{
> + platform_device_register_simple("smccc_trng", -1, NULL, 0);
> +
> + return 0;
> +}
> +
> +device_initcall(smccc_trng_dev_init);
This will leave the device registered if the driver is removed and cause
the attempt to register the device again to fail if the module is
reloaded. We don't check the error here but I'm not sure the driver
core won't complain about that and it's generally icky, better to clean
up the device on module removal.
Hi Andre,
I love your patch! Yet something to improve:
[auto build test ERROR on char-misc/char-misc-testing]
[also build test ERROR on cryptodev/master v5.13-rc4 next-20210604]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Andre-Przywara/hwrng-Add-Arm-SMCCC-TRNG-based-driver/20210605-010413
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git 603e4922f1c81fc2ed3a87b4f91a8d3aafc7e093
config: arm64-defconfig (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/8621d0b34bd766e57a245ca5dd796343235ab8d5
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Andre-Przywara/hwrng-Add-Arm-SMCCC-TRNG-based-driver/20210605-010413
git checkout 8621d0b34bd766e57a245ca5dd796343235ab8d5
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
All errors (new ones prefixed by >>):
In file included from drivers/char/hw_random/arm_smccc_trng.c:18:
>> include/linux/module.h:130:42: error: redefinition of '__inittest'
130 | static inline initcall_t __maybe_unused __inittest(void) \
| ^~~~~~~~~~
include/linux/module.h:121:30: note: in expansion of macro 'module_init'
121 | #define device_initcall(fn) module_init(fn)
| ^~~~~~~~~~~
drivers/char/hw_random/arm_smccc_trng.c:159:1: note: in expansion of macro 'device_initcall'
159 | device_initcall(smccc_trng_dev_init);
| ^~~~~~~~~~~~~~~
include/linux/module.h:130:42: note: previous definition of '__inittest' was here
130 | static inline initcall_t __maybe_unused __inittest(void) \
| ^~~~~~~~~~
include/linux/device/driver.h:263:1: note: in expansion of macro 'module_init'
263 | module_init(__driver##_init); \
| ^~~~~~~~~~~
include/linux/platform_device.h:257:2: note: in expansion of macro 'module_driver'
257 | module_driver(__platform_driver, platform_driver_register, \
| ^~~~~~~~~~~~~
drivers/char/hw_random/arm_smccc_trng.c:150:1: note: in expansion of macro 'module_platform_driver'
150 | module_platform_driver(smccc_trng_driver);
| ^~~~~~~~~~~~~~~~~~~~~~
>> include/linux/module.h:132:6: error: redefinition of 'init_module'
132 | int init_module(void) __copy(initfn) \
| ^~~~~~~~~~~
include/linux/module.h:121:30: note: in expansion of macro 'module_init'
121 | #define device_initcall(fn) module_init(fn)
| ^~~~~~~~~~~
drivers/char/hw_random/arm_smccc_trng.c:159:1: note: in expansion of macro 'device_initcall'
159 | device_initcall(smccc_trng_dev_init);
| ^~~~~~~~~~~~~~~
include/linux/module.h:132:6: note: previous definition of 'init_module' was here
132 | int init_module(void) __copy(initfn) \
| ^~~~~~~~~~~
include/linux/device/driver.h:263:1: note: in expansion of macro 'module_init'
263 | module_init(__driver##_init); \
| ^~~~~~~~~~~
include/linux/platform_device.h:257:2: note: in expansion of macro 'module_driver'
257 | module_driver(__platform_driver, platform_driver_register, \
| ^~~~~~~~~~~~~
drivers/char/hw_random/arm_smccc_trng.c:150:1: note: in expansion of macro 'module_platform_driver'
150 | module_platform_driver(smccc_trng_driver);
| ^~~~~~~~~~~~~~~~~~~~~~
vim +/__inittest +130 include/linux/module.h
0fd972a7d91d6e Paul Gortmaker 2015-05-01 127
0fd972a7d91d6e Paul Gortmaker 2015-05-01 128 /* Each module must use one module_init(). */
0fd972a7d91d6e Paul Gortmaker 2015-05-01 129 #define module_init(initfn) \
1f318a8bafcfba Arnd Bergmann 2017-02-01 @130 static inline initcall_t __maybe_unused __inittest(void) \
0fd972a7d91d6e Paul Gortmaker 2015-05-01 131 { return initfn; } \
cf68fffb66d60d Sami Tolvanen 2021-04-08 @132 int init_module(void) __copy(initfn) \
cf68fffb66d60d Sami Tolvanen 2021-04-08 133 __attribute__((alias(#initfn))); \
cf68fffb66d60d Sami Tolvanen 2021-04-08 134 __CFI_ADDRESSABLE(init_module, __initdata);
0fd972a7d91d6e Paul Gortmaker 2015-05-01 135
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]