Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2750750ybl; Mon, 20 Jan 2020 08:39:31 -0800 (PST) X-Google-Smtp-Source: APXvYqxOocQwvCkIYm227G6piu4zOsGYl8sLx02yOb+7e4lZqwd7DXU7o2RAGYmEAmFcDs+Z8I0p X-Received: by 2002:a05:6808:319:: with SMTP id i25mr135362oie.128.1579538370740; Mon, 20 Jan 2020 08:39:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1579538370; cv=pass; d=google.com; s=arc-20160816; b=cK8weLYgvBlSUIHItdW8RfC76asO1z/PBvJhT8q5O+BGhqM7E6UvB9r1HkeYT8HFNt cDCV8P/SIWFj3ws/U/3XL1crCi7kojPv6FissNo56XILpznfn5B7jKJlIZ+I8SUthbQh h+10gFbgWAy3UPyar7soVCiNQRm9BZKXhz1cSyfSfE5H60pBC1ZDy0+E0KTH9pUbNNpV jB/IskQAFsr2VkKwbmUwDb31XsmGV4dToqUlRG6ftgPwBXzgVT4vJCZ1AHiEhEuKCYmx OQ36Bg+qtnV/gFGS8NXEGgdSktbrGt3j0JTDa374gKmXDSqDjg75XjfmTMal+HnTmZL+ N4xg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=yraLZ+mAckyeAxXv/M8mZC6WbiXgaTZCQKEsykbHTlU=; b=NXuQeEvcFH4e6LoiEdznBFq0hfYzIJ3mHbg16JaAnGEA+DygKG4lw2xTh3/c3Mk9+/ GaFeyqk5JxErzXi51gylqgwOCHiqQG3Wc9urthDn8h9N6Wse2MBJTOC7BxejXe25k26a pqOeXbZltVR9fxvcV8jf6eoQ5KuvxYD5vAolhLfQSA/nB30aWGfeyKdAwyDv4lFcSMLL GR1l5yDQQI+B4Fzlo/BSsIITVKPI7FwafE9azdmsMO0lv4FBYoJm3Q1mGYnlQYGns5NB LNnoEJh6Sg3Ggb5i7EHu+nzX+zKV63BnjV0uT9zu+0ErPTkuxAOfkexphy0HTNRCxqdG uGVA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=o+gZWM5c; arc=pass (i=1 spf=pass spfdomain=nxp.com dkim=pass dkdomain=nxp.com dmarc=pass fromdomain=nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n14si7252991otf.167.2020.01.20.08.39.11; Mon, 20 Jan 2020 08:39:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=o+gZWM5c; arc=pass (i=1 spf=pass spfdomain=nxp.com dkim=pass dkdomain=nxp.com dmarc=pass fromdomain=nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726901AbgATQjL (ORCPT + 99 others); Mon, 20 Jan 2020 11:39:11 -0500 Received: from mail-eopbgr140074.outbound.protection.outlook.com ([40.107.14.74]:8568 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726897AbgATQjL (ORCPT ); Mon, 20 Jan 2020 11:39:11 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oJF4dQpnv52ZW3WnzinY73eSKOQ0e6PAN+Uf33dokJ7zoWQ4n5lQiLKZQB3lttagAcToHD5WjR/clC64JyiiRsCsJFEUCSIQLVSAvJhTUHNxDW8vZtqE/EH5i08yV+d69hEUlSnv7xJyaKNE2pPLe++kco7hExhqY79X+5z1ZK2fLIym/9nZHNlDQsnJriDPPDcPO0pq37N3nCmNDVgD1lPL/y0lyihbkF+UmEG8hW19Ou9mYWWZKpdLCnbBwCbMdPhQZUqzDnARwdZUTeQKVhdF4n6o4BPm2x7UEkm+eVyhORil+/4COjDRNjsCQy8e3iLDBL38929+M6UprrHl2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yraLZ+mAckyeAxXv/M8mZC6WbiXgaTZCQKEsykbHTlU=; b=NLDKUMRzYkoNiHzB5YQYsyj1o+5A7E2yPr6llsnGbl1OatstYc8yE18WppkNCZTTM2Wa4k56aClJDXt0z7DwOiM8gYHC3CidmiH6433I2XgddJn4VkxSlFHR8L92JMdo5fmyyhlq+nV3ZNhQvjzmJlV2kbH1LjJfddqRXbfiQGpN5TDRsur87GrToQhf6a+Rhna51vMCAnyioqcUBNmw/OZ5SJ36rDB4Ohxjv8M2MlMNFGRNUZo1VxP9e7F2s+lpbyDpbByJYvJC+1NSQv28C8kVvALL/z3MwojmMvlwtfwBQzVomqnKhuHaBQjuv1nd11jezKuDozo5Zr10mZAQhg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yraLZ+mAckyeAxXv/M8mZC6WbiXgaTZCQKEsykbHTlU=; b=o+gZWM5c2IKr8LmuVUl4+5gpkoidSSpblek2wJ/du8IbPaBUGNVI+qhReZ+LyWfIYjgLw6g6ThCxfx/kkBCQGhJ8814ZUAQklXzUdj7ydZrXlDeNeYto5DV2hvhREr8Adj7O7GOOzDvbvSw8iyCS7aRdQJ4xL43FI7jemiHqmjw= Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com (52.134.3.153) by VI1PR0402MB3744.eurprd04.prod.outlook.com (52.134.11.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.18; Mon, 20 Jan 2020 16:38:46 +0000 Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::85e9:f844:f8b0:27d]) by VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::85e9:f844:f8b0:27d%7]) with mapi id 15.20.2644.024; Mon, 20 Jan 2020 16:38:46 +0000 From: Horia Geanta To: Andrey Smirnov , "linux-crypto@vger.kernel.org" CC: Chris Healy , Lucas Stach , Herbert Xu , Iuliana Prodan , "linux-kernel@vger.kernel.org" , dl-linux-imx Subject: Re: [PATCH v6 6/7] crypto: caam - enable prediction resistance in HRWNG Thread-Topic: [PATCH v6 6/7] crypto: caam - enable prediction resistance in HRWNG Thread-Index: AQHVxjouh/c8xz5csUKnQ9CkhtEExg== Date: Mon, 20 Jan 2020 16:38:46 +0000 Message-ID: References: <20200108154047.12526-1-andrew.smirnov@gmail.com> <20200108154047.12526-7-andrew.smirnov@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=horia.geanta@nxp.com; x-originating-ip: [212.146.100.6] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 524a99e6-2144-4815-9f8c-08d79dc7386e x-ms-traffictypediagnostic: VI1PR0402MB3744:|VI1PR0402MB3744: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0288CD37D9 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(396003)(346002)(376002)(39860400002)(136003)(366004)(189003)(199004)(2906002)(71200400001)(54906003)(9686003)(55016002)(478600001)(110136005)(7696005)(53546011)(186003)(6506007)(26005)(316002)(66556008)(44832011)(66446008)(66946007)(64756008)(66476007)(8936002)(81166006)(91956017)(81156014)(8676002)(86362001)(76116006)(4326008)(52536014)(33656002)(5660300002);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0402MB3744;H:VI1PR0402MB3485.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VYoxBKDk1tiz6PlPYflLUQtzpD+kdg0mgnGhBi5AkTIiIwbF8r1vf91dnaJoItvbGmObXJAiww88ebHSpm+T4YokFKfjOcgVWjOKa4IGlksXlYQGcPWrTNidfzdJOPLdOS9eQCQXCPvgRHNdCiyS3E9IV/Kwi5Uy4OAOnNcVC21Xf+2zrJkEsT0joh8jBXElle/XFwi64oY9rRc3OWtViRTbfTH+Jm4CgAnWOLh49RJhGLJ8d3b5EAvSCPQ9I43nF+DylAAXiEaXodEihjJ+LZkB+0XnZa+p9xQTDcFBB84OT6Uk+XXwZOPdIY3LmlLCFATV/ZbX12cTJr2Jfdkra0BTUGUqlkUOjMiQWz5DpTzAGpJZ+CdDBf/mUf/8dPEHegqZlyyiTjfP6UpHvFm0x6JnjEGgRjwnAs+iDAT+uU8aus2DPvCnojUmRsvEkhcZ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 524a99e6-2144-4815-9f8c-08d79dc7386e X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2020 16:38:46.6067 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SSxL6SarabtX332n4e66BY9j/hIcUR8nYCOrVb4IO6HyGc2Hb2oG9lmTNBUjroB//34HkRwSyfr+vv/QI8COTw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0402MB3744 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 1/8/2020 5:42 PM, Andrey Smirnov wrote:=0A= > @@ -275,12 +276,25 @@ static int instantiate_rng(struct device *ctrldev, = int state_handle_mask,=0A= > return -ENOMEM;=0A= > =0A= > for (sh_idx =3D 0; sh_idx < RNG4_MAX_HANDLES; sh_idx++) {=0A= > + const u32 rdsta_if =3D RDSTA_IF0 << sh_idx;=0A= > + const u32 rdsta_pr =3D RDSTA_PR0 << sh_idx;=0A= > + const u32 rdsta_mask =3D rdsta_if | rdsta_pr;=0A= > /*=0A= > * If the corresponding bit is set, this state handle=0A= > * was initialized by somebody else, so it's left alone.=0A= > */=0A= > - if ((1 << sh_idx) & state_handle_mask)=0A= > - continue;=0A= > + if (rdsta_if & state_handle_mask) {=0A= > + if (rdsta_pr & state_handle_mask)=0A= > + continue;=0A= > +=0A= > + dev_info(ctrldev,=0A= > + "RNG4 SH%d was previously instantiated without prediction resistanc= e. Tearing it down\n",=0A= > + sh_idx);=0A= > +=0A= > + ret =3D deinstantiate_rng(ctrldev, rdsta_if);=0A= > + if (ret)=0A= > + break;=0A= In case state handle 0 is deinstantiated, its reinstantiation with PR suppo= rt=0A= will have the side effect of re-generating JDKEK, TDKEK, TDSK.=0A= This needs to be avoided, since other SW components (like OP-TEE f/w)=0A= could have black keys in use. Overwriting the KEK registers would no longer= =0A= allow CAAM to decrypt them.=0A= =0A= Horia=0A=