From a5dca64b9eeabdca218164d6f968615b518f13a3 Mon Sep 17 00:00:00 2001 From: riastradh Date: Tue, 21 Mar 2023 22:07:29 +0000 Subject: [PATCH] octrnm(4): Raise delay on startup. According to CN50XX-HRM-V0.99E and CN78XX-HM-0.99E: The entropy is provided by the jitter of 125 of 128 free-running oscillators XORed into a 128-bit LFSR. The LFSR accumulates entropy over 81 cycles, after which it is fed into a SHA-1 engine. [...] The SHA-1 engine runs once every 81 cycles. [...] The hardware produces new 64-bit random number every 81 cycles. The last sentence means that we only need to wait 81 cycles _between_ consecutive SHA-1 outputs (which isn't relevant anyway because we reconfigure it into raw mode later), but the first two quotes might mean that we need to wait 81+81 cycles for the _first_ output to be produced on boot when running the self-test. Now, in this case, the self-test is run with the LFSR unhooked, by clearing the RNM_CTL_STATUS[ENT_EN] bit, so that SHA-1 is computed from a known input -- this is really just paranoia to make sure that _some_ functions of the device (which is conjured out of thin air at a fixed virtual address, with no firmware bindings to guide us) behave as we expect. And it's not clear if it really does take 81+81 cycles for the first SHA-1 output to appear when the LFSR isn't feeding into it anyway. But experimentally, delay of 81+81 cycles seems to work whereas a delay of only 81 cycles crashes. PR kern/57280 XXX pullup-10 XXX pullup-9 cherry-picked from https://mail-index.netbsd.org/source-changes/2023/03/21/msg143772.html --- sys/arch/mips/cavium/dev/octeon_rnm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/arch/mips/cavium/dev/octeon_rnm.c b/sys/arch/mips/cavium/dev/octeon_rnm.c index d0cbba766a6e..31a90f2b0de4 100644 --- a/sys/arch/mips/cavium/dev/octeon_rnm.c +++ b/sys/arch/mips/cavium/dev/octeon_rnm.c @@ -118,7 +118,8 @@ __KERNEL_RCSID(0, "$NetBSD: octeon_rnm.c,v 1.2.4.2 2020/05/19 17:39:04 martin Ex //#define OCTEON_RNM_DEBUG #define ENT_DELAY_CLOCK 8 /* cycles for each 64-bit RO sample batch */ -#define RNG_DELAY_CLOCK 81 /* cycles for each SHA-1 output */ +#define LFSR_DELAY_CLOCK 81 /* cycles to fill LFSR buffer */ +#define SHA1_DELAY_CLOCK 81 /* cycles to compute SHA-1 output */ #define NROGROUPS 16 #define RNG_FIFO_WORDS (512/sizeof(uint64_t)) @@ -195,7 +196,7 @@ octeon_rnm_attach(device_t parent, device_t self, void *aux) */ octeon_rnm_reset(sc); octeon_rnm_conditioned_deterministic(sc); - octeon_rnm_delay(RNG_DELAY_CLOCK*1); + octeon_rnm_delay(LFSR_DELAY_CLOCK + SHA1_DELAY_CLOCK); sample = octeon_rnm_load(sc); if (sample != expected) aprint_error_dev(self, "self-test: read %016"PRIx64","