| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: octeon_rnm.c,v 1.2.4.2 2020/05/19 17:39:04 martin Exp $ */ | | 1 | /* $NetBSD: octeon_rnm.c,v 1.2.4.3 2023/07/30 11:41:48 martin Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 2007 Internet Initiative Japan, Inc. | | 4 | * Copyright (c) 2007 Internet Initiative Japan, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * Redistribution and use in source and binary forms, with or without | | 7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions | | 8 | * modification, are permitted provided that the following conditions |
9 | * are met: | | 9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright | | 10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. | | 11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright | | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the | | 13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. | | 14 | * documentation and/or other materials provided with the distribution. |
| @@ -89,46 +89,47 @@ | | | @@ -89,46 +89,47 @@ |
89 | * more than one sample from each RO could be squeezed in there. | | 89 | * more than one sample from each RO could be squeezed in there. |
90 | * | | 90 | * |
91 | * The hardware exposes only 64 bits of each SHA-1 hash, and the | | 91 | * The hardware exposes only 64 bits of each SHA-1 hash, and the |
92 | * Linux driver uses 32 bits of that -- which, if treated as full | | 92 | * Linux driver uses 32 bits of that -- which, if treated as full |
93 | * entropy, would mean an assessment of 3.9 bits of RO samples to | | 93 | * entropy, would mean an assessment of 3.9 bits of RO samples to |
94 | * get 1 bit of entropy, whereas we take 256 bits of RO samples to | | 94 | * get 1 bit of entropy, whereas we take 256 bits of RO samples to |
95 | * get one bit of entropy, so this seems reasonably conservative. | | 95 | * get one bit of entropy, so this seems reasonably conservative. |
96 | * | | 96 | * |
97 | * Reference: Cavium Networks OCTEON Plus CN50XX Hardware Reference | | 97 | * Reference: Cavium Networks OCTEON Plus CN50XX Hardware Reference |
98 | * Manual, CN50XX-HM-0.99E PRELIMINARY, July 2008. | | 98 | * Manual, CN50XX-HM-0.99E PRELIMINARY, July 2008. |
99 | */ | | 99 | */ |
100 | | | 100 | |
101 | #include <sys/cdefs.h> | | 101 | #include <sys/cdefs.h> |
102 | __KERNEL_RCSID(0, "$NetBSD: octeon_rnm.c,v 1.2.4.2 2020/05/19 17:39:04 martin Exp $"); | | 102 | __KERNEL_RCSID(0, "$NetBSD: octeon_rnm.c,v 1.2.4.3 2023/07/30 11:41:48 martin Exp $"); |
103 | | | 103 | |
104 | #include <sys/param.h> | | 104 | #include <sys/param.h> |
105 | #include <sys/device.h> | | 105 | #include <sys/device.h> |
106 | #include <sys/kernel.h> | | 106 | #include <sys/kernel.h> |
107 | #include <sys/rndsource.h> | | 107 | #include <sys/rndsource.h> |
108 | #include <sys/systm.h> | | 108 | #include <sys/systm.h> |
109 | | | 109 | |
110 | #include <mips/locore.h> | | 110 | #include <mips/locore.h> |
111 | #include <mips/cavium/include/iobusvar.h> | | 111 | #include <mips/cavium/include/iobusvar.h> |
112 | #include <mips/cavium/dev/octeon_rnmreg.h> | | 112 | #include <mips/cavium/dev/octeon_rnmreg.h> |
113 | #include <mips/cavium/dev/octeon_corereg.h> | | 113 | #include <mips/cavium/dev/octeon_corereg.h> |
114 | #include <mips/cavium/octeonvar.h> | | 114 | #include <mips/cavium/octeonvar.h> |
115 | | | 115 | |
116 | #include <sys/bus.h> | | 116 | #include <sys/bus.h> |
117 | | | 117 | |
118 | //#define OCTEON_RNM_DEBUG | | 118 | //#define OCTEON_RNM_DEBUG |
119 | | | 119 | |
120 | #define ENT_DELAY_CLOCK 8 /* cycles for each 64-bit RO sample batch */ | | 120 | #define ENT_DELAY_CLOCK 8 /* cycles for each 64-bit RO sample batch */ |
121 | #define RNG_DELAY_CLOCK 81 /* cycles for each SHA-1 output */ | | 121 | #define LFSR_DELAY_CLOCK 81 /* cycles to fill LFSR buffer */ |
| | | 122 | #define SHA1_DELAY_CLOCK 81 /* cycles to compute SHA-1 output */ |
122 | #define NROGROUPS 16 | | 123 | #define NROGROUPS 16 |
123 | #define RNG_FIFO_WORDS (512/sizeof(uint64_t)) | | 124 | #define RNG_FIFO_WORDS (512/sizeof(uint64_t)) |
124 | | | 125 | |
125 | struct octeon_rnm_softc { | | 126 | struct octeon_rnm_softc { |
126 | bus_space_tag_t sc_bust; | | 127 | bus_space_tag_t sc_bust; |
127 | bus_space_handle_t sc_regh; | | 128 | bus_space_handle_t sc_regh; |
128 | kmutex_t sc_lock; | | 129 | kmutex_t sc_lock; |
129 | krndsource_t sc_rndsrc; /* /dev/random source */ | | 130 | krndsource_t sc_rndsrc; /* /dev/random source */ |
130 | unsigned sc_rogroup; | | 131 | unsigned sc_rogroup; |
131 | }; | | 132 | }; |
132 | | | 133 | |
133 | static int octeon_rnm_match(device_t, struct cfdata *, void *); | | 134 | static int octeon_rnm_match(device_t, struct cfdata *, void *); |
134 | static void octeon_rnm_attach(device_t, device_t, void *); | | 135 | static void octeon_rnm_attach(device_t, device_t, void *); |
| @@ -185,27 +186,27 @@ octeon_rnm_attach(device_t parent, devic | | | @@ -185,27 +186,27 @@ octeon_rnm_attach(device_t parent, devic |
185 | /* Create a mutex to serialize access to the FIFO. */ | | 186 | /* Create a mutex to serialize access to the FIFO. */ |
186 | mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_VM); | | 187 | mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_VM); |
187 | | | 188 | |
188 | /* | | 189 | /* |
189 | * Reset the core, enable the RNG engine without entropy, wait | | 190 | * Reset the core, enable the RNG engine without entropy, wait |
190 | * 81 cycles for it to produce a single sample, and draw the | | 191 | * 81 cycles for it to produce a single sample, and draw the |
191 | * deterministic sample to test. | | 192 | * deterministic sample to test. |
192 | * | | 193 | * |
193 | * XXX Verify that the output matches the SHA-1 computation | | 194 | * XXX Verify that the output matches the SHA-1 computation |
194 | * described by the data sheet, not just a known answer. | | 195 | * described by the data sheet, not just a known answer. |
195 | */ | | 196 | */ |
196 | octeon_rnm_reset(sc); | | 197 | octeon_rnm_reset(sc); |
197 | octeon_rnm_conditioned_deterministic(sc); | | 198 | octeon_rnm_conditioned_deterministic(sc); |
198 | octeon_rnm_delay(RNG_DELAY_CLOCK*1); | | 199 | octeon_rnm_delay(LFSR_DELAY_CLOCK + SHA1_DELAY_CLOCK); |
199 | sample = octeon_rnm_load(sc); | | 200 | sample = octeon_rnm_load(sc); |
200 | if (sample != expected) | | 201 | if (sample != expected) |
201 | aprint_error_dev(self, "self-test: read %016"PRIx64"," | | 202 | aprint_error_dev(self, "self-test: read %016"PRIx64"," |
202 | " expected %016"PRIx64, sample, expected); | | 203 | " expected %016"PRIx64, sample, expected); |
203 | | | 204 | |
204 | /* | | 205 | /* |
205 | * Reset the core again to clear the FIFO, and enable the RNG | | 206 | * Reset the core again to clear the FIFO, and enable the RNG |
206 | * engine with entropy exposed directly. Start from the first | | 207 | * engine with entropy exposed directly. Start from the first |
207 | * group of ring oscillators; as we gather samples we will | | 208 | * group of ring oscillators; as we gather samples we will |
208 | * rotate through the rest of them. | | 209 | * rotate through the rest of them. |
209 | */ | | 210 | */ |
210 | octeon_rnm_reset(sc); | | 211 | octeon_rnm_reset(sc); |
211 | sc->sc_rogroup = 0; | | 212 | sc->sc_rogroup = 0; |