Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: apu2_trng: initial commit #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: apu2_trng: initial commit #31

wants to merge 1 commit into from

Conversation

pietrushnic
Copy link
Member

Signed-off-by: Piotr Król [email protected]

@pietrushnic
apu2_trng: initial commit
e7abf03 
Signed-off-by: Piotr Król <[email protected]>
@pietrushnic pietrushnic changed the title apu2_trng: initial commit WIP: apu2_trng: initial commit Aug 9, 2018
@pietrushnic
Copy link
Member Author

@miczyg1 it would be great if at some point you could help me with this blog post.

@pietrushnic pietrushnic self-assigned this Aug 9, 2018
@miczyg1
Copy link
Member

miczyg1 commented Aug 10, 2018

@pietrushnic the topic looks very interesting. I will be glad to help. I guess we do not have support for PSP in our firmware? Have You tried building and booting anything with PSP?

@pietrushnic
Copy link
Member Author

@miczyg1 at this point I don't think PSP is the problem. I think we should look in ccp driver why it's not working. Internally available documentation has all details related to TRNG exposed by CCP in PSP. If we found the problem we can continue discussion with maintainers and AMD.

@miczyg1
Copy link
Member

miczyg1 commented Aug 10, 2018
edited
Loading

@pietrushnic we should prepare a procedure of performing cryptographic operations and measuring entropy first. Or do we have one already?

I would like to follow our convention:
we build image -> prove feature does not work (TEST FAIL)
we debug and develop code -> build image -> prove feature works (TEST PASS)

@pietrushnic
Copy link
Member Author

@miczyg1 agree, procedure can rely on various tools. I already described something in this blog post draft. It looks like reasonable options are /dev/hwrng using rng-tools and rngtest, maybe binwalk and there is dieharder. Comaprison of those tools is also good for blog post. I already proved that TPM is very slow but correctly generate enropy. On apu2 /dev/hwrng seems to be tied to ccp and generate all 0xff.

@miczyg1
Copy link
Member

miczyg1 commented Jan 18, 2019

@pietrushnic dTPM is slow by the design, as written in the PR with fTPM vs dTPM. there may be a few reasons that ccp generates 0xFF. Buggy PSP firmware, wrong initialization of PSP or some register is not set to use RDRAND instruction. It would require investigation, but definitely, it is not impossible IMO.

@pietrushnic
Copy link
Member Author

@miczyg1 let's schedule that. Probably not 01.2019 but 02.2019.

@pietrushnic
Copy link
Member Author

Another TRNG AFAIK was fixed, but we didn't published anything about that. @miczyg1 would you mind to get back to this topic?

@miczyg1
Copy link
Member

miczyg1 commented Oct 10, 2022

@pietrushnic yeah, as we fixed the CCP I may as well write/finish the post about TPM2 RNG and CCP RNG in one sway here ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miczyg1 miczyg1 Awaiting requested review from miczyg1

Assignees

@pietrushnic pietrushnic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pietrushnic @miczyg1