Message ID | 20231201102954.47582-2-d-gole@ti.com |
---|---|
State | Rejected |
Delegated to: | Tom Rini |
Headers | show |
Series | docs: AM62x: Remove SW_PRNG Flag for OPTEE | expand |
On 15:59-20231201, Dhruva Gole wrote: > Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot > requirement for this SoC > > Signed-off-by: Dhruva Gole <d-gole@ti.com> > --- > doc/board/beagle/am62x_beagleplay.rst | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst > index 7784e62b0b71..50d7d3c620d7 100644 > --- a/doc/board/beagle/am62x_beagleplay.rst > +++ b/doc/board/beagle/am62x_beagleplay.rst > @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: > # we dont use any extra TFA parameters > unset TFA_EXTRA_ARGS > export OPTEE_PLATFORM=k3-am62x > - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" > > .. include:: ../ti/am62x_sk.rst > :start-after: .. am62x_evm_rst_include_start_build_steps > -- > 2.34.1 > NAK. RNG is needed to seed standard distros.
On 12/4/23 1:29 PM, Nishanth Menon wrote: > On 15:59-20231201, Dhruva Gole wrote: >> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot >> requirement for this SoC >> >> Signed-off-by: Dhruva Gole <d-gole@ti.com> >> --- >> doc/board/beagle/am62x_beagleplay.rst | 1 - >> 1 file changed, 1 deletion(-) >> >> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst >> index 7784e62b0b71..50d7d3c620d7 100644 >> --- a/doc/board/beagle/am62x_beagleplay.rst >> +++ b/doc/board/beagle/am62x_beagleplay.rst >> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: >> # we dont use any extra TFA parameters >> unset TFA_EXTRA_ARGS >> export OPTEE_PLATFORM=k3-am62x >> - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" >> >> .. include:: ../ti/am62x_sk.rst >> :start-after: .. am62x_evm_rst_include_start_build_steps >> -- >> 2.34.1 >> > NAK. RNG is needed to seed standard distros. You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW RNG, disabling the HW RNG. Without this line the HW RNG is the default. Andrew
On 08:46-20231205, Andrew Davis wrote: > On 12/4/23 1:29 PM, Nishanth Menon wrote: > > On 15:59-20231201, Dhruva Gole wrote: > > > Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot > > > requirement for this SoC > > > > > > Signed-off-by: Dhruva Gole <d-gole@ti.com> > > > --- > > > doc/board/beagle/am62x_beagleplay.rst | 1 - > > > 1 file changed, 1 deletion(-) > > > > > > diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst > > > index 7784e62b0b71..50d7d3c620d7 100644 > > > --- a/doc/board/beagle/am62x_beagleplay.rst > > > +++ b/doc/board/beagle/am62x_beagleplay.rst > > > @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: > > > # we dont use any extra TFA parameters > > > unset TFA_EXTRA_ARGS > > > export OPTEE_PLATFORM=k3-am62x > > > - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" > > > .. include:: ../ti/am62x_sk.rst > > > :start-after: .. am62x_evm_rst_include_start_build_steps > > > -- > > > 2.34.1 > > > > > NAK. RNG is needed to seed standard distros. > > You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW > RNG, disabling the HW RNG. Without this line the HW RNG is the default. That is not the rationale with which the series was posted. I would prefer we use HW RNG by default. but as I understand there are a bunch of f/w bugs preventing us from doing so. if they are resolved, then the commit message argument should be that the bugs are fixed, so we can easily use then with f/w version x.y.z onwards.
On 12/5/23 9:22 AM, Nishanth Menon wrote: > On 08:46-20231205, Andrew Davis wrote: >> On 12/4/23 1:29 PM, Nishanth Menon wrote: >>> On 15:59-20231201, Dhruva Gole wrote: >>>> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot >>>> requirement for this SoC >>>> >>>> Signed-off-by: Dhruva Gole <d-gole@ti.com> >>>> --- >>>> doc/board/beagle/am62x_beagleplay.rst | 1 - >>>> 1 file changed, 1 deletion(-) >>>> >>>> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst >>>> index 7784e62b0b71..50d7d3c620d7 100644 >>>> --- a/doc/board/beagle/am62x_beagleplay.rst >>>> +++ b/doc/board/beagle/am62x_beagleplay.rst >>>> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: >>>> # we dont use any extra TFA parameters >>>> unset TFA_EXTRA_ARGS >>>> export OPTEE_PLATFORM=k3-am62x >>>> - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" >>>> .. include:: ../ti/am62x_sk.rst >>>> :start-after: .. am62x_evm_rst_include_start_build_steps >>>> -- >>>> 2.34.1 >>>> >>> NAK. RNG is needed to seed standard distros. >> >> You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW >> RNG, disabling the HW RNG. Without this line the HW RNG is the default. > > > That is not the rationale with which the series was posted. I would > prefer we use HW RNG by default. but as I understand there are a bunch > of f/w bugs preventing us from doing so. if they are resolved, then the > commit message argument should be that the bugs are fixed, so we can > easily use then with f/w version x.y.z onwards. There was a single FW bug that caused suspend/resume to fail when OP-TEE was using the HW RNG. The HW RNG always worked, disabling it was a hack that allowed us to still demo suspend/resume, not sure how that ended up in this documentation. The fact we disabled a security feature to workaround a non-security bug shows a lack of good judgement on our part IMHO. Product security is our top priority. Andrew
diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst index 7784e62b0b71..50d7d3c620d7 100644 --- a/doc/board/beagle/am62x_beagleplay.rst +++ b/doc/board/beagle/am62x_beagleplay.rst @@ -63,7 +63,6 @@ Set the variables corresponding to this platform: # we dont use any extra TFA parameters unset TFA_EXTRA_ARGS export OPTEE_PLATFORM=k3-am62x - export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y" .. include:: ../ti/am62x_sk.rst :start-after: .. am62x_evm_rst_include_start_build_steps
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot requirement for this SoC Signed-off-by: Dhruva Gole <d-gole@ti.com> --- doc/board/beagle/am62x_beagleplay.rst | 1 - 1 file changed, 1 deletion(-)