[1/2] doc: board: beagle: am62x_beagleplay: Delete SW_PRNG flag for OPTEE

Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
requirement for this SoC

Signed-off-by: Dhruva Gole <d-gole@ti.com>
---
 doc/board/beagle/am62x_beagleplay.rst | 1 -
 1 file changed, 1 deletion(-)

On 15:59-20231201, Dhruva Gole wrote:
> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
> requirement for this SoC
> 
> Signed-off-by: Dhruva Gole <d-gole@ti.com>
> ---
>  doc/board/beagle/am62x_beagleplay.rst | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst
> index 7784e62b0b71..50d7d3c620d7 100644
> --- a/doc/board/beagle/am62x_beagleplay.rst
> +++ b/doc/board/beagle/am62x_beagleplay.rst
> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
>    # we dont use any extra TFA parameters
>    unset TFA_EXTRA_ARGS
>    export OPTEE_PLATFORM=k3-am62x
> -  export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
>  
>  .. include::  ../ti/am62x_sk.rst
>      :start-after: .. am62x_evm_rst_include_start_build_steps
> -- 
> 2.34.1
> 
NAK. RNG is needed to seed standard distros.

On 12/4/23 1:29 PM, Nishanth Menon wrote:
> On 15:59-20231201, Dhruva Gole wrote:
>> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
>> requirement for this SoC
>>
>> Signed-off-by: Dhruva Gole <d-gole@ti.com>
>> ---
>>   doc/board/beagle/am62x_beagleplay.rst | 1 -
>>   1 file changed, 1 deletion(-)
>>
>> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst
>> index 7784e62b0b71..50d7d3c620d7 100644
>> --- a/doc/board/beagle/am62x_beagleplay.rst
>> +++ b/doc/board/beagle/am62x_beagleplay.rst
>> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
>>     # we dont use any extra TFA parameters
>>     unset TFA_EXTRA_ARGS
>>     export OPTEE_PLATFORM=k3-am62x
>> -  export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
>>   
>>   .. include::  ../ti/am62x_sk.rst
>>       :start-after: .. am62x_evm_rst_include_start_build_steps
>> -- 
>> 2.34.1
>>
> NAK. RNG is needed to seed standard distros.

You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW
RNG, disabling the HW RNG. Without this line the HW RNG is the default.

Andrew

On 08:46-20231205, Andrew Davis wrote:
> On 12/4/23 1:29 PM, Nishanth Menon wrote:
> > On 15:59-20231201, Dhruva Gole wrote:
> > > Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
> > > requirement for this SoC
> > > 
> > > Signed-off-by: Dhruva Gole <d-gole@ti.com>
> > > ---
> > >   doc/board/beagle/am62x_beagleplay.rst | 1 -
> > >   1 file changed, 1 deletion(-)
> > > 
> > > diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst
> > > index 7784e62b0b71..50d7d3c620d7 100644
> > > --- a/doc/board/beagle/am62x_beagleplay.rst
> > > +++ b/doc/board/beagle/am62x_beagleplay.rst
> > > @@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
> > >     # we dont use any extra TFA parameters
> > >     unset TFA_EXTRA_ARGS
> > >     export OPTEE_PLATFORM=k3-am62x
> > > -  export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
> > >   .. include::  ../ti/am62x_sk.rst
> > >       :start-after: .. am62x_evm_rst_include_start_build_steps
> > > -- 
> > > 2.34.1
> > > 
> > NAK. RNG is needed to seed standard distros.
> 
> You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW
> RNG, disabling the HW RNG. Without this line the HW RNG is the default.


That is not the rationale with which the series was posted. I would
prefer we use HW RNG by default. but as I understand there are a bunch
of f/w bugs preventing us from doing so. if they are resolved, then the
commit message argument should be that the bugs are fixed, so we can
easily use then with f/w version x.y.z onwards.

On 12/5/23 9:22 AM, Nishanth Menon wrote:
> On 08:46-20231205, Andrew Davis wrote:
>> On 12/4/23 1:29 PM, Nishanth Menon wrote:
>>> On 15:59-20231201, Dhruva Gole wrote:
>>>> Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
>>>> requirement for this SoC
>>>>
>>>> Signed-off-by: Dhruva Gole <d-gole@ti.com>
>>>> ---
>>>>    doc/board/beagle/am62x_beagleplay.rst | 1 -
>>>>    1 file changed, 1 deletion(-)
>>>>
>>>> diff --git a/doc/board/beagle/am62x_beagleplay.rst b/doc/board/beagle/am62x_beagleplay.rst
>>>> index 7784e62b0b71..50d7d3c620d7 100644
>>>> --- a/doc/board/beagle/am62x_beagleplay.rst
>>>> +++ b/doc/board/beagle/am62x_beagleplay.rst
>>>> @@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
>>>>      # we dont use any extra TFA parameters
>>>>      unset TFA_EXTRA_ARGS
>>>>      export OPTEE_PLATFORM=k3-am62x
>>>> -  export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
>>>>    .. include::  ../ti/am62x_sk.rst
>>>>        :start-after: .. am62x_evm_rst_include_start_build_steps
>>>> -- 
>>>> 2.34.1
>>>>
>>> NAK. RNG is needed to seed standard distros.
>>
>> You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW
>> RNG, disabling the HW RNG. Without this line the HW RNG is the default.
> 
> 
> That is not the rationale with which the series was posted. I would
> prefer we use HW RNG by default. but as I understand there are a bunch
> of f/w bugs preventing us from doing so. if they are resolved, then the
> commit message argument should be that the bugs are fixed, so we can
> easily use then with f/w version x.y.z onwards.

There was a single FW bug that caused suspend/resume to fail when OP-TEE
was using the HW RNG. The HW RNG always worked, disabling it was a hack
that allowed us to still demo suspend/resume, not sure how that ended up
in this documentation.

The fact we disabled a security feature to workaround a non-security bug
shows a lack of good judgement on our part IMHO. Product security is our
top priority.

Andrew