Add Rockchip hardware supported random number generator

[igorpecovnik]

• Test the feature
• Add to all affected boards

Closes AR-578

[igorpecovnik]

Module is up but not sure how to test its capabilities.

filename:       /lib/modules/5.10.1-rockchip64/kernel/drivers/char/hw_random/rockchip-rng.ko
license:        GPL v2
author:         Lin Jinhan <troy.lin@rock-chips.com>
description:    ROCKCHIP H/W Random Number Generator driver
alias:          of:N*T*Crockchip,cryptov2-rngC*
alias:          of:N*T*Crockchip,cryptov2-rng
alias:          of:N*T*Crockchip,cryptov1-rngC*
alias:          of:N*T*Crockchip,cryptov1-rng
depends:        rng-core
intree:         Y
name:           rockchip_rng
vermagic:       5.10.1-rockchip64 SMP preempt mod_unload aarch64
sig_id:         PKCS#7
signer:         Build time autogenerated kernel key
sig_key:        1D:B9:43:59:31:A4:11:1E:CA:52:7B:75:D4:6A:42:0D:9C:74:84:51
sig_hashalgo:   sha1
signature:      4E:35:D3:66:E2:05:24:E9:24:10:02:20:92:93:BD:83:D7:5B:80:5F:
		B3:55:B8:DE:E3:05:56:50:1F:BA:52:37:0E:4D:58:ED:E0:DC:63:24:
		12:10:CF:BA:D1:0F:1B:59:AD:6F:CD:0B:AF:68:D5:01:27:12:9C:5A:
		6E:B4:1C:2A:A8:7D:79:9E:D3:B5:7E:9E:84:24:92:14:AA:23:48:7F:
		56:3E:5F:1B:8B:12:93:5C:54:2F:A7:56:BB:A9:6E:7B:BD:BB:AA:B6:
		C6:FE:B7:8D:A0:C6:BC:3D:60:6D:47:80:81:39:25:C7:28:41:19:A0:
		1F:5A:B3:E8:68:05:BB:1F:03:AB:9A:24:5D:35:FA:DA:8B:B4:17:C9:
		D8:6F:EE:12:90:84:56:6D:26:BB:E4:BF:3D:FD:FB:9C:11:FB:82:EF:
		B6:5F:1C:28:82:52:8A:0C:AB:16:CC:AC:28:ED:92:9D:ED:A8:AD:C8:
		72:4A:FB:DA:ED:F8:A5:50:04:7C:C7:C2:CA:B0:BB:2F:B2:48:BA:C0:
		D1:05:BD:8E:E7:D7:F0:9B:F7:5A:11:93:D0:97:B5:00:45:5C:9D:08:
		04:AA:5C:11:B2:DB:79:2C:4C:EA:55:5B:1C:D7:08:2B:E6:AF:46:F1:
		F9:3C:BA:4F:02:33:6F:36:56:6F:71:8A:2D:08:A8:AE:32:7A:7D:D2:
		53:2B:91:DE:4C:01:EA:11:1C:7C:E9:46:D4:BC:B7:C2:61:D0:58:77:
		DA:41:75:3A:CF:3E:C3:A7:AF:80:E1:72:D7:1E:AA:DE:6B:0B:CB:E3:
		72:C0:FE:CD:61:EE:45:BB:B8:E0:2F:67:07:62:76:38:9E:3C:58:70:
		68:C3:83:37:19:86:46:8C:B0:CB:BF:4C:15:1E:2E:F2:B2:6E:C5:46:
		D4:FF:D6:CE:FB:E9:A9:BF:67:58:C8:6F:89:60:8C:2F:B2:5E:E6:6A:
		AA:33:CB:EB:A6:B7:77:49:45:0B:94:C6:13:2A:63:25:AA:E8:3E:5A:
		4F:63:60:14:4A:D9:22:E8:C6:0C:8D:76:37:F2:64:43:CE:80:9F:59:
		EB:6E:B9:16:47:EA:14:D2:E1:8F:56:49:C0:C3:1D:2E:3D:32:89:D3:
		38:1E:0D:A0:D9:AD:08:81:03:E5:CB:C3:2C:C8:82:98:D4:3C:74:33:
		0C:C8:F9:AD:7C:7C:59:E1:09:8B:8A:D8:9A:16:8B:9C:7D:4E:5D:07:
		16:C9:47:10:35:DC:30:88:E1:16:AF:32:63:4E:79:EE:93:EF:6F:A6:
		A2:6A:6B:7D:D7:A2:F9:0D:17:56:65:B7:DA:DA:91:47:8A:81:BE:9A:
		00:A6:CF:38:0E:AE:BF:50:01:EF:D1:35

[piter75]

I tested it with rngtest and I am not sure anymore that its worth it.

Input is a bit faster, even twice as much on average, but it fails the randomness tests for all the blocks.

# rngtest -c 1000 < /dev/random
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=134.320; avg=660.211; max=953.674)Mibits/s
rngtest: FIPS tests speed: (min=4.560; avg=23.733; max=32.885)Mibits/s
rngtest: Program run time: 833021 microseconds

# rngtest -c 1000 < /dev/hwrng
rngtest 2-unofficial-mt.14
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 1000
rngtest: FIPS 140-2(2001-10-10) Monobit: 13
rngtest: FIPS 140-2(2001-10-10) Poker: 1000
rngtest: FIPS 140-2(2001-10-10) Runs: 1000
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=911.355; avg=1112.713; max=1129.300)Kibits/s
rngtest: FIPS tests speed: (min=4.760; avg=15.232; max=17.876)Mibits/s
rngtest: Program run time: 18805846 microseconds

[igorpecovnik]

and I am not sure anymore that its worth it.

Se we have nothing but to close this MR :/

[tstevens]

Was curious about enabling the RNG on a rock chip based board and just found this PR. I had looked at trying to enable the RNG before and saw that in rockchip-linux/kernel#223 there was a solution to the low quality random numbers by expanding the value of CRYPTO_V1_TRNG_SAMPLE_PERIOD in rockchip-rng.c.

@igorpecovnik Is there a way to test this PR again with CRYPTO_V1_TRNG_SAMPLE_PERIOD changed? Or is there a way I can build and test this PR myself?

[wevsty]

@tstevens

I can provide some data about the rngtest issue.

I consulted with a Rockchip engineer who told me that modifying CRYPTO_V1_TRNG_SAMPLE_PERIOD on a chip using Crypto V1 would increase the sample period, and the higher the sample period the better the randomness would theoretically be obtained.

They provide a set of data on the RK3399, and here are the results when CRYPTO_V1_TRNG_SAMPLE_PERIOD set to 1000

sudo cat /dev/hwrng | rngtest -c 100
rngtest 6
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 2000032
rngtest: FIPS 140-2 successes: 65
rngtest: FIPS 140-2 failures: 35
rngtest: FIPS 140-2(2001-10-10) Monobit: 35
rngtest: FIPS 140-2(2001-10-10) Poker: 2
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=2.444; avg=244.336; max=6510416.667)Kibits/s
rngtest: FIPS tests speed: (min=8.721; avg=23.416; max=41.107)Mibits/s
rngtest: Program run time: 16167908 microseconds

I have tried this on the RK3328, but in the end I did not see any significant improvement in randomness.
Of course, turning on HWRNG will definitely help the speed of /dev/random and the randomness will be guaranteed by the linux kernel.
I guess on the RK3328 although there is HWRNG but not suitable for direct use.

My personal opinion is that HWRNG can be enabled on the RK3399, and not on the RK3328.