plat/arm: juno: Condition Juno entropy source with CRC instructions
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
diff --git a/plat/arm/board/juno/juno_trng.c b/plat/arm/board/juno/juno_trng.c
index b38e49f..1af6deb 100644
--- a/plat/arm/board/juno/juno_trng.c
+++ b/plat/arm/board/juno/juno_trng.c
@@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <arm_acle.h>
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
@@ -35,6 +36,8 @@
return false; /* No output data available. */
}
+static uint32_t crc_value = ~0U;
+
/*
* This function fills `buf` with 8 bytes of entropy.
* It uses the Trusted Entropy Source peripheral on Juno.
@@ -69,14 +72,14 @@
return false;
}
- /* XOR each two 32-bit registers together, combine the pairs */
- ret = mmio_read_32(TRNG_BASE + 0);
- ret ^= mmio_read_32(TRNG_BASE + 4);
- ret <<= 32;
+ /* CRC each two 32-bit registers together, combine the pairs */
+ crc_value = __crc32w(crc_value, mmio_read_32(TRNG_BASE + 0));
+ crc_value = __crc32w(crc_value, mmio_read_32(TRNG_BASE + 4));
+ ret = (uint64_t)crc_value << 32;
- ret |= mmio_read_32(TRNG_BASE + 8);
- ret ^= mmio_read_32(TRNG_BASE + 12);
- *buf = ret;
+ crc_value = __crc32w(crc_value, mmio_read_32(TRNG_BASE + 8));
+ crc_value = __crc32w(crc_value, mmio_read_32(TRNG_BASE + 12));
+ *buf = ret | crc_value;
/* Acknowledge current cycle, clear output registers. */
mmio_write_32(TRNG_BASE + TRNG_STATUS, 1);
diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk
index 61cfb61..537352c 100644
--- a/plat/arm/board/juno/platform.mk
+++ b/plat/arm/board/juno/platform.mk
@@ -164,6 +164,12 @@
endif
endif
+BL1_CPPFLAGS += -march=armv8-a+crc
+BL2_CPPFLAGS += -march=armv8-a+crc
+BL2U_CPPFLAGS += -march=armv8-a+crc
+BL31_CPPFLAGS += -march=armv8-a+crc
+BL32_CPPFLAGS += -march=armv8-a+crc
+
# Add the FDT_SOURCES and options for Dynamic Config
FDT_SOURCES += plat/arm/board/juno/fdts/${PLAT}_fw_config.dts \
plat/arm/board/juno/fdts/${PLAT}_tb_fw_config.dts