RNG Self Test patch description

Yes

Please read RNG self test issue on select i.MX device revisions first for an overview of the issue.

Issue:

In certain i.MX devices (open or closed) there have been reports of HAB warning events generated, even though the authentication has passed. If the reported HAB events are like the one from below, that means that there exists an issue with the RNG self test in HAB and the chip needs to run this test again post initial boot.

Event    |0xdb |0x0024 |0x42 | SRCE Field: 69 30 e1 1d
             |             |             |           |             STS = HAB_WARNING (0x69)
             |             |             |           |             RSN = HAB_ENG_FAIL (0x30)
             |             |             |           |             CTX = HAB_CTX_ENTRY (0xE1)
             |             |             |           |             ENG = HAB_ENG_CAAM (0x1D)
             |             |             |           | Evt Data (hex):
             |             |             |           |     00 08 00 02 40 00 36 06 55 55 00 03 00 00 00 00
             |             |             |           | 00 00 00 00 00 00 00 00 00 00 01

Patch description:

The resolution to the issue requires running a set of CAAM descriptors that implements CAVP test vectors. These tests are usually performed by HAB in Boot ROM. There are two sets of descriptors described here. There are two because parts with early RNG4s (4.0, 4.1, 4.2) have a 384-bit entropy register, while parts with RNG4 4.3 and 4.4 have the larger 512-bit entropy register. It can be seen that the load key command at line 2 of the second descriptor uses a longer key (the entropy in a known answer test).

The RNG4 commands have been highlighted in green. Basically, the test performs the operations of Instantiate, Generate, Re-seed, Generate, Uninstantiate. This follows the CAVP tests.

As the output is being written to memory, the comparison of the output with the known answer is being done by software. That output is provided below, along with the descriptors, in this document.

Descriptor for parts with RNG version 4.0 or 4.1 or 4.2:

rng_dsc[1] = {

0xb0800036, 0x04800010, 0x3c85a15b, 0x50a9d0b1,

0x71a09fee, 0x2eecf20b, 0x02800020, 0xb267292e,

0x85bf712d, 0xe85ff43a, 0xa716b7fb, 0xc40bb528,

0x27b6f564, 0x8821cb5d, 0x9b5f6c26, 0x12a00020,

0x0a20de17, 0x6529357e, 0x316277ab, 0x2846254e,

0x34d23ba5, 0x6f5e9c32, 0x7abdc1bb, 0x0197a385,

0x82500405, 0xa2000001, 0x10880004, 0x00000005,

0x12820004, 0x00000020, 0x82500001, 0xa2000001,

0x10880004, 0x40000045, 0x02800020, 0x8f389cc7,

0xe7f7cbb0, 0x6bf2073d, 0xfc380b6d, 0xb22e9d1a,

0xee64fcb7, 0xa2b48d49, 0xdf9bc3a4, 0x82500009,

0xa2000001, 0x10880004, 0x00000005, 0x82500001,

0x60340020, 0xFFFFFFFF, 0xa2000001, 0x10880004,

0x00000005, 0x8250000d

}

Human Readable Format:

[00] B0800036 jobhdr: stidx->[00] len=54

[01] 04800010 key: class2-keyreg len=16 imm

[02] 3C85A15B key=[5ba1853cb1d0a950ee9fa0710bf2ec2e]

[03] 50A9D0B1

[04] 71A09FEE

[05] 2EECF20B

[06] 02800020 key: class1-keyreg len=32 imm

[07] B267292E key=[2e2967b22d71bf853af45fe8fbb716a7

[08] 85BF712D

[09] E85FF43A

[10] A716B7FB

[11] C40BB528 28b50bc464f5b6275dcb2188266c5f9b]

[12] 27B6F564

[13] 8821CB5D

[14] 9B5F6C26

[15] 12A00020 ld: ccb1-ctx len=32 offs=0 imm

[16] 0A20DE17 data:[17de200a7e352965ab7762314e254628

[17] 6529357E

[18] 316277AB

[19] 2846254E

[20] 34D23BA5 a53bd234329c5e6fbbc1bd7a85a39701]

[21] 6F5E9C32

[22] 7ABDC1BB

[23] 0197A385

[24] 82500405 operation: cls1-op rng (SH0) instantiate PS test

[25] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[26]

[26] 10880004 ld: ind-clrw len=4 offs=0 imm

[27] 00000005 clrw: clr_c1mode clr_c1datas

[28] 12820004 ld: ccb1-datasz len=4 offs=0 imm

[29] 00000020 data:0x00000020

[30] 82500001 operation: cls1-op rng (SH0) generate random test

[31] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[32]

[32] 10880004 ld: ind-clrw len=4 offs=0 imm

[33] 40000045 clrw: clr_c1mode clr_c1datas clr_c1key reset_ofifo

[34] 02800020 key: class1-keyreg len=32 imm

[35] 8F389CC7 key=[c79c388fb0cbf7e73d07f26b6d0b38fc

[36] E7F7CBB0

[37] 6BF2073D

[38] FC380B6D

[39] B22E9D1A 1a9d2eb2b7fc64ee498db4a2a4c39bdf]

[40] EE64FCB7

[41] A2B48D49

[42] DF9BC3A4

[43] 82500009 operation: cls1-op rng (SH0) reseed test

[44] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[45]

[45] 10880004 ld: ind-clrw len=4 offs=0 imm

[46] 00000005 clrw: clr_c1mode clr_c1datas

[47] 82500001 operation: cls1-op rng (SH0) generate random test

[48] 60340020 fifostr: rng-ref len=32

[49] FFFFFFFF ptr->@0xffffffff

[50] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[51]

[51] 10880004 ld: ind-clrw len=4 offs=0 imm

[52] 00000005 clrw: clr_c1mode clr_c1datas

[53] 8250000D operation: cls1-op rng (SH0) uninstantiate (test)

rng_result1[] = {

0x3a, 0xfe, 0x2c, 0x87, 0xcc, 0xb6, 0x44, 0x49,
0x19, 0x16, 0x9a, 0x74, 0xa1, 0x31, 0x8b, 0xef,
0xf4, 0x86, 0x0b, 0xb9, 0x5e, 0xee, 0xae, 0x91,
0x92, 0xf4, 0xa9, 0x8f, 0xb0, 0x37, 0x18, 0xa4

}

Descriptor for parts with RNG version 4.3 or 4.4:

rng_dsc2[] = {

0xb080003a, 0x04800020, 0x27b73130, 0x30b4b10f,

0x7c62b1ad, 0x77abe899, 0x67452301, 0xefcdab89,

0x98badcfe, 0x10325476, 0x02800020, 0x63f757cf,

0xb9165584, 0xc3c1b407, 0xcc4ce8ad, 0x1ffe8a58,

0xfb4fa893, 0xbb5f4af0, 0x3fb946a1, 0x12a00020,

0x56cbcaa5, 0xfff3adad, 0xe804dcbf, 0x9a900c71,

0xa42017e3, 0x826948e2, 0xd0cfeb3e, 0xaf1a136a,

0x82500405, 0xa2000001, 0x10880004, 0x00000005,

0x12820004, 0x00000020, 0x82500001, 0xa2000001,

0x10880004, 0x40000045, 0x02800020, 0x2e882f8a,

0xe929943e, 0x8132c0a8, 0x12037f90, 0x809fbd66,

0x8684ea04, 0x00cbafa7, 0x7b82d12a, 0x82500009,

0xa2000001, 0x10880004, 0x00000005, 0x82500001,

0x60340020, 0xFFFFFFFF, 0xa2000001, 0x10880004,

0x00000005, 0x8250000d

}

Human Readable Format:

[00] B080003A jobhdr: stidx->[00] len=58

[01] 04800020 key: class2-keyreg len=32 imm

[02] 27B73130 key=[3031b7270fb1b430adb1627c99e8ab77

[03] 30B4B10F

[04] 7C62B1AD

[05] 77ABE899

[06] 67452301 0123456789abcdeffedcba9876543210]

[07] EFCDAB89

[08] 98BADCFE

[09] 10325476

[10] 02800020 key: class1-keyreg len=32 imm

[11] 63F757CF key=[cf57f763845516b907b4c1c3ade84ccc

[12] B9165584

[13] C3C1B407

[14] CC4CE8AD

[15] 1FFE8A58 588afe1f93a84ffbf04a5fbba146b93f]

[16] FB4FA893

[17] BB5F4AF0

[18] 3FB946A1

[19] 12A00020 ld: ccb1-ctx len=32 offs=0 imm

[20] 56CBCAA5 data:[a5cacb56adadf3ffbfdc04e8710c909a

[21] FFF3ADAD

[22] E804DCBF

[23] 9A900C71

[24] A42017E3 e31720a4e24869823eebcfd06a131aaf]

[25] 826948E2

[26] D0CFEB3E

[27] AF1A136A

[28] 82500405 operation: cls1-op rng (SH0) instantiate PS test

[29] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[30]

[30] 10880004 ld: ind-clrw len=4 offs=0 imm

[31] 00000005 clrw: clr_c1mode clr_c1datas

[32] 12820004 ld: ccb1-datasz len=4 offs=0 imm

[33] 00000020 data:0x00000020

[34] 82500001 operation: cls1-op rng (SH0) generate random test

[35] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[36]

[36] 10880004 ld: ind-clrw len=4 offs=0 imm

[37] 40000045 clrw: clr_c1mode clr_c1datas clr_c1key reset_ofifo

[38] 02800020 key: class1-keyreg len=32 imm

[39] 2E882F8A key=[8a2f882e3e9429e9a8c03281907f0312

[40] E929943E

[41] 8132C0A8

[42] 12037F90

[43] 809FBD66 66bd9f8004ea8486a7afcb002ad1827b]

[44] 8684EA04

[45] 00CBAFA7

[46] 7B82D12A

[47] 82500009 operation: cls1-op rng (SH0) reseed test

[48] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[49]

[49] 10880004 ld: ind-clrw len=4 offs=0 imm

[50] 00000005 clrw: clr_c1mode clr_c1datas

[51] 82500001 operation: cls1-op rng (SH0) generate random test

[52] 60340020 fifostr: rng-ref len=32

[53] FFFFFFFF ptr->@0xffffffff

[54] A2000001 jump: class1-done all-match[] always-jump offset=[01] local->[55]

[55] 10880004 ld: ind-clrw len=4 offs=0 imm

[56] 00000005 clrw: clr_c1mode clr_c1datas

[57] 8250000D operation: cls1-op rng (SH0) uninstantiate (test)

rng_result2[] = {

0x76, 0x87, 0x66, 0x4e, 0xd8, 0x1d, 0x1f, 0x43,
0x76, 0x50, 0x85, 0x5d, 0x1e, 0x1d, 0x9d, 0x0f,
0x93, 0x75, 0x83, 0xff, 0x9a, 0x9b, 0x61, 0xa9,
0xa5, 0xeb, 0xa3, 0x28, 0x2a, 0x15, 0xc1, 0x57

}

Steps to implement these descriptors:

Running this test requires that RNG is not already instantiated using the same State Handle. If the RNG Self Test is being carried out using State Handle 0, then RNG should not be instantiated using State Handle 0 prior to running the test. u-boot currently instantiates RNG during boot so please ensure self test is run before instantiating RNG.

RNG self test descriptions provided here uses State Handle 0 to perform the self test. RNG instantiation with State Handle 0 can be left as is, if the RNG self test is run with State Handle 1.

Construct the right descriptor based on the CAAM ERA (CAAM CCBVID[31-16]), RNG VID (CAAM CHAVID[31-28]) and RNG REV (CAAM CRNR_LS[19-16]).
- If CAAM ERA is less than 8 and [RNG VID.RNG REV] < 4.3 then choose rng_dsc1 descriptors.
- Else choose rng_dsc2 descriptors.
Make sure CAAM clock is enabled and initialize JR0.
Construct the descriptors with the chosen descriptor set.
- Make sure to replace the output address of Known Answer Test result from 0xFFFFFFFF in the descriptor set to an un-used DDR destination address.
Flush dcache of the region where descriptors are placed and the result will be placed.
Run the descriptors using JR0.
The result will be placed in the destination address from #3.
Compare the result with the known respective result (rng_result1 or rng_result2) of the descriptor. If the comparison matches, the RNG self test has passed and RNG module can be used there onwards.