AM335X的RNG设置

tag-icon tag-icon linux kernel random
AM335X的RNG设置

我恳请有关 TI AM335X 的 HW RNG 配置的任何建议。我的目标是让我们的设备获得安全认证,该设备基于 PLC Wago PFC200 750-8217。其中一项测试涉及 RNG 设备 /dev/hwrng 的 rngtest,不幸的是,该测试没有顺利通过。

我请求建议如何设置随机数生成器。是否可以在已编译的系统上配置 RNG 熵参数?

root@PFC200V3-5E10C3:~ uname -a

Linux PFC200V3-5E10C3 5.15.107-rt62-w04.02.02 #1 PREEMPT_RT Thu Oct 12 16:23:25 UTC 2023 armv7l GNU/Linux

root@PFC200V3-5E10C3:~ cat /etc/os-release

NAME=PTXdist
VERSION="2020.08.0"
ID=ptxdist
VERSION_ID="2020.08.0"
PRETTY_NAME="PTXdist / WAGO-PFC"
ANSI_COLOR="1;34"

PTXDIST_VERSION="2020.08.0"
PTXDIST_BSP_VENDOR="WAGO"
PTXDIST_BSP_NAME="PFC"
PTXDIST_BSP_VERSION="PFC-trunk"
PTXDIST_PLATFORM_NAME="wago-pfcXXX"
PTXDIST_PLATFORM_VERSION="-trunk"
PTXDIST_BUILD_DATE="2023-10-12T16:43:08+0000"

root@PFC200V3-5E10C3:~ dmesg | grep omap

[    0.000000] Kernel command line: bootversion=2021.10.0-w04.02.00_15 reset_state=RST bootchooser.active=rootfs.1 rw root=/dev/mmcblk1p7 rootfstype=ext4 rootwait uio_pdrv_genirq.of_id=uio_pdrv_genirq  omap_wdt.early_enable omap_wdt.timer_margin=30
[    0.726233] ehci-omap: OMAP-EHCI Host Controller driver
[    0.756679] omap_voltage_late_init: Voltage driver support not added
[    0.880655] omap_wdt: OMAP Watchdog Timer Rev 0x01: initial timeout 30 sec
[    0.999330] omap_uart 481aa000.serial: no wakeirq for uart5
[    1.049123] omap_rng 48310000.rng: Random Number Generator ver. 20
[    1.260657] omap-gpmc 50000000.gpmc: GPMC revision 6.0
[    1.278271] omap-sham 53100000.sham: hw accel on OMAP rev 4.3
[    1.278518] omap-sham 53100000.sham: will run requests pump with realtime priority
[    1.297050] omap-aes 53500000.aes: OMAP AES hw accel rev: 3.2
[    1.297614] omap-aes 53500000.aes: will run requests pump with realtime priority
[    1.324942] omap_reset_deassert: timedout waiting for gfx:0
[    1.337356] omap_hwmod: debugss: _wait_target_ready failed: -22
[    1.337381] omap_hwmod: debugss: cannot be enabled for reset (3)
[    1.337408] omap_hwmod: debugss: _wait_target_ready failed: -22
[    1.344996] omap_uart 44e09000.serial: no wakeirq for uart0
[    1.469816] omap_i2c 44e0b000.i2c: bus 0 rev0.11 at 100 kHz
[    1.496449] sdhci-omap 48060000.mmc: Got CD GPIO
[    1.496576] sdhci-omap 48060000.mmc: Got WP GPIO
[    1.496832] sdhci-omap 48060000.mmc: supply vqmmc not found, using dummy regulator
[    1.505331] sdhci-omap 481d8000.mmc: supply vqmmc not found, using dummy regulator
[   24.163614] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[   24.163652] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500ns
[   24.218985] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[   24.219025] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500ns

RNG当前设置

root@PFC200V3-5E10C3:~ sysctl kernel.random.poolsize

kernel.random.poolsize = 256

root@PFC200V3-5E10C3:~ sysctl kernel.random.entropy_avail

kernel.random.entropy_avail = 256

rng-工具测试

root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000

rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.358; avg=2.656; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=11.716; avg=32.591; max=36.469)Mibits/s
rngtest: Program run time: 7788534 microseconds

root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000

rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.304; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=15.222; avg=32.789; max=36.400)Mibits/s
rngtest: Program run time: 7782633 microseconds

root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000

rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.328; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=16.820; avg=32.816; max=36.400)Mibits/s
rngtest: Program run time: 7781956 microseconds

相关内容