Searched hist:"4 f448dff536a5c99a9b1db7fdf3de0d660d13691" (Results 1 – 2 of 2) sorted by relevance
| /optee_os/core/arch/arm/kernel/ |
| H A D | tee_time_arm_cntpct.c | 4f448dff536a5c99a9b1db7fdf3de0d660d13691 Thu Jan 26 13:37:01 UTC 2017 Andy Green <andy@warmcat.com> prng: implement CNTPCT-based jitter entropy for all arm arch devices
Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:
0xebff3fdd80daceb5
0xebff3fdd80da4601
0xeaff3fdd7edb5dcc
things like eMMC async init from power up, interrupt jitter, branch
prediction misses, peripheral async clock drift, cache fill delays,
and so on accumulate in the counter at better than us resolution,
and make the exact count we reach the dump point differ, even in a
supposedly deterministic boot flow.
There appear to be ~12 bits of real entropy in the initial jitter, by
the time of the sample point which was at OP-TEE entry from a-t-f.
A new general jitter harvesting API is introduced
plat_prng_add_jitter_entropy(). The first time it is called on
PRNG init, 16 bits of CNTPCT are used as seed entropy. Thereafter
only the two LSB of CNTPCT are harvested each time, being provided
as entropy to the PRNG every time it reaches 8 bits.
Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
|
| /optee_os/core/tee/ |
| H A D | tee_cryp_utl.c | 4f448dff536a5c99a9b1db7fdf3de0d660d13691 Thu Jan 26 13:37:01 UTC 2017 Andy Green <andy@warmcat.com> prng: implement CNTPCT-based jitter entropy for all arm arch devices
Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:
0xebff3fdd80daceb5
0xebff3fdd80da4601
0xeaff3fdd7edb5dcc
things like eMMC async init from power up, interrupt jitter, branch
prediction misses, peripheral async clock drift, cache fill delays,
and so on accumulate in the counter at better than us resolution,
and make the exact count we reach the dump point differ, even in a
supposedly deterministic boot flow.
There appear to be ~12 bits of real entropy in the initial jitter, by
the time of the sample point which was at OP-TEE entry from a-t-f.
A new general jitter harvesting API is introduced
plat_prng_add_jitter_entropy(). The first time it is called on
PRNG init, 16 bits of CNTPCT are used as seed entropy. Thereafter
only the two LSB of CNTPCT are harvested each time, being provided
as entropy to the PRNG every time it reaches 8 bits.
Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
|