Merge "refactor(trng): cleanup the existing TRNG support" into integration

Makefile

@@ -1079,6 +1079,7 @@ $(eval $(call assert_booleans,\
         ENABLE_MPMM_FCONF \
         SIMICS_BUILD \
         FEATURE_DETECTION \
+	TRNG_SUPPORT \
 )))
 
 $(eval $(call assert_numerics,\

changelog.yaml

@@ -650,6 +650,9 @@ subsections:
       - title: DRTM
         scope: drtm
 
+      - title: TRNG
+        scope: trng
+
   - title: Libraries
 
     subsections:

docs/getting_started/build-options.rst

@@ -851,6 +851,9 @@ Common build options
    hardware will limit the effective VL to the maximum physically supported
    VL.
 
+-  ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
+   Random Number Generator Interface to BL31 image. This defaults to ``0``.
+
 -  ``TRUSTED_BOARD_BOOT``: Boolean flag to include support for the Trusted Board
    Boot feature. When set to '1', BL1 and BL2 images include support to load
    and verify the certificates and images in a FIP, and BL1 includes support

docs/getting_started/porting-guide.rst

@@ -2468,7 +2468,7 @@ value: uuid_t plat_trng_uuid [mandatory]
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 This value must be defined to the UUID of the TRNG backend that is specific to
-the hardware after ``plat_trng_setup`` function is called. This value must
+the hardware after ``plat_entropy_setup`` function is called. This value must
 conform to the SMCCC calling convention; The most significant 32 bits of the
 UUID must not equal ``0xffffffff`` or the signed integer ``-1`` as this value in
 w0 indicates failure to get a TRNG source.

include/plat/common/platform.h

@@ -16,10 +16,10 @@
 #if ENABLE_RME
 #include <services/rmm_core_manifest.h>
 #endif
+#include <drivers/fwu/fwu_metadata.h>
 #if TRNG_SUPPORT
 #include "plat_trng.h"
-#endif
-#include <drivers/fwu/fwu_metadata.h>
+#endif /* TRNG_SUPPORT */
 #if DRTM_SUPPORT
 #include "plat_drtm.h"
 #endif /* DRTM_SUPPORT */

include/services/trng_svc.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -17,7 +17,7 @@
 #define ARM_TRNG_FEATURES	U(0x84000051)
 #define ARM_TRNG_GET_UUID	U(0x84000052)
 #define ARM_TRNG_RND32		U(0x84000053)
-#define ARM_TRNG_RND64		U(0xc4000053)
+#define ARM_TRNG_RND64		U(0xC4000053)
 
 /* TRNG version numbers */
 #define TRNG_VERSION_MAJOR	(0x1)
@@ -30,19 +30,17 @@
 #define TRNG_E_NO_ENTROPY	(-3)
 #define TRNG_E_NOT_IMPLEMENTED	(-4)
 
-#if TRNG_SUPPORT
+/* TRNG Entropy Bit Numbers */
+#define TRNG_RND32_ENTROPY_MAXBITS	(96U)
+#define TRNG_RND64_ENTROPY_MAXBITS	(192U)
+
+/* Public API to perform the initial TRNG entropy setup */
 void trng_setup(void);
+
+/* Public API to verify function id is part of TRNG */
 bool is_trng_fid(uint32_t smc_fid);
-#else
-static inline void trng_setup(void)
-{
-}
-
-static inline bool is_trng_fid(uint32_t smc_fid)
-{
-	return false;
-}
-#endif
+
+/* Handler to be called to handle TRNG smc calls */
 uintptr_t trng_smc_handler(
 	uint32_t smc_fid,
 	u_register_t x1,

make_helpers/defaults.mk

@@ -270,7 +270,7 @@ SAVE_KEYS			:= 0
 # Software Delegated Exception support
 SDEI_SUPPORT			:= 0
 
-# True Random Number firmware Interface
+# True Random Number firmware Interface support
 TRNG_SUPPORT			:= 0
 
 # SMCCC PCI support

services/std_svc/std_svc_setup.c

@@ -74,7 +74,10 @@ static int32_t std_svc_setup(void)
 	sdei_init();
 #endif
 
+#if TRNG_SUPPORT
+	/* TRNG initialisation */
 	trng_setup();
+#endif /* TRNG_SUPPORT */
 
 #if DRTM_SUPPORT
 	if (drtm_setup() != 0) {
@@ -172,7 +175,8 @@ static uintptr_t std_svc_smc_handler(uint32_t smc_fid,
 		return trng_smc_handler(smc_fid, x1, x2, x3, x4, cookie, handle,
 				flags);
 	}
-#endif
+#endif /* TRNG_SUPPORT */
+
 #if ENABLE_RME
 
 	if (is_rmmd_el3_fid(smc_fid)) {

services/std_svc/trng/trng_entropy_pool.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -18,7 +18,7 @@
  * 192 bits of entropy, we don't have to throw out the leftover 1-63 bits of
  * entropy.
  */
-#define WORDS_IN_POOL (4)
+#define WORDS_IN_POOL	(4)
 static uint64_t entropy[WORDS_IN_POOL];
 /* index in bits of the first bit of usable entropy */
 static uint32_t entropy_bit_index;
@@ -27,14 +27,14 @@ static uint32_t entropy_bit_size;
 
 static spinlock_t trng_pool_lock;
 
-#define BITS_PER_WORD (sizeof(entropy[0]) * 8)
-#define BITS_IN_POOL (WORDS_IN_POOL * BITS_PER_WORD)
-#define ENTROPY_MIN_WORD (entropy_bit_index / BITS_PER_WORD)
-#define ENTROPY_FREE_BIT (entropy_bit_size + entropy_bit_index)
-#define _ENTROPY_FREE_WORD (ENTROPY_FREE_BIT / BITS_PER_WORD)
-#define ENTROPY_FREE_INDEX (_ENTROPY_FREE_WORD % WORDS_IN_POOL)
+#define BITS_PER_WORD		(sizeof(entropy[0]) * 8)
+#define BITS_IN_POOL		(WORDS_IN_POOL * BITS_PER_WORD)
+#define ENTROPY_MIN_WORD	(entropy_bit_index / BITS_PER_WORD)
+#define ENTROPY_FREE_BIT	(entropy_bit_size + entropy_bit_index)
+#define _ENTROPY_FREE_WORD	(ENTROPY_FREE_BIT / BITS_PER_WORD)
+#define ENTROPY_FREE_INDEX	(_ENTROPY_FREE_WORD % WORDS_IN_POOL)
 /* ENTROPY_WORD_INDEX(0) includes leftover bits in the lower bits */
-#define ENTROPY_WORD_INDEX(i) ((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
+#define ENTROPY_WORD_INDEX(i)	((ENTROPY_MIN_WORD + i) % WORDS_IN_POOL)
 
 /*
  * Fill the entropy pool until we have at least as many bits as requested.
@@ -65,12 +65,12 @@ static bool trng_fill_entropy(uint32_t nbits)
  */
 bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
 {
-	bool success = true;
+	bool ret = true;
 
 	spin_lock(&trng_pool_lock);
 
 	if (!trng_fill_entropy(nbits)) {
-		success = false;
+		ret = false;
 		goto out;
 	}
 
@@ -82,9 +82,8 @@ bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
 	for (word_i = 0; word_i < to_fill; word_i++) {
 		/*
 		 * Repack the entropy from the pool into the passed in out
-		 * buffer. This takes the lower bits from the valid upper bits
-		 * of word_i and the upper bits from the lower bits of
-		 * (word_i + 1).
+		 * buffer. This takes lesser bits from the valid upper bits
+		 * of word_i and more bits from the lower bits of (word_i + 1).
 		 *
 		 * I found the following diagram useful. note: `e` represents
 		 * valid entropy, ` ` represents invalid bits (not entropy) and
@@ -136,7 +135,7 @@ bool trng_pack_entropy(uint32_t nbits, uint64_t *out)
 out:
 	spin_unlock(&trng_pool_lock);
 
-	return success;
+	return ret;
 }
 
 void trng_entropy_pool_setup(void)

services/std_svc/trng/trng_main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -23,9 +23,9 @@ static const uuid_t uuid_null;
 static uintptr_t trng_rnd32(uint32_t nbits, void *handle)
 {
 	uint32_t mask = ~0U;
-	uint64_t ent[2];
+	uint64_t ent[2] = {0};
 
-	if (nbits == 0U || nbits > 96U) {
+	if (nbits == 0U || nbits > TRNG_RND32_ENTROPY_MAXBITS) {
 		SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
 	}
 
@@ -59,9 +59,9 @@ static uintptr_t trng_rnd32(uint32_t nbits, void *handle)
 static uintptr_t trng_rnd64(uint32_t nbits, void *handle)
 {
 	uint64_t mask = ~0ULL;
-	uint64_t ent[3];
+	uint64_t ent[3] = {0};
 
-	if (nbits == 0U || nbits > 192U) {
+	if (nbits == 0U || nbits > TRNG_RND64_ENTROPY_MAXBITS) {
 		SMC_RET1(handle, TRNG_E_INVALID_PARAMS);
 	}
 
@@ -117,9 +117,9 @@ uintptr_t trng_smc_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2,
 	switch (smc_fid) {
 	case ARM_TRNG_VERSION:
 		SMC_RET1(handle, MAKE_SMCCC_VERSION(
-			TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR
-		));
+			TRNG_VERSION_MAJOR, TRNG_VERSION_MINOR));
 		break; /* unreachable */
+
 	case ARM_TRNG_FEATURES:
 		if (is_trng_fid((uint32_t)x1)) {
 			SMC_RET1(handle, TRNG_E_SUCCESS);
@@ -127,16 +127,19 @@ uintptr_t trng_smc_handler(uint32_t smc_fid, u_register_t x1, u_register_t x2,
 			SMC_RET1(handle, TRNG_E_NOT_SUPPORTED);
 		}
 		break; /* unreachable */
+
 	case ARM_TRNG_GET_UUID:
 		SMC_UUID_RET(handle, plat_trng_uuid);
 		break; /* unreachable */
+
 	case ARM_TRNG_RND32:
 		return trng_rnd32((uint32_t)x1, handle);
+
 	case ARM_TRNG_RND64:
 		return trng_rnd64((uint32_t)x1, handle);
+
 	default:
-		WARN("Unimplemented TRNG Service Call: 0x%x\n",
-			smc_fid);
+		WARN("Unimplemented TRNG Service Call: 0x%x\n", smc_fid);
 		SMC_RET1(handle, TRNG_E_NOT_IMPLEMENTED);
 		break; /* unreachable */
 	}