I kindly request any advice regarding the configuration of the HW RNG of TI AM335X. I'm aiming to achieve security certification for our device, which is based on the PLC Wago PFC200 750-8217. One of the tests involves rngtest of the RNG device /dev/hwrng, and unfortunately, this test isn't passing well.
I'm requesting advice how to set up the random number generator. Is it possible to configure RNG entropy parameters on already compiled system?
root@PFC200V3-5E10C3:~ uname -a
Linux PFC200V3-5E10C3 5.15.107-rt62-w04.02.02 #1 PREEMPT_RT Thu Oct 12 16:23:25 UTC 2023 armv7l GNU/Linuxroot@PFC200V3-5E10C3:~ cat /etc/os-release
NAME=PTXdist
VERSION="2020.08.0"
ID=ptxdist
VERSION_ID="2020.08.0"
PRETTY_NAME="PTXdist / WAGO-PFC"
ANSI_COLOR="1;34"
PTXDIST_VERSION="2020.08.0"
PTXDIST_BSP_VENDOR="WAGO"
PTXDIST_BSP_NAME="PFC"
PTXDIST_BSP_VERSION="PFC-trunk"
PTXDIST_PLATFORM_NAME="wago-pfcXXX"
PTXDIST_PLATFORM_VERSION="-trunk"
PTXDIST_BUILD_DATE="2023-10-12T16:43:08+0000"root@PFC200V3-5E10C3:~ dmesg | grep omap
[ 0.000000] Kernel command line: bootversion=2021.10.0-w04.02.00_15 reset_state=RST bootchooser.active=rootfs.1 rw root=/dev/mmcblk1p7 rootfstype=ext4 rootwait uio_pdrv_genirq.of_id=uio_pdrv_genirq omap_wdt.early_enable omap_wdt.timer_margin=30
[ 0.726233] ehci-omap: OMAP-EHCI Host Controller driver
[ 0.756679] omap_voltage_late_init: Voltage driver support not added
[ 0.880655] omap_wdt: OMAP Watchdog Timer Rev 0x01: initial timeout 30 sec
[ 0.999330] omap_uart 481aa000.serial: no wakeirq for uart5
[ 1.049123] omap_rng 48310000.rng: Random Number Generator ver. 20
[ 1.260657] omap-gpmc 50000000.gpmc: GPMC revision 6.0
[ 1.278271] omap-sham 53100000.sham: hw accel on OMAP rev 4.3
[ 1.278518] omap-sham 53100000.sham: will run requests pump with realtime priority
[ 1.297050] omap-aes 53500000.aes: OMAP AES hw accel rev: 3.2
[ 1.297614] omap-aes 53500000.aes: will run requests pump with realtime priority
[ 1.324942] omap_reset_deassert: timedout waiting for gfx:0
[ 1.337356] omap_hwmod: debugss: _wait_target_ready failed: -22
[ 1.337381] omap_hwmod: debugss: cannot be enabled for reset (3)
[ 1.337408] omap_hwmod: debugss: _wait_target_ready failed: -22
[ 1.344996] omap_uart 44e09000.serial: no wakeirq for uart0
[ 1.469816] omap_i2c 44e0b000.i2c: bus 0 rev0.11 at 100 kHz
[ 1.496449] sdhci-omap 48060000.mmc: Got CD GPIO
[ 1.496576] sdhci-omap 48060000.mmc: Got WP GPIO
[ 1.496832] sdhci-omap 48060000.mmc: supply vqmmc not found, using dummy regulator
[ 1.505331] sdhci-omap 481d8000.mmc: supply vqmmc not found, using dummy regulator
[ 24.163614] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[ 24.163652] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500ns
[ 24.218985] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[ 24.219025] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500nsroot@PFC200V3-5E10C3:~ sysctl kernel.random.poolsize
kernel.random.poolsize = 256root@PFC200V3-5E10C3:~ sysctl kernel.random.entropy_avail
kernel.random.entropy_avail = 256root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.358; avg=2.656; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=11.716; avg=32.591; max=36.469)Mibits/s
rngtest: Program run time: 7788534 microsecondsroot@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.304; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=15.222; avg=32.789; max=36.400)Mibits/s
rngtest: Program run time: 7782633 microsecondsroot@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.328; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=16.820; avg=32.816; max=36.400)Mibits/s
rngtest: Program run time: 7781956 microseconds
Asked by bpob
(11 rep)
Apr 16, 2024, 10:28 PM
Last activity: Apr 16, 2024, 10:30 PM
Last activity: Apr 16, 2024, 10:30 PM