Solicito amablemente cualquier consejo sobre la configuración del HW RNG de TI AM335X. Mi objetivo es lograr la certificación de seguridad para nuestro dispositivo, que se basa en el PLC Wago PFC200 750-8217. Una de las pruebas implica la prueba rngtest del dispositivo RNG /dev/hwrng y, desafortunadamente, esta prueba no pasa bien.
Solicito consejo sobre cómo configurar el generador de números aleatorios. ¿Es posible configurar parámetros de entropía RNG en un sistema ya compilado?
root@PFC200V3-5E10C3:~ uname -a
Linux PFC200V3-5E10C3 5.15.107-rt62-w04.02.02 #1 PREEMPT_RT Thu Oct 12 16:23:25 UTC 2023 armv7l GNU/Linux
root@PFC200V3-5E10C3:~ cat /etc/os-release
NAME=PTXdist
VERSION="2020.08.0"
ID=ptxdist
VERSION_ID="2020.08.0"
PRETTY_NAME="PTXdist / WAGO-PFC"
ANSI_COLOR="1;34"
PTXDIST_VERSION="2020.08.0"
PTXDIST_BSP_VENDOR="WAGO"
PTXDIST_BSP_NAME="PFC"
PTXDIST_BSP_VERSION="PFC-trunk"
PTXDIST_PLATFORM_NAME="wago-pfcXXX"
PTXDIST_PLATFORM_VERSION="-trunk"
PTXDIST_BUILD_DATE="2023-10-12T16:43:08+0000"
root@PFC200V3-5E10C3:~ dmesg | grep omap
[ 0.000000] Kernel command line: bootversion=2021.10.0-w04.02.00_15 reset_state=RST bootchooser.active=rootfs.1 rw root=/dev/mmcblk1p7 rootfstype=ext4 rootwait uio_pdrv_genirq.of_id=uio_pdrv_genirq omap_wdt.early_enable omap_wdt.timer_margin=30
[ 0.726233] ehci-omap: OMAP-EHCI Host Controller driver
[ 0.756679] omap_voltage_late_init: Voltage driver support not added
[ 0.880655] omap_wdt: OMAP Watchdog Timer Rev 0x01: initial timeout 30 sec
[ 0.999330] omap_uart 481aa000.serial: no wakeirq for uart5
[ 1.049123] omap_rng 48310000.rng: Random Number Generator ver. 20
[ 1.260657] omap-gpmc 50000000.gpmc: GPMC revision 6.0
[ 1.278271] omap-sham 53100000.sham: hw accel on OMAP rev 4.3
[ 1.278518] omap-sham 53100000.sham: will run requests pump with realtime priority
[ 1.297050] omap-aes 53500000.aes: OMAP AES hw accel rev: 3.2
[ 1.297614] omap-aes 53500000.aes: will run requests pump with realtime priority
[ 1.324942] omap_reset_deassert: timedout waiting for gfx:0
[ 1.337356] omap_hwmod: debugss: _wait_target_ready failed: -22
[ 1.337381] omap_hwmod: debugss: cannot be enabled for reset (3)
[ 1.337408] omap_hwmod: debugss: _wait_target_ready failed: -22
[ 1.344996] omap_uart 44e09000.serial: no wakeirq for uart0
[ 1.469816] omap_i2c 44e0b000.i2c: bus 0 rev0.11 at 100 kHz
[ 1.496449] sdhci-omap 48060000.mmc: Got CD GPIO
[ 1.496576] sdhci-omap 48060000.mmc: Got WP GPIO
[ 1.496832] sdhci-omap 48060000.mmc: supply vqmmc not found, using dummy regulator
[ 1.505331] sdhci-omap 481d8000.mmc: supply vqmmc not found, using dummy regulator
[ 24.163614] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[ 24.163652] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500ns
[ 24.218985] omap_uart_rtu 48022000.serial: Initializing Modbus driver
[ 24.219025] omap_uart_rtu 48022000.serial: Baudrate = 9600, TO_15 = 2862500ns, TO_35 = 5152500ns
Configuración actual de RNG
root@PFC200V3-5E10C3:~ sysctl kernel.random.poolsize
kernel.random.poolsize = 256
root@PFC200V3-5E10C3:~ sysctl kernel.random.entropy_avail
kernel.random.entropy_avail = 256
pruebas de herramientas rng
root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.358; avg=2.656; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=11.716; avg=32.591; max=36.469)Mibits/s
rngtest: Program run time: 7788534 microseconds
root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.304; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=15.222; avg=32.789; max=36.400)Mibits/s
rngtest: Program run time: 7782633 microseconds
root@PFC200V3-5E10C3:~ cat /dev/hwrng | rngtest -c 1000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.328; avg=2.657; max=2384.186)Mibits/s
rngtest: FIPS tests speed: (min=16.820; avg=32.816; max=36.400)Mibits/s
rngtest: Program run time: 7781956 microseconds