Skip to content

Nuvoton: Re-implement TRNG HAL with TRNG H/W #11650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 24, 2019
Merged

Nuvoton: Re-implement TRNG HAL with TRNG H/W #11650

merged 6 commits into from
Oct 24, 2019

Conversation

ccli8
Copy link
Contributor

@ccli8 ccli8 commented Oct 8, 2019

Description

This PR is conclusion of #11176 (comment) and tries to re-implement TRNG HAL with TRNG H/W on targets which support it.

Support targets:

  • NU_PFM_M2351_*
  • NUMAKER_IOT_M263A

@cyliangtw

Related PR

#11176 (comment)

Pull request type

[x] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@kjbracey-arm @yanesca

@ciarmcom ciarmcom requested review from kjbracey, Ronny-Liu, yanesca and a team October 8, 2019 11:00
@ciarmcom
Copy link
Member

ciarmcom commented Oct 8, 2019

@ccli8, thank you for your changes.
@yanesca @kjbracey-arm @Ronny-Liu @ARMmbed/mbed-os-maintainers please review.

bulislaw
bulislaw reviewed Oct 9, 2019
View reviewed changes
Copy link
Member

@bulislaw bulislaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Patater please review

kjbracey
kjbracey reviewed Oct 15, 2019
View reviewed changes
targets/TARGET_NUVOTON/TARGET_M2351/trng_api.cpp
"TRNG initialization counter would overflow");
}
core_util_atomic_incr_u16(&trng_init_counter, 1);
if (trng_init_counter == 1) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-reading the counter isn't atomic - you need to look at the return value of the increment function.

Suggested change
if (trng_init_counter == 1) {
if (core_util_atomic_incr_u16(&trng_init_counter, 1) == 1) {

Although here you're inside a critical section anyway, meaning you don't need the atomic increment at all, you can just do ++trng_init_counter.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

targets/TARGET_NUVOTON/TARGET_M2351/device/StdDriver/m2351_crypto.c
switch(id)
{
case CURVE_P_192:
p32[ 0] = 0x00000000;
Copy link
Contributor

@kjbracey kjbracey Oct 15, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really a code-size win over just memcpying from the const ECC_CURVE table?

Even if it is, I suspect you could get an equivalent saving by just changing the char Ea[144] etc members to const char *Ea, which removes the need to store zero-padding.

(Beyond that, why store in hex rather than binary anyway?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above code is for XOM (execute-only ROM). On mbed-os, it is disabled (XOM_SUPPORT == 0).

Beyond that, why store in hex rather than binary anyway?

The curve definition source is in hex form. No further conversion.

Copy link
Contributor

@kjbracey kjbracey Oct 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The above code is for XOM (execute-only ROM).

Okay, not relevant here, but a bit puzzled. Maybe there's something I'm missing.

If you're having problems with not being able to access const data in execute-only ROM, there's something wrong with your memory map and/or linker/compiler setup. Execute-only ROM shouldn't be breaking basic concepts like being able to access const data objects.

If really necessary in some environment, the build should be placing read-only data regions in RAM via the linker map.

Edit: oh, is that the point? You're having to resort to putting const data objects in RAM, which makes the other form work, but use a lot of RAM? So this form forces ROM use via code instead, even if clunky?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kjbracey-arm Why const data not place in normal ROM? This is security consideration. The major purpose of XOM is non-readable. If XOM code references const data in another ROM, compromising the ROM means compromising the XOM indirectly.

Anyway, XOM is not used on mbed-os, so just ignore it.

@ccli8 ccli8 force-pushed the nuvoton_trng-hal-with-trng-hw branch from 6800f29 to cd63c09 Compare October 16, 2019 01:55
@ccli8
Copy link
Contributor Author

ccli8 commented Oct 16, 2019

Make modifications:

  1. Do rebase
  2. For M2351, update default secure image/gateway library due to change of TRNG security attribute
  3. Minor fix with trng_init_counter

@yanesca
Copy link
Contributor

yanesca commented Oct 16, 2019

I have searched for some documentation and these were the best I could find:
http://www.nuvoton.com/resource-files/DS_M2351_Series_EN_Rev1.00.pdf
http://www.nuvoton.com/resource-files/UM_NuMaker-M263KI_EN_Rev1.00.pdf

These have very limited information on the TRNGs in these targets. Where can I find more information on these TRNGs?

@ccli8
Copy link
Contributor Author

ccli8 commented Oct 16, 2019

These have very limited information on the TRNGs in these targets. Where can I find more information on these TRNGs?

@yanesca Sorry about that. Detailed spec is not open. However, you can find register definition in:

mbed-os/targets/TARGET_NUVOTON/TARGET_M2351/device/Reg/trng_reg.h

Line 12 in 1960671

/*---------------------- True Random Number Generator -------------------------*/

mbed-os/targets/TARGET_NUVOTON/TARGET_M261/device/Reg/trng_reg.h

Line 45 in 1960671

typedef struct

yanesca
yanesca approved these changes Oct 16, 2019
View reviewed changes
Copy link
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

This was referenced Oct 21, 2019
Merged
Closed
0xc0170
0xc0170 approved these changes Oct 23, 2019
View reviewed changes
Copy link
Contributor

@0xc0170 0xc0170 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question otherwise looks fine to me

targets/TARGET_NUVOTON/TARGET_M261/trng_api.cpp Outdated
static uint16_t trng_init_counter = 0U;

/* Mutex for synchronizing access to TRNG H/W */
static SingletonPtr<PlatformMutex> trng_mutex;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this needed? Because the upper layer takes care of this - HAL does not by default.

I assume this TRNG is just one peripheral so this is not taking care of sync in HAL layer when there are multiple users of this peripheral, there's just one trng hal? Or this is connected to secure/non secure thus this lock is needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@0xc0170 Yes. It is unnecessary. mbedtls_mutex has done. Removed it.

ccli8 added 4 commits October 24, 2019 09:36
@ccli8
M2351: Update BSP/crypto driver
c326e07
@ccli8
M2351: Change TRNG security attribute to secure
3548d38
@ccli8
NUVOTON: Re-implement __PC() with toolchain built-in
d993c5a 
Re-implement __PC() by replacing BSP assembly with toolchain built-in.
@ccli8
NUVOTON: Fix BSP/MKROM header
3f9ba9e 
Related targets:
-   NU_PFM_M2351_*
-   NUMAKER_IOT_M263A
@ccli8 ccli8 force-pushed the nuvoton_trng-hal-with-trng-hw branch from cd63c09 to 0bb8034 Compare October 24, 2019 02:36
@ccli8
Copy link
Contributor Author

ccli8 commented Oct 24, 2019

Make modifications:

  1. Do rebase
  2. Remove unnecessary mutex. mbedtls_mutex has done for it.

ccli8 added 2 commits October 24, 2019 10:55
@ccli8
NUVOTON: Re-implement TRNG HAL with TRNG H/W
4cd0332 
Targets supporting TRNG H/W:

-   NU_PFM_M2351_*
-   NUMAKER_IOT_M263A
@ccli8
M2351: Update default secure image/gateway library
8161386 
Update for change of TRNG security attribute
@ccli8 ccli8 force-pushed the nuvoton_trng-hal-with-trng-hw branch from 0bb8034 to 8161386 Compare October 24, 2019 03:44
@0xc0170
Copy link
Contributor

0xc0170 commented Oct 24, 2019

CI started

@mbed-ci
Copy link

mbed-ci commented Oct 24, 2019

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 1
Build artifacts

@0xc0170 0xc0170 merged commit 19fc2b1 into ARMmbed:master Oct 24, 2019
@ccli8 ccli8 deleted the nuvoton_trng-hal-with-trng-hw branch October 24, 2019 08:34
@ccli8 ccli8 mentioned this pull request Oct 24, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bulislaw bulislaw bulislaw left review comments

@kjbracey kjbracey kjbracey left review comments

@0xc0170 0xc0170 0xc0170 approved these changes

@yanesca yanesca yanesca approved these changes

@Ronny-Liu Ronny-Liu Awaiting requested review from Ronny-Liu

Assignees
No one assigned
Labels
release-version: 5.14.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ccli8 @ciarmcom @yanesca @0xc0170 @mbed-ci @bulislaw @kjbracey