diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2019-11-20 09:50:40 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-17 22:30:57 +0000 |
| commit | 32730b21cfd504438d6a711834b445c68ec19ae5 (patch) | |
| tree | 592c1eb4de6cf12f85921bd2e8e4cead92869c4a /Makefile.toolchain | |
| parent | d61ca497127ee518d65b26975cf3fadd62bc0a9a (diff) | |
| download | chrome-ec-32730b21cfd504438d6a711834b445c68ec19ae5.tar.gz | |
cr50: use NIST-compliant configuration of TRNG
According to NIST SP 800-90B only vetted conditioning mechanism should
be used for post-processing raw entropy. See SP 800-90B, 3.1.5.1 Using
Vetted Conditioning Components. Use of non-vetted algorithms is governed
in 3.1.5.2, but assumes conservative coefficient 0.85 for entropy estimate,
which increase number of requests to TRNG to get desirable entropy.
More details on entropy estimate tests are in associated bug.
Entropy measurements using NIST assessment tool didn't report noticeable
change in entropy estimate. However, more changes are needed to use
DRBG instead of raw TRNG for all purposes.
TRNG changes reviewed also at https://crrev.com/c/1926384
BUG=b:138577834
TEST=test/tpm_test/nist_entropy.sh
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I5a578b90b8b7a77fae6a218eec48e87e7644ab44
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2240519
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'Makefile.toolchain')
0 files changed, 0 insertions, 0 deletions