diff options
| -rw-r--r-- | board/cr50/dcrypto/trng.c | 9 | ||||
| -rwxr-xr-x | test/tpm_test/nist_entropy.sh | 13 | ||||
| -rw-r--r-- | test/tpm_test/trng_test.py | 2 |
3 files changed, 21 insertions, 3 deletions
diff --git a/board/cr50/dcrypto/trng.c b/board/cr50/dcrypto/trng.c index ce49527472..5745ec308f 100644 --- a/board/cr50/dcrypto/trng.c +++ b/board/cr50/dcrypto/trng.c @@ -154,6 +154,7 @@ uint64_t read_rand(void) #include "console.h" #include "endian.h" #include "extension.h" +#include "timer.h" #include "watchdog.h" #if CRYPTO_TEST_CMD_RAND @@ -291,6 +292,7 @@ static bool raw_rand_bytes(void *buffer, size_t len) * ========================================================================= * text_len | 2 | the number of random bytes to generate, big endian * type | 1 | 0 - TRNG, 1 = FIPS TRNG, 2 = FIPS DRBG + * | | 3 - TRNG after restart * | | other values reserved for extensions */ static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, @@ -314,6 +316,13 @@ static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, } switch (op_type) { + case 3: + /* Power down LDO, wait 1ms, power up. */ + GWRITE(TRNG, POWER_DOWN_B, 0); + udelay(1000); + GWRITE(TRNG, POWER_DOWN_B, 1); + GWRITE(TRNG, GO_EVENT, 1); + /* Fall through */ case 0: if (!raw_rand_bytes(buf, text_len)) return VENDOR_RC_INTERNAL_ERROR; diff --git a/test/tpm_test/nist_entropy.sh b/test/tpm_test/nist_entropy.sh index 5344a49890..b25bd884bf 100755 --- a/test/tpm_test/nist_entropy.sh +++ b/test/tpm_test/nist_entropy.sh @@ -8,6 +8,7 @@ set -e TMP_PATH="/tmp/ea" NIST_URL="https://github.com/usnistgov/SP800-90B_EntropyAssessment.git" TRNG_OUT="${TMP_PATH}/trng_output" +TRNG_OUT_RESTART="${TMP_PATH}/trng_output_restart" EA_LOG="ea_non_iid.log" rm -rf "${TMP_PATH}" git clone --depth 1 "${NIST_URL}" "${TMP_PATH}" @@ -21,11 +22,19 @@ if [[ ! -f "${TRNG_OUT}" ]]; then echo "${TRNG_OUT} does not exist" exit 1 fi +# -t3 use TRNG with restarts +./tpmtest.py -t3 -o "${TRNG_OUT_RESTART}" +if [[ ! -f "${TRNG_OUT_RESTART}" ]]; then + echo "${TRNG_OUT_RESTART} does not exist" + exit 1 +fi + rm -f "${EA_LOG}" -"${TMP_PATH}/cpp/ea_non_iid" -a "${TRNG_OUT}" | tee "${EA_LOG}" +"${TMP_PATH}/cpp/ea_non_iid" -v -a "${TRNG_OUT}" | tee "${EA_LOG}" entropy="$(awk '/min/ {print $5}' "${EA_LOG}")" if [[ -z "${entropy}" ]]; then entropy="$(awk '/H_original/ {print $2}' "${EA_LOG}")" fi echo "Minimal entropy ${entropy}" -"${TMP_PATH}/cpp/ea_restart" "${TRNG_OUT}" "${entropy}" | tee -a "${EA_LOG}" +"${TMP_PATH}/cpp/ea_restart" -v "${TRNG_OUT_RESTART}" \ + "${entropy}" | tee -a "${EA_LOG}" diff --git a/test/tpm_test/trng_test.py b/test/tpm_test/trng_test.py index bdf0477a32..38aabc7c13 100644 --- a/test/tpm_test/trng_test.py +++ b/test/tpm_test/trng_test.py @@ -69,7 +69,7 @@ def trng_test(tpm, trng_output, trng_mode, tsb=1): subcmd.TpmTestError: on unexpected target responses """ - if trng_mode not in [0, 1, 2]: + if trng_mode not in [0, 1, 2, 3]: raise subcmd.TpmTestError('Unknown random source: %d' % trng_mode) # minimal recommended by NIST is 1000 samples per block |