path: root/chip/stm32/trng.c

/* Copyright 2017 The ChromiumOS Authors
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

/* Hardware Random Number Generator */

#include "common.h"
#include "console.h"
#include "host_command.h"
#include "panic.h"
#include "printf.h"
#include "registers.h"
#include "system.h"
#include "task.h"
#include "trng.h"
#include "util.h"

static uint32_t trng_rand(void)
{
	int tries = 300;
	/* Wait for a valid random number */
	while (!(STM32_RNG_SR & STM32_RNG_SR_DRDY) && --tries)
		;
	/* we cannot afford to feed the caller with an arbitrary number */
	if (!tries)
		software_panic(PANIC_SW_BAD_RNG, task_get_current());
	/* Finally the 32-bit of entropy */
	return STM32_RNG_DR;
}

test_mockable void trng_rand_bytes(void *buffer, size_t len)
{
	while (len) {
		uint32_t number = trng_rand();
		size_t cnt = 4;
		/* deal with the lack of alignment guarantee in the API */
		uintptr_t align = (uintptr_t)buffer & 3;

		if (len < 4 || align) {
			cnt = MIN(4 - align, len);
			memcpy(buffer, &number, cnt);
		} else {
			*(uint32_t *)buffer = number;
		}
		len -= cnt;
		buffer += cnt;
	}
}

test_mockable void trng_init(void)
{
#ifdef CHIP_FAMILY_STM32L4
	/* Enable the 48Mhz internal RC oscillator */
	STM32_RCC_CRRCR |= STM32_RCC_CRRCR_HSI48ON;
	/* no timeout: we watchdog if the oscillator doesn't start */
	while (!(STM32_RCC_CRRCR & STM32_RCC_CRRCR_HSI48RDY))
		;

	/* Clock the TRNG using the HSI48 */
	STM32_RCC_CCIPR = (STM32_RCC_CCIPR & ~STM32_RCC_CCIPR_CLK48SEL_MASK) |
			  (0 << STM32_RCC_CCIPR_CLK48SEL_SHIFT);
#elif defined(CHIP_FAMILY_STM32H7)
	/* Enable the 48Mhz internal RC oscillator */
	STM32_RCC_CR |= STM32_RCC_CR_HSI48ON;
	/* no timeout: we watchdog if the oscillator doesn't start */
	while (!(STM32_RCC_CR & STM32_RCC_CR_HSI48RDY))
		;

	/* Clock the TRNG using the HSI48 */
	STM32_RCC_D2CCIP2R =
		(STM32_RCC_D2CCIP2R & ~STM32_RCC_D2CCIP2_RNGSEL_MASK) |
		STM32_RCC_D2CCIP2_RNGSEL_HSI48;
#elif defined(CHIP_FAMILY_STM32F4)
	/*
	 * The RNG clock is the same as the SDIO/USB OTG clock, already set at
	 * 48 MHz during clock initialisation. Nothing to do.
	 */
#else
#error "Please add support for CONFIG_RNG on this chip family."
#endif
	/* Enable the RNG logic */
	STM32_RCC_AHB2ENR |= STM32_RCC_AHB2ENR_RNGEN;
	/* Start the random number generation */
	STM32_RNG_CR |= STM32_RNG_CR_RNGEN;
}

test_mockable void trng_exit(void)
{
	STM32_RNG_CR &= ~STM32_RNG_CR_RNGEN;
	STM32_RCC_AHB2ENR &= ~STM32_RCC_AHB2ENR_RNGEN;
#ifdef CHIP_FAMILY_STM32L4
	STM32_RCC_CRRCR &= ~STM32_RCC_CRRCR_HSI48ON;
#elif defined(CHIP_FAMILY_STM32H7)
	STM32_RCC_CR &= ~STM32_RCC_CR_HSI48ON;
#elif defined(CHIP_FAMILY_STM32F4)
	/* Nothing to do */
#endif
}

#if defined(CONFIG_CMD_RAND)
/*
 * We want to avoid accidentally exposing debug commands in RO since we can't
 * update RO once in production.
 */
#if defined(SECTION_IS_RW)
static int command_rand(int argc, const char **argv)
{
	uint8_t data[32];
	char str_buf[hex_str_buf_size(sizeof(data))];

	trng_init();
	trng_rand_bytes(data, sizeof(data));
	trng_exit();

	snprintf_hex_buffer(str_buf, sizeof(str_buf),
			    HEX_BUF(data, sizeof(data)));
	ccprintf("rand %s\n", str_buf);

	return EC_SUCCESS;
}
DECLARE_CONSOLE_COMMAND(rand, command_rand, NULL,
			"Output random bytes to console.");

static enum ec_status host_command_rand(struct host_cmd_handler_args *args)
{
	const struct ec_params_rand_num *p = args->params;
	struct ec_response_rand_num *r = args->response;
	uint16_t num_rand_bytes = p->num_rand_bytes;

	if (system_is_locked())
		return EC_RES_ACCESS_DENIED;

	if (num_rand_bytes > args->response_max)
		return EC_RES_OVERFLOW;

	trng_init();
	trng_rand_bytes(r->rand, num_rand_bytes);
	trng_exit();

	args->response_size = num_rand_bytes;

	return EC_SUCCESS;
}

DECLARE_HOST_COMMAND(EC_CMD_RAND_NUM, host_command_rand,
		     EC_VER_MASK(EC_VER_RAND_NUM));
#endif /* SECTION_IS_RW */
#endif /* CONFIG_CMD_RAND */