entropy: rpi_pico: implement entropy driver for RP2350 #83346
Conversation
zephyrbot
added
area: Crypto / RNG
platform: Raspberry Pi Pico
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
2 times, most recently
from
df8de81 to
be3cfa0
Compare
drivers/entropy/entropy_rpi_pico.c
Outdated
There was a problem hiding this comment.
Good catch, I took that part from an earlier version of another entropy driver. The cast has been removed.
tomi-font
left a comment
tomi-font
left a comment
There was a problem hiding this comment.
Do you have any answer to @yonsch's comment in your previous PR #66764 (comment)?
@yonsch is referring to the fact that RP2040 lacks a hardware random number generator so it uses other sources as seed. RP2350 has a hardware random number generator and uses that in pico-sdk: https://github.com/raspberrypi/pico-sdk/blob/95ea6acad131124694cda1c162c52cd30e0aece0/src/rp2_common/pico_rand/rand.c#L121 |
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
2 times, most recently
from
338dfec to
f069b11
Compare
ajf58
left a comment
ajf58
left a comment
There was a problem hiding this comment.
I think a few things need addressing here.
drivers/entropy/entropy_rpi_pico.c
Outdated
There was a problem hiding this comment.
This could be wrapped in a Zephyr spinlock. There would be a slight performance hit because of the Zephyr spinlock + Pico SDK's hardware-based spin_lock (and we're holding a k_spinlock for longer than strictly required), but this would ensure that users get the Zephyr-provided guarantees about spinlocks.
nit: word has overloaded meaning, I'd avoid this variable name.
There was a problem hiding this comment.
Variable renamed to value.
modules/hal_rpi_pico/CMakeLists.txt
Outdated
There was a problem hiding this comment.
This needs thinking about, in particular, how this interacts, by default, with Pico SDK's alarm pool. I think PICO_TIME_DEFAULT_ALARM_POOL_DISABLED will need to be set, at least.
There was a problem hiding this comment.
In the earlier PR #66764, PICO_TIME_DEFAULT_ALARM_POOL_DISABLED=1 was needed due to building ${common_dir}/pico_time/time.c. However PICO_TIME_DEFAULT_ALARM_POOL_DISABLED doesn't seem to be referenced in either of the two C files added in this PR:
${rp2_common_dir}/hardware_timer/timer.c${rp2_common_dir}/pico_rand/rand.c
There was a problem hiding this comment.
initialise_rand -> capture_additional_rosc_samples -> sleep_until -> add_alarm_at -> alarm_pool_add_alarm_at, and so on, no?
There was a problem hiding this comment.
It doesn't seem like PICO_RAND_SEED_ENTROPY_SRC_ROSC or PICO_RAND_ENTROPY_SRC_ROSC are defined so capture_additional_rosc_samples() shouldn't be called.
Function alarm_pool_add_alarm_at() is defined in src/common/pico_time/time.c and that doesn't seem to be added from anywhere in Zephyr.
There was a problem hiding this comment.
Looks good to me, thanks for taking the time to walk through the code path here.
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
2 times, most recently
from
1edd3e0 to
14d6fb1
Compare
ajf58
left a comment
ajf58
left a comment
There was a problem hiding this comment.
I don't think my concern about the alarm pool has been addressed.
drivers/entropy/entropy_rpi_pico.c
Outdated
There was a problem hiding this comment.
| uint64_t value = get_rand_64(); | |
| K_SPINLOCK(&entropy_lock) { | |
| uint64_t value = get_rand_64(); | |
| } |
Only the call to get_rand_64() needs wrapping in the spinlock. Reducing the amount of code in the lock is preferable, and use the helper macro to limit the scope of the key.
There was a problem hiding this comment.
I've wrapped get_rand_64() with the K_SPINLOCK() macro.
modules/hal_rpi_pico/CMakeLists.txt
Outdated
There was a problem hiding this comment.
initialise_rand -> capture_additional_rosc_samples -> sleep_until -> add_alarm_at -> alarm_pool_add_alarm_at, and so on, no?
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
14d6fb1 to
bb08548
Compare
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
bb08548 to
1267804
Compare
|
PR rebased on top of 03fa6a0 to address merge conflicts. |
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
1267804 to
9bb2f83
Compare
drivers/entropy/entropy_rpi_pico.c
Outdated
There was a problem hiding this comment.
The 3rd arg of memcpy is size_t.
And for now, we mostly follow the old habit of "declaring variables at the top of a block", so please do so if possible.
There was a problem hiding this comment.
Yes, to_copy should be size_t.
I'm putting a thumbs-down against "declaring variables at the top of a block"
a) Reviewers should not introduce ad-hoc coding styles.
b) It's another throwback to ancient C standards (i.e. C90, which is 4 versions and 30 years too old). Mixing declarations and code is a Good Thing: by reducing a variables scope/lifetime it makes it easier to understand when/where a variable is used. In contrast, sticking all the variable declarations together makes it harder to do this. Some people incorrectly believe they can estimate stack usage by counting number/size of variables declared, and this tacitly encourages such behaviour.
There was a problem hiding this comment.
In reality, this habit is still strong
and is frequently pointed out in reviews. #83358 (comment)
Since there is no clear affirmative or negative provision in the terms and conditions, it is up to the discretion of the reviewer or maintainer.
I think that, currently, most cases lean towards this "old habit."
As far as I'm concerned, this habit was abolished in the 2012 MISRA-C regulations,
so I don't intend to block it, but I would probably start by saying, "Do it the way everyone else does."
Even this would probably be a relatively radical stance among maintainers.
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
9bb2f83 to
045df69
Compare
ajf58
left a comment
ajf58
left a comment
There was a problem hiding this comment.
There's a lot I like about this implementation (it's very well laid out, order of #include s is neat, DTS file changes are nicely in order).
A couple of things need tweaking.
drivers/entropy/Kconfig.rpi_pico
Outdated
There was a problem hiding this comment.
| depends on DT_HAS_RASPBERRYPI_PICO_RNG_ENABLED | |
| depends on DT_HAS_RASPBERRYPI_PICO_RNG_ENABLED | |
| depends on SOC_SERIES_RP2350 |
Given that *rpi_pico*.c is often used for both RP2040 and RP2350 series SoCs, perhaps the additional constraint will avoid people trying to use this entropy generator on the RP2040, where it would be unsuitable?
There was a problem hiding this comment.
Added per suggestion.
There was a problem hiding this comment.
At build-time this is introducing a warning:
zephyr/build/rpi_pico2/rp2350a/m33/hello_world/zephyr/zephyr.dts:408.12-411.5:
Warning (simple_bus_reg): /soc/rng: missing or empty reg/ranges property
which this needs looking at.
Ordering should be the other way around (status comes last).
I think the Zephyr convention is meant to be that we don't enable too much stuff by default, with an implicit rationale that we don't want build "hello world" to compile hundreds of files, as that gives a daunting/bad user experience ("I just want to blink and LED, why does that need 130 source files!" kind of response) so this should be disabled by default.
There was a problem hiding this comment.
I've added reg = <0x400f0000 DT_SIZE_K(4)> since that corresponds to TRNG_BASE.
I've moved status to the last line to match other entries in the .dtsi file.
I've disabled &rng by default and enabled it from the board since non-wireless microcontrollers seem to follow this pattern.
There was a problem hiding this comment.
It's unclear where this should be (SoC's dtsi vs board's) as the Zephyr codebase is inconsistent. My gut feeling is (in descending order)
- Neither; the board doesn't need it to run correctly
- In the board file
- Here
There was a problem hiding this comment.
There is practice in esp32 and nxp, so this is fine.
There was a problem hiding this comment.
The majority of uses of zephyr,entropy are in the SOC definitions, so I think this is the right place.
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
045df69 to
fc54eeb
Compare
Exactly this. |
|
The branch is back at a0c870d, though I don't see a button to reopen the pull request. Perhaps someone with the right permissions can do it now? |
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
a0c870d to
635722a
Compare
|
|
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
635722a to
4c3c8b2
Compare
|
|
Previously CI was failing on the following test: This should be addressed in the latest push with a |
There was a problem hiding this comment.
Why is this required? Maybe SDK functions using this could be avoided?
There was a problem hiding this comment.
Pico SDK mixes the TRNG output with uninitialized memory: https://github.com/raspberrypi/pico-sdk/blob/a1438dff1d38bd9c65dbd693f0e5db4b9ae91779/src/rp2_common/pico_rand/rand.c#L365-L374
To work around that, one would have to use capture_additional_trng_samples(), but that's not public API.
| size_t to_copy = MIN(sizeof(value), len); | ||
|
|
||
| K_SPINLOCK(&entropy_lock) { | ||
| value = get_rand_64(); |
There was a problem hiding this comment.
Is it idiomatic for an entropy source to actually provide more entropy than it has? It only has a boot-time true random value, while this function is fueled by xoroshiro128 algorithm: https://github.com/raspberrypi/pico-sdk/blob/a1438dff1d38bd9c65dbd693f0e5db4b9ae91779/src/host/pico_rand/rand.c
This is a question to subsys maintainers
There was a problem hiding this comment.
Looking at https://github.com/raspberrypi/pico-sdk/blob/a1438dff1d38bd9c65dbd693f0e5db4b9ae91779/src/rp2_common/pico_rand/rand.c#L350-L354, each get_rand_64() invocation calls capture_additional_trng_samples() for additional entropy.
The end result is fed into xoroshiro128 as you mentioned.
There was a problem hiding this comment.
Hm, not sure if that matches subsystem expectations, but that sounds good. Please keep this thread open
|
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
4c3c8b2 to
29e0630
Compare
|
hey there, i applied this as a patch to my zephyr ws, and am building it correctly and am using it successfully. am looking forward to not having to patch but seeing this merged. kudos to all involved! |
Use get_rand_64() from Pico SDK for entropy. Signed-off-by: Xudong Zheng <[email protected]>
xudongzheng
force-pushed
the
rp2350-entropy-pr
branch
from
29e0630 to
d42a905
Compare
|
|
@xudongzheng how is this mostly sram0 stuff in this diff https://github.com/zephyrproject-rtos/zephyr/compare/29e0630267bd920a5d1087a1aec14f22319487b9..d42a9052d8940c5c5d50dc9964c7397cd1846f80 related to the rng? |
@stef Most of that is not part of the PR and just a result of the rebase. A lot of the RP2350 tests were failing in the previous push and I suspected #98363 was necessary. |
9 participants
Use get_rand_64() from Pico SDK for entropy.
This is somewhat based on #66764.