On 12/5/23 9:22 AM, Nishanth Menon wrote:
On 08:46-20231205, Andrew Davis wrote:
On 12/4/23 1:29 PM, Nishanth Menon wrote:
On 15:59-20231201, Dhruva Gole wrote:
Delete the flag CFG_WITH_SOFTWARE_PRNG as it's not necessary/ boot
requirement for this SoC
Signed-off-by: Dhruva Gole <d-g...@ti.com>
---
doc/board/beagle/am62x_beagleplay.rst | 1 -
1 file changed, 1 deletion(-)
diff --git a/doc/board/beagle/am62x_beagleplay.rst
b/doc/board/beagle/am62x_beagleplay.rst
index 7784e62b0b71..50d7d3c620d7 100644
--- a/doc/board/beagle/am62x_beagleplay.rst
+++ b/doc/board/beagle/am62x_beagleplay.rst
@@ -63,7 +63,6 @@ Set the variables corresponding to this platform:
# we dont use any extra TFA parameters
unset TFA_EXTRA_ARGS
export OPTEE_PLATFORM=k3-am62x
- export OPTEE_EXTRA_ARGS="CFG_WITH_SOFTWARE_PRNG=y"
.. include:: ../ti/am62x_sk.rst
:start-after: .. am62x_evm_rst_include_start_build_steps
--
2.34.1
NAK. RNG is needed to seed standard distros.
You have this backwards, setting WITH_SOFTWARE_PRNG=y forces the SW
RNG, disabling the HW RNG. Without this line the HW RNG is the default.
That is not the rationale with which the series was posted. I would
prefer we use HW RNG by default. but as I understand there are a bunch
of f/w bugs preventing us from doing so. if they are resolved, then the
commit message argument should be that the bugs are fixed, so we can
easily use then with f/w version x.y.z onwards.
There was a single FW bug that caused suspend/resume to fail when OP-TEE
was using the HW RNG. The HW RNG always worked, disabling it was a hack
that allowed us to still demo suspend/resume, not sure how that ended up
in this documentation.
The fact we disabled a security feature to workaround a non-security bug
shows a lack of good judgement on our part IMHO. Product security is our
top priority.
Andrew
