Re: [PATCH v2 2/3] hwrng: add Rockchip SoC hwrng driver
From: Jason A. Donenfeld
Date: Mon Dec 05 2022 - 08:14:05 EST
On Mon, Nov 28, 2022 at 07:47:17PM +0100, Aurelien Jarno wrote:
> The TRNG device does not seem to have a signal conditionner and the FIPS
> 140-2 test returns a lot of failures. They can be reduced by increasing
> RK_RNG_SAMPLE_CNT, in a tradeoff between quality and speed. This value
> has been adjusted to get ~90% of successes and the quality value has
> been set accordingly.
Can't you reduce it even more to get 100%? All we need is 32 bytes every
once in a while.
> + rk_rng->rng.quality = 900;
If your intention is "90%", this should be 921 or 922, because the
quality knob is out of 1024, not 1000.
Herbert - this seems like a fairly common pitfall I've seen all over the
place. It might be worth making a mental memo to reject or ask questions
about numbers that seem "too round", when you look at these sorts of
patches.
Jason