Skip to content

feat(linux): crypto: Add TRNG and tcrypt documentation for DTHEv2 #544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
StaticRocket merged 2 commits into from
Dec 3, 2025
Merged

feat(linux): crypto: Add TRNG and tcrypt documentation for DTHEv2 #544

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
147c67d
feat(linux): crypto: Add TRNG section for DTHEv2
Pratham-T Nov 27, 2025
308de34
feat(linux): crypto: Add tcrypt test section in DTHEv2
Pratham-T Dec 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
123 changes: 123 additions & 0 deletions source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,3 +210,126 @@
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0

******************************************************************
Using the True Random Number Generator (TRNG) Hardware Accelerator

Check warning on line 215 in source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Headings] Use sentence-style capitalization in 'Using the True Random Number Generator (TRNG) Hardware Accelerator'.

Raw Output:
{"message": "[RedHat.Headings] Use sentence-style capitalization in 'Using the True Random Number Generator (TRNG) Hardware Accelerator'.", "location": {"path": "source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst", "range": {"start": {"line": 215, "column": 1}}}, "severity": "INFO"}
******************************************************************

The pre-built kernel included within the SDK already has the OP-TEE TRNG

Check warning on line 218 in source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Definitions] Define acronyms and abbreviations (such as 'TEE') on first occurrence if they're likely to be unfamiliar.

Raw Output:
{"message": "[RedHat.Definitions] Define acronyms and abbreviations (such as 'TEE') on first occurrence if they're likely to be unfamiliar.", "location": {"path": "source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst", "range": {"start": {"line": 218, "column": 65}}}, "severity": "INFO"}
driver enabled. You do not need any further configuration.

Verify that the optee-rng driver is loaded:

Check warning on line 221 in source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.PassiveVoice] 'is loaded' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.

Raw Output:
{"message": "[RedHat.PassiveVoice] 'is loaded' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.", "location": {"path": "source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst", "range": {"start": {"line": 221, "column": 34}}}, "severity": "INFO"}

.. code-block:: console

root@am62lxx-evm:~# cat /sys/class/misc/hw_random/rng_current
optee-rng

The hwrng device should now show up in the filesystem.

Check warning on line 228 in source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Spelling] Verify the word 'hwrng'. It is not in the American English spelling dictionary used by Vale.

Raw Output:
{"message": "[RedHat.Spelling] Verify the word 'hwrng'. It is not in the American English spelling dictionary used by Vale.", "location": {"path": "source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst", "range": {"start": {"line": 228, "column": 5}}}, "severity": "WARNING"}

.. code-block:: console

root@am62lxx-evm:~# ls -l /dev/hwrng
crw------- 1 root root 10, 183 Jan 1 2000 /dev/hwrng

Use :command:`cat` on this device to generate random numbers.

.. code-block:: console

root@am62lxx-evm:~# cat /dev/hwrng | od -x
0000000 b2bd ae08 4477 be48 4836 bf64 5d92 01c9
0000020 0cb6 7ac5 16f9 8616 a483 7dfd 6bf4 3aa5
0000040 d693 db24 d917 5ee7 feb7 34c3 34e9 e7a5
0000060 36b7 ea85 fc17 0e66 555c 0934 7a0c 4c69
0000100 523b 9f21 1546 fddb d58b e5ed 142a 6712
0000120 8d76 8f80 a6d2 30d8 d107 32bc 7f45 f997
0000140 9d5d 0d0c f1f0 64f9 a77f 408f b0c1 f5a0
0000160 39c6 f0ae 4b59 1a76 84a7 a364 8964 f557
root@am62lxx-evm:~#

Test the random number generator on the target.

.. code-block:: console

root@am62lxx-evm:~# cat /dev/hwrng | rngtest -c 1000
rngtest 6.16
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=72.965; avg=3848.070; max=9765625.000)Kibits/s
rngtest: FIPS tests speed: (min=10.794; avg=53.373; max=54.967)Mibits/s
rngtest: Program run time: 5710839 microseconds
root@am62lxx-evm:~#

Note that the results might be slightly different on your system, since,
after all, we are dealing with a random number generator. Any appreciable
number of errors typically indicates a bad random number generator.

If you're satisfied the random number generator is working correctly,
you can use :program:`rngd` (the random number generator daemon) to feed the
:file:`/dev/random` entropy pool.

****************************
Hardware Accelerator testing

Check warning on line 282 in source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Headings] Use sentence-style capitalization in 'Hardware Accelerator testing'.

Raw Output:
{"message": "[RedHat.Headings] Use sentence-style capitalization in 'Hardware Accelerator testing'.", "location": {"path": "source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst", "range": {"start": {"line": 282, "column": 1}}}, "severity": "INFO"}
****************************

Testing using the :program:`tcrypt` module
==========================================

.. code-block:: console

root@am62lxx-evm:~# modprobe tcrypt mode=500 sec=1
[ 1012.121422] tcrypt: testing speed of async ecb(aes) (ecb-aes-dthev2) encryption
[ 1012.128872] tcrypt: test 0 (128 bit key, 16 byte blocks): 4931 operations in 1 seconds (78896 bytes)
[ 1013.138110] tcrypt: test 1 (128 bit key, 64 byte blocks): 4940 operations in 1 seconds (316160 bytes)
[ 1014.146146] tcrypt: test 2 (128 bit key, 128 byte blocks): 4940 operations in 1 seconds (632320 bytes)
[ 1015.154298] tcrypt: test 3 (128 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1016.162329] tcrypt: test 4 (128 bit key, 1024 byte blocks): 4980 operations in 1 seconds (5099520 bytes)
[ 1017.170491] tcrypt: test 5 (128 bit key, 1424 byte blocks): 4940 operations in 1 seconds (7034560 bytes)
[ 1018.178486] tcrypt: test 6 (128 bit key, 4096 byte blocks): 4960 operations in 1 seconds (20316160 bytes)
[ 1019.186570] tcrypt: test 7 (192 bit key, 16 byte blocks): 4960 operations in 1 seconds (79360 bytes)
[ 1020.194482] tcrypt: test 8 (192 bit key, 64 byte blocks): 4940 operations in 1 seconds (316160 bytes)
[ 1021.202151] tcrypt: test 9 (192 bit key, 128 byte blocks): 5000 operations in 1 seconds (640000 bytes)
[ 1022.210225] tcrypt: test 10 (192 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1023.218410] tcrypt: test 11 (192 bit key, 1024 byte blocks): 5000 operations in 1 seconds (5120000 bytes)
[ 1024.226494] tcrypt: test 12 (192 bit key, 1424 byte blocks): 5000 operations in 1 seconds (7120000 bytes)
[ 1025.234490] tcrypt: test 13 (192 bit key, 4096 byte blocks): 4980 operations in 1 seconds (20398080 bytes)
[ 1026.242625] tcrypt: test 14 (256 bit key, 16 byte blocks): 4940 operations in 1 seconds (79040 bytes)
[ 1027.250155] tcrypt: test 15 (256 bit key, 64 byte blocks): 4960 operations in 1 seconds (317440 bytes)
[ 1028.258293] tcrypt: test 16 (256 bit key, 128 byte blocks): 4940 operations in 1 seconds (632320 bytes)
[ 1029.266342] tcrypt: test 17 (256 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1030.274405] tcrypt: test 18 (256 bit key, 1024 byte blocks): 4960 operations in 1 seconds (5079040 bytes)
[ 1031.282506] tcrypt: test 19 (256 bit key, 1424 byte blocks): 4980 operations in 1 seconds (7091520 bytes)
[ 1032.294641] tcrypt: test 20 (256 bit key, 4096 byte blocks): 4980 operations in 1 seconds (20398080 bytes)
[ 1033.302656] tcrypt: testing speed of async ecb(aes) (ecb-aes-dthev2) decryption
[ 1033.310809] tcrypt: test 0 (128 bit key, 16 byte blocks): 4940 operations in 1 seconds (79040 bytes)
[ 1034.318058] tcrypt: test 1 (128 bit key, 64 byte blocks): 4960 operations in 1 seconds (317440 bytes)
[ 1035.326153] tcrypt: test 2 (128 bit key, 128 byte blocks): 4940 operations in 1 seconds (632320 bytes)
[ 1036.334354] tcrypt: test 3 (128 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1037.342372] tcrypt: test 4 (128 bit key, 1024 byte blocks): 4920 operations in 1 seconds (5038080 bytes)
[ 1038.350475] tcrypt: test 5 (128 bit key, 1424 byte blocks): 4940 operations in 1 seconds (7034560 bytes)
[ 1039.358415] tcrypt: test 6 (128 bit key, 4096 byte blocks): 4940 operations in 1 seconds (20234240 bytes)
[ 1040.366508] tcrypt: test 7 (192 bit key, 16 byte blocks): 4940 operations in 1 seconds (79040 bytes)
[ 1041.374071] tcrypt: test 8 (192 bit key, 64 byte blocks): 4960 operations in 1 seconds (317440 bytes)
[ 1042.382158] tcrypt: test 9 (192 bit key, 128 byte blocks): 4960 operations in 1 seconds (634880 bytes)
[ 1043.390282] tcrypt: test 10 (192 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1044.398466] tcrypt: test 11 (192 bit key, 1024 byte blocks): 4940 operations in 1 seconds (5058560 bytes)
[ 1045.406558] tcrypt: test 12 (192 bit key, 1424 byte blocks): 4940 operations in 1 seconds (7034560 bytes)
[ 1046.414503] tcrypt: test 13 (192 bit key, 4096 byte blocks): 4940 operations in 1 seconds (20234240 bytes)
[ 1047.422793] tcrypt: test 14 (256 bit key, 16 byte blocks): 4960 operations in 1 seconds (79360 bytes)
[ 1048.430409] tcrypt: test 15 (256 bit key, 64 byte blocks): 4960 operations in 1 seconds (317440 bytes)
[ 1049.438295] tcrypt: test 16 (256 bit key, 128 byte blocks): 4940 operations in 1 seconds (632320 bytes)
[ 1050.446313] tcrypt: test 17 (256 bit key, 256 byte blocks): 4940 operations in 1 seconds (1264640 bytes)
[ 1051.454411] tcrypt: test 18 (256 bit key, 1024 byte blocks): 4960 operations in 1 seconds (5079040 bytes)
[ 1052.462508] tcrypt: test 19 (256 bit key, 1424 byte blocks): 4960 operations in 1 seconds (7063040 bytes)
[ 1053.470497] tcrypt: test 20 (256 bit key, 4096 byte blocks): 4960 operations in 1 seconds (20316160 bytes)
...