nRF54L: Add new entropy driver based on the CRACEN HW #83972
Conversation
|
The following west manifest projects have changed revision in this Pull Request:
⛔ DNM label due to: 1 project with PR revision Note: This message is automatically posted and updated by the Manifest GitHub Action. |
zephyrbot
added
manifest
manifest-hal_nordic
manifest-nrf_hw_models
DNM
aescolar
force-pushed
the
cracen_rng
branch
3 times, most recently
from
e3b2096 to
74e9b52
Compare
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| description: | | ||
| Nordic nRF54L CRACEN CTR DRBG based (Random Number Generator) |
There was a problem hiding this comment.
| Nordic nRF54L CRACEN CTR DRBG based (Random Number Generator) | |
| Nordic nRF54L CRACEN CTR_DRBG based (Random Number Generator) |
CTR_DRBG is the correct naming convention according to NIST SP800-90A
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| config ENTROPY_NRF54LCRACEN_CTRDRBG | ||
| bool "nRF54L entropy driver based on the CRACEN CTR DRBG driver" |
There was a problem hiding this comment.
| bool "nRF54L entropy driver based on the CRACEN CTR DRBG driver" | |
| bool "nRF54L entropy driver based on the CRACEN CTR_DRBG driver" |
CTR_DRBG is the correct naming convention according to NIST SP800-90A
There was a problem hiding this comment.
I guess all CTRDRBG and ctrdrbg be CTR_DRBG and ctr_drbg, too?
There was a problem hiding this comment.
AFAIK we cannot have "_" in DTS names. Anyhow, the name is long enough, so I hope it is ok without it there :)
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| config ENTROPY_NRF54LCRACEN_CTRDRBG | ||
| bool "nRF54L entropy driver based on the CRACEN CTR DRBG driver" |
There was a problem hiding this comment.
I guess all CTRDRBG and ctrdrbg be CTR_DRBG and ctr_drbg, too?
aescolar
force-pushed
the
cracen_rng
branch
2 times, most recently
from
4725e07 to
9467542
Compare
zephyrbot
added
area: Bluetooth Controller
platform: nRF
zephyrbot
requested review from
carlescufi,
ceolin,
hubertmis,
jaz1-nordic,
kl-cruz,
magp-nordic,
masz-nordic and
nika-nordic
|
At Gardena, @cmair will test this PR using an internal prototype. Since he is not (yet?) part of the Zephyr organization, he will give feedback himself, but I'll approve the PR in his name. |
Update with the latest nordic hal Signed-off-by: Alberto Escolar Piedras <[email protected]>
Update the HW models module to: 1069743a7fc06362e8f8d7f57225b8c7940da9f0 Including the following: 1069743 Fix in cracen hal conditional compile condition 3bbd3bd Enable build of hal/nrf_cracen_*.c 506da1f hal cracen_cm: Add const to prototype b02d927 BLECrypt_if: For new aes_ecb scramble data if no libCrypto e41f101 RRAMC nrf hal: Add replacements for new incoming RRAM APIs 4e933cf UART: Do not warn on invalid/unconfigured framesize 716b20c hal cracen_cm: Add replacements for new cracen_cm hal fc597a4 CRACEN: Add CryptoMaster & CM AES (ECB only) 129f16c CRACEN RNG HAL: Remove senseless static inline Signed-off-by: Alberto Escolar Piedras <[email protected]>
Update the HW models to the provisional branch zephyr_2025_01_14 which enables the use the not yet released CRACEN RNG & CM HAL Signed-off-by: Alberto Escolar Piedras <[email protected]>
Add support for the new nrf hal CRACEN CTR DRBG driver including a new kconfig option to enable it. Signed-off-by: Alberto Escolar Piedras <[email protected]>
Add a new entropy driver based on the nrf HAL CRACEN CTR DRBG driver Signed-off-by: Alberto Escolar Piedras <[email protected]>
Let's default to this new driver. And therefore change the conditions in the BT controller kconfig which were selecting the native_posix fake entropy driver Signed-off-by: Alberto Escolar Piedras <[email protected]> (f) boards nrf54l15bsim: Default to new cracen rng driver
Switch the default entropy driver for 54L05/10/15 devices to the new CRACEN based one. Signed-off-by: Alberto Escolar Piedras <[email protected]>
Use the new entropy driver for 54L devices and therefore claim BT_CTLR_ENTROPY_SUPPORT is always supported (note 54H remains unsuported) Signed-off-by: Alberto Escolar Piedras <[email protected]>
| @@ -25,6 +25,10 @@ config NRFX_COMP | |||
| bool "COMP driver" | |||
| depends on $(dt_has_compat,$(DT_COMPAT_NORDIC_NRF_COMP)) | |||
|
|
|||
| config NRFX_CRACEN | |||
| bool "CRACEN drivers" | |||
| depends on SOC_COMPATIBLE_NRF54LX | |||
There was a problem hiding this comment.
There is no device tree node today for cracen itself. I could create one, but it really is just extra steps.
| This driver is only compatible with 54L devices, and may only be used from one processor | ||
| core. This driver cannot be used in conjunction with the nRF security PSA solution, as both | ||
| would attempt to use the CRACEN HW exclusively; When that is enabled, zephyr,psa-crypto-rng | ||
| should be selected instead. |
There was a problem hiding this comment.
Not sure if driver constraints should be included in binding description.
Perhaps it would be better to note that this node is used to describe a subset of CRACEN resources, ie. CRACEN TRNG and CryptoMaster.
There was a problem hiding this comment.
Perhaps it would be better to note that this node is used to describe a subset of CRACEN resources, ie. CRACEN TRNG and CryptoMaster.
This binding is used to describe the CTR_DRBG itself. Not the TRNG or Cryptomaster.
| would attempt to use the CRACEN HW exclusively; When that is enabled, zephyr,psa-crypto-rng | ||
| should be selected instead. | ||
|
|
||
| compatible: "nordic,nrf54lcracen-ctrdrbg" |
There was a problem hiding this comment.
| compatible: "nordic,nrf54lcracen-ctrdrbg" | |
| compatible: "nordic,cracen-ctrdrbg" |
There was a problem hiding this comment.
Should be renamed to drivers/entropy/entropy_nrfx_cracen.c and namespaces aligned.
| bool "nRF54L entropy driver based on the CRACEN CTR_DRBG driver" | ||
| default y | ||
| depends on DT_HAS_NORDIC_NRF54LCRACEN_CTRDRBG_ENABLED | ||
| depends on SOC_COMPATIBLE_NRF54LX |
There was a problem hiding this comment.
| depends on SOC_COMPATIBLE_NRF54LX |
Add new entropy driver based on the CRACEN HW, and the incoming (in a PR) CRACEN CTR DRBG driver.
It also pulls new HW models to be able to use it and test it in simulation.
Note: The PR points the nRF HW models to a branch where the new HAL is forcefully enabled (ahead of its release).