cr50: add TRNG testing mode with TRNG restartstabilize-rust-14225.B-cr50_stab

NIST statistical tests for TRNG entropy requires to compare entropy
in regular mode (continuous readings) with entropy after TRNG restarts.

Added support for TRNG restart before reading entropy and updated script
to drive tests.

BUG=b:138577834
TEST=test/nist_entropy.sh

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Idc46191be05e8275730726f6debb8007ca361bc6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3165883
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: William Wesson <wesson@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>

3 files changed, 21 insertions, 3 deletions

diff --git a/board/cr50/dcrypto/trng.c b/board/cr50/dcrypto/trng.c
index ce49527472..5745ec308f 100644
--- a/board/cr50/dcrypto/trng.c
+++ b/board/cr50/dcrypto/trng.c
@@ -154,6 +154,7 @@ uint64_t read_rand(void)
 #include "console.h"
 #include "endian.h"
 #include "extension.h"
+#include "timer.h"
 #include "watchdog.h"
 
 #if CRYPTO_TEST_CMD_RAND
@@ -291,6 +292,7 @@ static bool raw_rand_bytes(void *buffer, size_t len)
  * =========================================================================
  * text_len  |    2     | the number of random bytes to generate, big endian
  * type      |    1     | 0 - TRNG, 1 = FIPS TRNG, 2 = FIPS DRBG
+ *           |          | 3 - TRNG after restart
  *           |          | other values reserved for extensions
  */
 static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf,
@@ -314,6 +316,13 @@ static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf,
 	}
 
 	switch (op_type) {
+	case 3:
+		/* Power down LDO, wait 1ms, power up. */
+		GWRITE(TRNG, POWER_DOWN_B, 0);
+		udelay(1000);
+		GWRITE(TRNG, POWER_DOWN_B, 1);
+		GWRITE(TRNG, GO_EVENT, 1);
+		/* Fall through */
 	case 0:
 		if (!raw_rand_bytes(buf, text_len))
 			return VENDOR_RC_INTERNAL_ERROR;
diff --git a/test/tpm_test/nist_entropy.sh b/test/tpm_test/nist_entropy.sh
index 5344a49890..b25bd884bf 100755
--- a/test/tpm_test/nist_entropy.sh
+++ b/test/tpm_test/nist_entropy.sh
@@ -8,6 +8,7 @@ set -e
 TMP_PATH="/tmp/ea"
 NIST_URL="https://github.com/usnistgov/SP800-90B_EntropyAssessment.git"
 TRNG_OUT="${TMP_PATH}/trng_output"
+TRNG_OUT_RESTART="${TMP_PATH}/trng_output_restart"
 EA_LOG="ea_non_iid.log"
 rm -rf "${TMP_PATH}"
 git clone --depth 1 "${NIST_URL}" "${TMP_PATH}"
@@ -21,11 +22,19 @@ if [[ ! -f "${TRNG_OUT}" ]]; then
     echo "${TRNG_OUT} does not exist"
     exit 1
 fi
+# -t3 use TRNG with restarts
+./tpmtest.py -t3 -o "${TRNG_OUT_RESTART}"
+if [[ ! -f "${TRNG_OUT_RESTART}" ]]; then
+    echo "${TRNG_OUT_RESTART} does not exist"
+    exit 1
+fi
+
 rm -f "${EA_LOG}"
-"${TMP_PATH}/cpp/ea_non_iid" -a "${TRNG_OUT}" | tee "${EA_LOG}"
+"${TMP_PATH}/cpp/ea_non_iid" -v -a "${TRNG_OUT}" | tee "${EA_LOG}"
 entropy="$(awk '/min/ {print $5}' "${EA_LOG}")"
 if [[ -z "${entropy}" ]]; then
     entropy="$(awk '/H_original/ {print $2}' "${EA_LOG}")"
 fi
 echo "Minimal entropy ${entropy}"
-"${TMP_PATH}/cpp/ea_restart" "${TRNG_OUT}" "${entropy}" | tee -a "${EA_LOG}"
+"${TMP_PATH}/cpp/ea_restart" -v "${TRNG_OUT_RESTART}" \
+    "${entropy}" | tee -a "${EA_LOG}"
diff --git a/test/tpm_test/trng_test.py b/test/tpm_test/trng_test.py
index bdf0477a32..38aabc7c13 100644
--- a/test/tpm_test/trng_test.py
+++ b/test/tpm_test/trng_test.py
@@ -69,7 +69,7 @@ def trng_test(tpm, trng_output, trng_mode, tsb=1):
         subcmd.TpmTestError: on unexpected target responses
     """
 
-    if trng_mode not in [0, 1, 2]:
+    if trng_mode not in [0, 1, 2, 3]:
         raise subcmd.TpmTestError('Unknown random source: %d' % trng_mode)
 
     # minimal recommended by NIST is 1000 samples per block