Linux True Random Number generator driver for Versal Soc.

Introduction

The Versal platform has a True Random Number Generator block as a part of the crypto subsystem. The Linux True Random Number Generator (TRNG) provides a secure and unpredictable entropy source for cryptographic operations and system randomness requirements. The driver can generate the required number of random bytes, which can be used as a key for encryption or decryption operations.

Kernel Configuration

To ensure the driver functions work correctly and can be tested using the crypto package, the following kernel configurations are required.

CONFIG_CRYPTO_USER=y

CONFIG_CRYPTO_USER_API_RNG=y

CONFIG_CRYPTO_DEV_XILINX_TRNG = y)

Patches

0000-cover-letter.patch

0001-dt-bindings-crypto-Add-node-for-True-Random-Number-G.patch

0002-crypto-xilinx-Add-TRNG-driver-for-versal.patch

0003-crypto-drbg-Export-CTR-DRBG-DF-functions.patch

DTB Node

Take the system.dtb from petalinux project(<root>/pre-build/linux/images/)
Covert system.dtb to source file using
dtc -I dtb -O dts -o system.dts system.dtb
Apply the below diff on dts file.
index 11005f4..c399fc1 100644 --- a/system.dts +++ b/system.dts @@ -772,6 +772,11 @@ }; }; }; + trng@f1230000 { + compatible = "xlnx,versal-trng"; + status = "okay"; + reg = <0x00 0xF1230000 0x00 0x10000>; + }; spi@ff040000 { compatible = "cdns,spi-r1p6";
Rebuild the dts using DTC
dtc -I dts -O dtb -o system.dtb system.dts
Copy this dtb to SD/eMMC in case of SD boot.

Note: Make sure that board should be booted with above dtb. Validate trng node is present in dtb or not by using below example.

Example: /proc/device-tree/axi/trng@f1230000/

Required user-space package to test

Get the libkcapi package to test the driver using crypto user space API's.
Refer libkcapi :: Time - The final frontier for more details.
Cross- compiled package tool to test the driver-> libkcapi.tar

Testing using User space application

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_alg.h>

int main(int argc, char *argv[]) {
    int tfmfd, opfd;
    struct sockaddr_alg sa = {
        .salg_family = AF_ALG,
        .salg_type = "rng",  
        .salg_name = "stdrng"   
    };
    char *buffer;
    size_t num_bytes, total_read = 0, chunk_size = 128;
    ssize_t bytes_read;

    // Validate arguments
    if (argc != 2) {
        fprintf(stderr, "Usage: %s <number_of_bytes>\n", argv[0]);
        return EXIT_FAILURE;
    }

    // Parse the number of bytes from command-line argument
    num_bytes = strtoul(argv[1], NULL, 10);
    if (num_bytes == 0) {
        fprintf(stderr, "Error: Number of bytes must be greater than 0.\n");
        return EXIT_FAILURE;
    }

    // Allocate buffer dynamically
    buffer = malloc(num_bytes);
    if (!buffer) {
        perror("Failed to allocate memory");
        return EXIT_FAILURE;
    }

    // Create socket for RNG algorithm
    tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
    if (tfmfd < 0) {
        perror("Failed to create socket");
        free(buffer);
        return EXIT_FAILURE;
    }

    // Bind to default RNG
    if (bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
        perror("Failed to bind socket");
        close(tfmfd);
        free(buffer);
        return EXIT_FAILURE;
    }

    // Accept operational socket
    opfd = accept(tfmfd, NULL, 0);
    if (opfd < 0) {
        perror("Failed to accept operational socket");
        close(tfmfd);
        free(buffer);
        return EXIT_FAILURE;
    }

    // Generate random numbers in chunks
    while (total_read < num_bytes) {
        size_t to_read = (num_bytes - total_read) < chunk_size ? (num_bytes - total_read) : chunk_size;

        bytes_read = read(opfd, buffer + total_read, to_read);
        if (bytes_read < 0) {
            perror("Failed to read random data");
            break;
        }

        total_read += bytes_read;
    }

    if (total_read < num_bytes) {
        fprintf(stderr, "Warning: Only %zd bytes of random data were generated.\n", total_read);
    } else {
        printf("Random data (%zd bytes):\n", total_read);
        for (size_t i = 0; i < total_read; i++) {
            printf("%02x ", (unsigned char)buffer[i]);
            if ((i + 1) % 16 == 0) { // Optional formatting for readability
                printf("\n");
            }
        }
        printf("\n");
    }

    // Clean up
    close(opfd);
    close(tfmfd);
    free(buffer);

    return 0;
}

Build the application using cross-compilation tool chain

/proj/xbuilds/2024.2_daily_latest/installs/lin64/Vitis/HEAD/gnu/aarch64/lin/aarch64-linux/bin/aarch64-linux-gnu-gcc app.c -o app

Usage guidelines

Apply the patches and do the above kernel configurations
Build the driver as an Image or module.
Copy the package and driver module(xilinx-trng.ko) to board and extract the tar file.
./bin/kcapi-rng -b <no.of random bytes> -n xilinx-trng --hex (./bin/kcapi-rng -b 16 -n xilinx-trng --hex)

versal-rootfs-common-20242:~$mkdir -p /scratch/test/ ; cd /scratch/test/
versal-rootfs-common-20242:/scratch/test$ insmod xilinx-trng.ko
versal-rootfs-common-20242:/scratch/test$ tar -xvf libkcapi.tar
versal-rootfs-common-20242:/scratch/test$ export LD_LIBRARY_PATH=/scratch/test/lib/
versal-rootfs-common-20242:/scratch/test$ ./bin/kcapi-rng -b 16 -n xilinx-trng --hex

Sample output results:

versal-rootfs-common-20242:/scratch/test$ ./bin/kcapi-rng -b 32 -n xilinx-trng --hex
1ffbf26ed1ac49f81b677860e60c506c7445d2485faf31346494d7cbf74f616b
versal-rootfs-common-20242:/scratch/test$ ./bin/kcapi-rng -b 51 -n xilinx-trng --hex
4e11540128dbe6d30559c89bf3e0a5dde5a975ec891af0d4978c4a95bb957c84463f39c87afbb8a2e03b43aafc51c21c86e839
versal-rootfs-common-20242:/scratch/test$ ./bin/kcapi-rng -b 16 -n xilinx-trng --hex
aab01fd08d21ab2d8bccbd3543802684

xilinx-vck190-20242:/home/petalinux# ./app 32
Random data (32 bytes):
95 5b 51 c8 7d 19 02 3d ae f8 96 2a 6a ac 04 95 9a 48 f0 b7 e9 b6 ba 88 2c ea 22 3b ba 3d 83 86 
xilinx-vck190-20242:/home/petalinux# ./app 64
Random data (64 bytes):
ee 8c 61 e3 c5 42 71 d0 e0 77 e1 97 df b4 26 ea cf fe 39 be af 97 c3 9d ea fb 49 48 a5 d4 d4 22 fb d8 cf 2d a6 5e 23 9c 73 6d 68 a7 25 de ac ef 70 76 f7 85 1f 17 5a 65 69 ef d5 26 f7 52 22 88 
xilinx-vck190-20242:/home/petalinux# ./app 126
Random data (126 bytes):
bc 9a f3 6a b2 64 6b a3 19 10 b9 a5 18 57 f1 39 c7 e0 fa e7 4d fe 83 0e 71 0a 6c 02 47 78 93 18 07 29 7c b2 82 e1 33 f8 02 0c c7 95 12 1e 20 df 6c 08 47 65 ea 70 83 51 14 78 4e 7f e0 82 76 e3 fc c2 bf 53 2f 8a b0 83 9d 8a 25 c1 d2 6d d8 03 26 31 d7 2c 96 92 b9 8f e0 8e bf 06 5e 4b 90 8b 24 f6 06 27 7b 27 af fc 2c 1b 93 1d 2b a4 f0 7f 2d 6d 9b 8c 67 4b 06 d4 25 36 9f 48 4d 9c 
xilinx-vck190-20242:/home/petalinux# ./app 31
Random data (31 bytes):
f4 05 63 0c ca 26 6c b3 73 80 1a 3a f5 21 17 91 02 fa 82 80 dd 96 88 d6 76 7c da 0d 3c dd 03

Xilinx Wiki

Linux Versal TRNG driver