From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9122E456E6; Mon, 29 Jul 2024 21:11:56 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5C5F342795; Mon, 29 Jul 2024 21:11:56 +0200 (CEST) Received: from mail.lysator.liu.se (mail.lysator.liu.se [130.236.254.3]) by mails.dpdk.org (Postfix) with ESMTP id B2F954026F for ; Mon, 29 Jul 2024 21:11:39 +0200 (CEST) Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id A29007638 for ; Mon, 29 Jul 2024 21:11:38 +0200 (CEST) Received: by mail.lysator.liu.se (Postfix, from userid 1004) id 9612475DA; Mon, 29 Jul 2024 21:11:38 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on hermod.lysator.liu.se X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=ALL_TRUSTED,AWL, T_SCC_BODY_TEXT_LINE autolearn=disabled version=4.0.0 X-Spam-Score: -1.3 Received: from [192.168.1.86] (h-62-63-215-114.A163.priv.bahnhof.se [62.63.215.114]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.lysator.liu.se (Postfix) with ESMTPSA id 4B14074ED; Mon, 29 Jul 2024 21:11:35 +0200 (CEST) Message-ID: <9bbb7959-48f1-4416-bdcc-af2403fcac4f@lysator.liu.se> Date: Mon, 29 Jul 2024 21:11:34 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] eal: add support for TRNG with Arm RNG feature To: Wathsala Wathawana Vithanage , Shunzhi Wen , "thomas@monjalon.net" , =?UTF-8?Q?Mattias_R=C3=B6nnblom?= , Ruifeng Wang , Bruce Richardson , Tyler Retzlaff , Min Zhou , David Christensen , Stanislaw Kardach , Konstantin Ananyev Cc: "dev@dpdk.org" , nd , Jack Bond-Preston , Dhruv Tripathi , Honnappa Nagarahalli References: <20240723212703.721050-1-shunzhi.wen@arm.com> <536d1325-ee15-4630-9ae9-00cef9411d34@lysator.liu.se> <2d28f42f-480b-4070-8ba2-1353a742b46d@lysator.liu.se> <5d409e6a-1d61-4d8a-b9ab-8cbcf7838ad0@lysator.liu.se> <298cc5e7-bb47-46a9-a904-c583edff7daa@lysator.liu.se> <7d5f1b04-2711-4732-88a6-006e3f67f294@lysator.liu.se> Content-Language: en-US From: =?UTF-8?Q?Mattias_R=C3=B6nnblom?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On 2024-07-29 20:16, Wathsala Wathawana Vithanage wrote: >> >> Without a rationale why rte_csrand() functionality is something that should be >> in DPDK, and a rationale why the ARM CPU CSRNG is superior to getentropy(), >> it doesn't really matter how the patch set looks like. >> >> I've repeatedly asked for this information, and you've repeatedly ignored it. >> This does not further your cause. >> > > I don't want to get into a debate on what's more superior because DPDK already have similar > Setups, take OpenSSL and Marvell's security accelerator for instance. Rationale is simple it boils > down to freedom of choice. > > I have been reiterating that I'm ready to make Kernel getrandom() the default in rte_csrand() > and HW RNG (not limited Arm) a build time option along with your other demands for various > optimizations. Having a build time option to enable HW CSRNG doesn't hinder your freedom to > choose a CSRNG implementation of your linking. > Neither you nor I are in a place to decide what's right for others; the best we can do is to > collaborate on providing them with options. Leave the decision to users, application developers, > and integrators. > > I believe that the coexistence of support for OpenSSL and other HW security accelerators in > DPDK already establishes rationale and precedent. > > I feel no obligation to offer (potentially relatively uninformed) DPDK users with options which I suspect have no benefits, only drawbacks. In the x86_64 HW RNG case, I think it's fair to say we *know* it's bad idea to use it as a high-performance CSRNG. In the ARM case, you choose to leave us in the dark, so I can only assume it looks similar there. The typical networking SoC's crypto-related hardware offload can pretty much always demonstrate benefits.