[PATCH v2] crypto: atmel-sha204a - drop hwrng quality reduction for ATSHA204A
Marek Behún
kabel at kernel.org
Tue Apr 28 06:24:48 PDT 2026
Hi Thorsten,
Bill also wrote about ATSHA204A [1]
My best guess as to what's going on here is that the device has a
ring-oscillator based entropy source, but that it generates only a few bits
of entropy for each use. It seems to be called before generating each
32-byte "random" value, which is why the second set of 32-bit values have
more possible values, and the 3rd has even more. However, the number of
unique values in the final column of 32*N byte values is always equal to
the number of unique values of the entire string of bytes.
If this is true that the device generates <256 true random bits and then
mixes in non-volatile pseudorandom number generator to produce 256 bits,
then the quality should not be set to full 1024.
Marek
[1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html
On Tue, Apr 28, 2026 at 02:32:52PM +0200, Thorsten Blum wrote:
>
> Bill wrote in his review:
>
> "If I made no mistake (and I do make a lot), the "random" data from
> the Atmel ATSHA204A is highly predictable when you disable the seed
> update to EEPROM."
>
> However, the atmel-sha204a driver doesn't operate the device in that
> mode. It uses the Random command with seed updates enabled, which is
> also what the datasheet recommends for highest security:
>
> "Microchip recommends that the EEPROM seed always be updated."
>
> So the reported behavior doesn't reflect how the driver uses the device.
>
> Thanks,
> Thorsten
More information about the linux-arm-kernel
mailing list