[Cryptech Tech] Suggested changes to TRNG

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Rob Austein wrote:
>> (1) Having an internal feedback path from the CSPRNG to the mixer?
> 
> No.
> 
>> (2) Having the pseudo entropy provider be exposed to SW to allow
>> writing in your own entropy?
> 
> Yes.

ok...

> I'm all for doing it the clean way.  What would that be? :)

If its just the SW is allowed to write entropy part that is scary, the
easiest thing is to kill the API access during compilation. Basically
placing the logic that decodes the specific address and updates the
entropy source fifo with write_data in an ifdef ALLOW_ENTOPY_WRITES
clause. If not defined, that address will not work and the logic will
not be inside the FPGA.

Sounds ok?

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWC+WfAAoJEF3cfFQkIuyNsQ8QAJq4GwRgydKJ97F0lRK/fgXk
EXk2fMlzOlqxnQzGMVlbNLD2NiMpyZIt2U+4oc/T4kVxa4KhKWJoKKCxv1WhkVIv
AS5W6h6trnx17EunmjnUvHwE7w6cZAZ/ZiRYPyDia6SoEHeeADj8sAucQh+hNxq9
dOCdKKexkvIecBX4DQYYQnrIhnFY4DObzyGk7bY16P1ql2I2nFF+xeoe58vt4KX8
2cCCmsIhvFOR/PnvFL3U+tN6pI0aOTf0f1Xf62yhmLFUxKOnxeOzzlzkYg95GNqD
L1ub5EoCknI01iBhqnjZqJ4NIZQI+nQIJbmAceTmgNVXK9/zejAQ15B+kR6JxMbS
vdwddjLHypYzEj+gXe2Ng9zTsxLPCYWJcd0lGzymwCtzKYjyf3IZ70+Rotv/BQpm
Cc0081zsqqHGTuErwJrVoTvRnuR8qkNYPK9oo67zXhBFIqAN6Ffu/silBz7xeSSk
i8qqBtnvW/X067oYbb4bwqPG1euzoin2XjBpDhEl4qTXpsdgpwDhxztw/TdJdgsE
1huWgpYHwm8ebBVs09iLVWt2Fn18RVcFWrXoVA6B9UrUQxc3cpCKAG3/zsMLVlIx
ys5ysauTRx8fmUj3miBRV3xOc6r59dvHFXPFwKThW1POsJCpbWa7SJgbteXNpqvr
h+kSrPFnxifSNx5by0ab
=sBZJ
-----END PGP SIGNATURE-----