1 /*
2  * Copyright (c) 2017 Erwin Rol <erwin@erwinrol.com>
3  * Copyright (c) 2018 Nordic Semiconductor ASA
4  * Copyright (c) 2017 Exati Tecnologia Ltda.
5  * Copyright (c) 2020 STMicroelectronics.
6  *
7  * SPDX-License-Identifier: Apache-2.0
8  */
9 
10 #define DT_DRV_COMPAT st_stm32_rng
11 
12 #include <zephyr/kernel.h>
13 #include <zephyr/device.h>
14 #include <zephyr/drivers/entropy.h>
15 #include <zephyr/random/random.h>
16 #include <zephyr/init.h>
17 #include <zephyr/sys/__assert.h>
18 #include <zephyr/sys/util.h>
19 #include <errno.h>
20 #include <soc.h>
21 #include <zephyr/pm/policy.h>
22 #include <stm32_ll_bus.h>
23 #include <stm32_ll_rcc.h>
24 #include <stm32_ll_rng.h>
25 #include <stm32_ll_pka.h>
26 #include <stm32_ll_system.h>
27 #include <zephyr/sys/printk.h>
28 #include <zephyr/pm/device.h>
29 #include <zephyr/drivers/clock_control.h>
30 #include <zephyr/drivers/clock_control/stm32_clock_control.h>
31 #include <zephyr/irq.h>
32 #include <zephyr/sys/barrier.h>
33 #include "stm32_hsem.h"
34 
35 #define IRQN		DT_INST_IRQN(0)
36 #define IRQ_PRIO	DT_INST_IRQ(0, priority)
37 
38 #if defined(RNG_CR_CONDRST)
39 #define STM32_CONDRST_SUPPORT
40 #endif
41 
42 /*
43  * This driver need to take into account all STM32 family:
44  *  - simple rng without hardware fifo and no DMA.
45  *  - Variable delay between two consecutive random numbers
46  *    (depending on family and clock settings)
47  *
48  *
49  * Due to the first byte in a stream of bytes being more costly on
50  * some platforms a "water system" inspired algorithm is used to
51  * amortize the cost of the first byte.
52  *
53  * The algorithm will delay generation of entropy until the amount of
54  * bytes goes below THRESHOLD, at which point it will generate entropy
55  * until the BUF_LEN limit is reached.
56  *
57  * The entropy level is checked at the end of every consumption of
58  * entropy.
59  *
60  */
61 
62 struct rng_pool {
63 	uint8_t first_alloc;
64 	uint8_t first_read;
65 	uint8_t last;
66 	uint8_t mask;
67 	uint8_t threshold;
68 	FLEXIBLE_ARRAY_DECLARE(uint8_t, buffer);
69 };
70 
71 #define RNG_POOL_DEFINE(name, len) uint8_t name[sizeof(struct rng_pool) + (len)]
72 
73 BUILD_ASSERT((CONFIG_ENTROPY_STM32_ISR_POOL_SIZE &
74 	      (CONFIG_ENTROPY_STM32_ISR_POOL_SIZE - 1)) == 0,
75 	     "The CONFIG_ENTROPY_STM32_ISR_POOL_SIZE must be a power of 2!");
76 
77 BUILD_ASSERT((CONFIG_ENTROPY_STM32_THR_POOL_SIZE &
78 	      (CONFIG_ENTROPY_STM32_THR_POOL_SIZE - 1)) == 0,
79 	     "The CONFIG_ENTROPY_STM32_THR_POOL_SIZE must be a power of 2!");
80 
81 struct entropy_stm32_rng_dev_cfg {
82 	struct stm32_pclken *pclken;
83 };
84 
85 struct entropy_stm32_rng_dev_data {
86 	RNG_TypeDef *rng;
87 	const struct device *clock;
88 	struct k_sem sem_lock;
89 	struct k_sem sem_sync;
90 	struct k_work filling_work;
91 	bool filling_pools;
92 
93 	RNG_POOL_DEFINE(isr, CONFIG_ENTROPY_STM32_ISR_POOL_SIZE);
94 	RNG_POOL_DEFINE(thr, CONFIG_ENTROPY_STM32_THR_POOL_SIZE);
95 };
96 
97 static struct stm32_pclken pclken_rng[] = STM32_DT_INST_CLOCKS(0);
98 
99 static struct entropy_stm32_rng_dev_cfg entropy_stm32_rng_config = {
100 	.pclken	= pclken_rng
101 };
102 
103 static struct entropy_stm32_rng_dev_data entropy_stm32_rng_data = {
104 	.rng = (RNG_TypeDef *)DT_INST_REG_ADDR(0),
105 };
106 
entropy_stm32_suspend(void)107 static int entropy_stm32_suspend(void)
108 {
109 	const struct device *dev = DEVICE_DT_GET(DT_DRV_INST(0));
110 	struct entropy_stm32_rng_dev_data *dev_data = dev->data;
111 	const struct entropy_stm32_rng_dev_cfg *dev_cfg = dev->config;
112 	RNG_TypeDef *rng = dev_data->rng;
113 	int res;
114 
115 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
116 	/* Prevent concurrent access with PM */
117 	z_stm32_hsem_lock(CFG_HW_RNG_SEMID, HSEM_LOCK_WAIT_FOREVER);
118 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
119 	LL_RNG_Disable(rng);
120 
121 #ifdef CONFIG_SOC_SERIES_STM32WBAX
122 	uint32_t wait_cycles, rng_rate;
123 
124 	if (LL_PKA_IsEnabled(PKA)) {
125 		return 0;
126 	}
127 
128 	if (clock_control_get_rate(dev_data->clock,
129 			(clock_control_subsys_t) &dev_cfg->pclken[0],
130 			&rng_rate) < 0) {
131 		return -EIO;
132 	}
133 
134 	wait_cycles = SystemCoreClock / rng_rate * 2;
135 
136 	for (int i = wait_cycles; i >= 0; i--) {
137 	}
138 #endif /* CONFIG_SOC_SERIES_STM32WBAX */
139 
140 	res = clock_control_off(dev_data->clock,
141 			(clock_control_subsys_t)&dev_cfg->pclken[0]);
142 
143 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
144 	z_stm32_hsem_unlock(CFG_HW_RNG_SEMID);
145 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
146 
147 	return res;
148 }
149 
entropy_stm32_resume(void)150 static int entropy_stm32_resume(void)
151 {
152 	const struct device *dev = DEVICE_DT_GET(DT_DRV_INST(0));
153 	struct entropy_stm32_rng_dev_data *dev_data = dev->data;
154 	const struct entropy_stm32_rng_dev_cfg *dev_cfg = dev->config;
155 	RNG_TypeDef *rng = dev_data->rng;
156 	int res;
157 
158 	res = clock_control_on(dev_data->clock,
159 			(clock_control_subsys_t)&dev_cfg->pclken[0]);
160 	LL_RNG_Enable(rng);
161 	LL_RNG_EnableIT(rng);
162 
163 	return res;
164 }
165 
configure_rng(void)166 static void configure_rng(void)
167 {
168 	RNG_TypeDef *rng = entropy_stm32_rng_data.rng;
169 
170 #ifdef STM32_CONDRST_SUPPORT
171 	uint32_t desired_nist_cfg = DT_INST_PROP_OR(0, nist_config, 0U);
172 	uint32_t desired_htcr = DT_INST_PROP_OR(0, health_test_config, 0U);
173 	uint32_t cur_nist_cfg = 0U;
174 	uint32_t cur_htcr = 0U;
175 
176 #if DT_INST_NODE_HAS_PROP(0, nist_config)
177 	/*
178 	 * Configure the RNG_CR in compliance with the NIST SP800.
179 	 * The nist-config is direclty copied from the DTS.
180 	 * The RNG clock must be 48MHz else the clock DIV is not adpated.
181 	 * The RNG_CR_CONDRST is set to 1 at the same time the RNG_CR is written
182 	 */
183 	cur_nist_cfg = READ_BIT(rng->CR,
184 				(RNG_CR_NISTC | RNG_CR_CLKDIV | RNG_CR_RNG_CONFIG1 |
185 				RNG_CR_RNG_CONFIG2 | RNG_CR_RNG_CONFIG3
186 #if defined(RNG_CR_ARDIS)
187 				| RNG_CR_ARDIS
188 	/* For STM32U5 series, the ARDIS bit7 is considered in the nist-config */
189 #endif /* RNG_CR_ARDIS */
190 			));
191 #endif /* nist_config */
192 
193 #if DT_INST_NODE_HAS_PROP(0, health_test_config)
194 	cur_htcr = LL_RNG_GetHealthConfig(rng);
195 #endif /* health_test_config */
196 
197 	if (cur_nist_cfg != desired_nist_cfg || cur_htcr != desired_htcr) {
198 		MODIFY_REG(rng->CR, cur_nist_cfg, (desired_nist_cfg | RNG_CR_CONDRST));
199 
200 #if DT_INST_NODE_HAS_PROP(0, health_test_config)
201 #if DT_INST_NODE_HAS_PROP(0, health_test_magic)
202 		LL_RNG_SetHealthConfig(rng, DT_INST_PROP(0, health_test_magic));
203 #endif /* health_test_magic */
204 		LL_RNG_SetHealthConfig(rng, desired_htcr);
205 #endif /* health_test_config */
206 
207 		LL_RNG_DisableCondReset(rng);
208 		/* Wait for conditioning reset process to be completed */
209 		while (LL_RNG_IsEnabledCondReset(rng) == 1) {
210 		}
211 	}
212 #endif /* STM32_CONDRST_SUPPORT */
213 
214 	LL_RNG_Enable(rng);
215 	LL_RNG_EnableIT(rng);
216 }
217 
acquire_rng(void)218 static void acquire_rng(void)
219 {
220 	entropy_stm32_resume();
221 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
222 	/* Lock the RNG to prevent concurrent access */
223 	z_stm32_hsem_lock(CFG_HW_RNG_SEMID, HSEM_LOCK_WAIT_FOREVER);
224 	/* RNG configuration could have been changed by the other core */
225 	configure_rng();
226 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
227 }
228 
release_rng(void)229 static void release_rng(void)
230 {
231 	entropy_stm32_suspend();
232 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
233 	z_stm32_hsem_unlock(CFG_HW_RNG_SEMID);
234 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
235 }
236 
entropy_stm32_got_error(RNG_TypeDef * rng)237 static int entropy_stm32_got_error(RNG_TypeDef *rng)
238 {
239 	__ASSERT_NO_MSG(rng != NULL);
240 
241 	if (LL_RNG_IsActiveFlag_CECS(rng)) {
242 		return 1;
243 	}
244 
245 	if (LL_RNG_IsActiveFlag_SEIS(rng)) {
246 		return 1;
247 	}
248 
249 	return 0;
250 }
251 
252 #if defined(STM32_CONDRST_SUPPORT)
253 /* SOCS w/ soft-reset support: execute the reset */
recover_seed_error(RNG_TypeDef * rng)254 static int recover_seed_error(RNG_TypeDef *rng)
255 {
256 	uint32_t count_timeout = 0;
257 
258 	LL_RNG_EnableCondReset(rng);
259 	LL_RNG_DisableCondReset(rng);
260 	/* When reset process is done cond reset bit is read 0
261 	 * This typically takes: 2 AHB clock cycles + 2 RNG clock cycles.
262 	 */
263 
264 	while (LL_RNG_IsEnabledCondReset(rng) ||
265 		LL_RNG_IsActiveFlag_SEIS(rng) ||
266 		LL_RNG_IsActiveFlag_SECS(rng)) {
267 		count_timeout++;
268 		if (count_timeout == 10) {
269 			return -ETIMEDOUT;
270 		}
271 	}
272 
273 	return 0;
274 }
275 
276 #else /* !STM32_CONDRST_SUPPORT */
277 /* SOCS w/o soft-reset support: flush pipeline */
recover_seed_error(RNG_TypeDef * rng)278 static int recover_seed_error(RNG_TypeDef *rng)
279 {
280 	LL_RNG_ClearFlag_SEIS(rng);
281 
282 	for (int i = 0; i < 12; ++i) {
283 		LL_RNG_ReadRandData32(rng);
284 	}
285 
286 	if (LL_RNG_IsActiveFlag_SEIS(rng) != 0) {
287 		return -EIO;
288 	}
289 
290 	return 0;
291 }
292 #endif /* !STM32_CONDRST_SUPPORT */
293 
random_byte_get(void)294 static int random_byte_get(void)
295 {
296 	int retval = -EAGAIN;
297 	unsigned int key;
298 	RNG_TypeDef *rng = entropy_stm32_rng_data.rng;
299 
300 	key = irq_lock();
301 
302 	if (IS_ENABLED(CONFIG_ENTROPY_STM32_CLK_CHECK) && !k_is_pre_kernel()) {
303 		/* CECS bit signals that a clock configuration issue is detected,
304 		 * which may lead to generation of non truly random data.
305 		 */
306 		__ASSERT(LL_RNG_IsActiveFlag_CECS(rng) == 0,
307 			 "CECS = 1: RNG domain clock is too slow.\n"
308 			 "\tSee ref man and update target clock configuration.");
309 	}
310 
311 	if (LL_RNG_IsActiveFlag_SEIS(rng) && (recover_seed_error(rng) < 0)) {
312 		retval = -EIO;
313 		goto out;
314 	}
315 
316 	if ((LL_RNG_IsActiveFlag_DRDY(rng) == 1)) {
317 		if (entropy_stm32_got_error(rng)) {
318 			retval = -EIO;
319 			goto out;
320 		}
321 
322 		retval = LL_RNG_ReadRandData32(rng);
323 		if (retval == 0) {
324 			/* A seed error could have occurred between RNG_SR
325 			 * polling and RND_DR output reading.
326 			 */
327 			retval = -EAGAIN;
328 			goto out;
329 		}
330 
331 		retval &= 0xFF;
332 	}
333 
334 out:
335 
336 	irq_unlock(key);
337 
338 	return retval;
339 }
340 
generate_from_isr(uint8_t * buf,uint16_t len)341 static uint16_t generate_from_isr(uint8_t *buf, uint16_t len)
342 {
343 	uint16_t remaining_len = len;
344 
345 	__ASSERT_NO_MSG(!irq_is_enabled(IRQN));
346 
347 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
348 	__ASSERT_NO_MSG(z_stm32_hsem_is_owned(CFG_HW_RNG_SEMID));
349 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
350 
351 	/* do not proceed if a Seed error occurred */
352 	if (LL_RNG_IsActiveFlag_SECS(entropy_stm32_rng_data.rng) ||
353 		LL_RNG_IsActiveFlag_SEIS(entropy_stm32_rng_data.rng)) {
354 
355 		(void)random_byte_get(); /* this will recover the error */
356 
357 		return 0; /* return cnt is null : no random data available */
358 	}
359 
360 	/* Clear NVIC pending bit. This ensures that a subsequent
361 	 * RNG event will set the Cortex-M single-bit event register
362 	 * to 1 (the bit is set when NVIC pending IRQ status is
363 	 * changed from 0 to 1)
364 	 */
365 	NVIC_ClearPendingIRQ(IRQN);
366 
367 	do {
368 		int byte;
369 
370 		while (LL_RNG_IsActiveFlag_DRDY(
371 				entropy_stm32_rng_data.rng) != 1) {
372 			/*
373 			 * To guarantee waking up from the event, the
374 			 * SEV-On-Pend feature must be enabled (enabled
375 			 * during ARCH initialization).
376 			 *
377 			 * DSB is recommended by spec before WFE (to
378 			 * guarantee completion of memory transactions)
379 			 */
380 			barrier_dsync_fence_full();
381 			__WFE();
382 			__SEV();
383 			__WFE();
384 		}
385 
386 		byte = random_byte_get();
387 		NVIC_ClearPendingIRQ(IRQN);
388 
389 		if (byte < 0) {
390 			continue;
391 		}
392 
393 		buf[--remaining_len] = byte;
394 	} while (remaining_len);
395 
396 	return len;
397 }
398 
start_pool_filling(bool wait)399 static int start_pool_filling(bool wait)
400 {
401 	unsigned int key;
402 	bool already_filling;
403 
404 	key = irq_lock();
405 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
406 	/* In non-blocking mode, return immediately if the RNG is not available */
407 	if (!wait && z_stm32_hsem_try_lock(CFG_HW_RNG_SEMID) != 0) {
408 		irq_unlock(key);
409 		return -EAGAIN;
410 	}
411 #else
412 	ARG_UNUSED(wait);
413 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
414 
415 	already_filling = entropy_stm32_rng_data.filling_pools;
416 	entropy_stm32_rng_data.filling_pools = true;
417 	irq_unlock(key);
418 
419 	if (unlikely(already_filling)) {
420 		return 0;
421 	}
422 
423 	/* Prevent the clocks to be stopped during the duration the rng pool is
424 	 * being populated. The ISR will release the constraint again when the
425 	 * rng pool is filled.
426 	 */
427 	pm_policy_state_lock_get(PM_STATE_SUSPEND_TO_IDLE, PM_ALL_SUBSTATES);
428 	if (IS_ENABLED(CONFIG_PM_S2RAM)) {
429 		pm_policy_state_lock_get(PM_STATE_SUSPEND_TO_RAM, PM_ALL_SUBSTATES);
430 	}
431 
432 	acquire_rng();
433 	irq_enable(IRQN);
434 
435 	return 0;
436 }
437 
pool_filling_work_handler(struct k_work * work)438 static void pool_filling_work_handler(struct k_work *work)
439 {
440 	if (start_pool_filling(false) != 0) {
441 		/* RNG could not be acquired, try again */
442 		k_work_submit(work);
443 	}
444 }
445 
rng_pool_get(struct rng_pool * rngp,uint8_t * buf,uint16_t len)446 static uint16_t rng_pool_get(struct rng_pool *rngp, uint8_t *buf,
447 	uint16_t len)
448 {
449 	uint32_t last  = rngp->last;
450 	uint32_t mask  = rngp->mask;
451 	uint8_t *dst   = buf;
452 	uint32_t first, available;
453 	uint32_t other_read_in_progress;
454 	unsigned int key;
455 
456 	key = irq_lock();
457 	first = rngp->first_alloc;
458 
459 	/*
460 	 * The other_read_in_progress is non-zero if rngp->first_read != first,
461 	 * which means that lower-priority code (which was interrupted by this
462 	 * call) already allocated area for read.
463 	 */
464 	other_read_in_progress = (rngp->first_read ^ first);
465 
466 	available = (last - first) & mask;
467 	if (available < len) {
468 		len = available;
469 	}
470 
471 	/*
472 	 * Move alloc index forward to signal, that part of the buffer is
473 	 * now reserved for this call.
474 	 */
475 	rngp->first_alloc = (first + len) & mask;
476 	irq_unlock(key);
477 
478 	while (likely(len--)) {
479 		*dst++ = rngp->buffer[first];
480 		first = (first + 1) & mask;
481 	}
482 
483 	/*
484 	 * If this call is the last one accessing the pool, move read index
485 	 * to signal that all allocated regions are now read and could be
486 	 * overwritten.
487 	 */
488 	if (likely(!other_read_in_progress)) {
489 		key = irq_lock();
490 		rngp->first_read = rngp->first_alloc;
491 		irq_unlock(key);
492 	}
493 
494 	len = dst - buf;
495 	available = available - len;
496 	if (available <= rngp->threshold) {
497 		/*
498 		 * Avoid starting pool filling from ISR as it might require
499 		 * blocking if RNG is not available and a race condition could
500 		 * also occur if this ISR has interrupted the RNG ISR.
501 		 */
502 		if (k_is_in_isr()) {
503 			k_work_submit(&entropy_stm32_rng_data.filling_work);
504 		} else {
505 			start_pool_filling(true);
506 		}
507 	}
508 
509 	return len;
510 }
511 
rng_pool_put(struct rng_pool * rngp,uint8_t byte)512 static int rng_pool_put(struct rng_pool *rngp, uint8_t byte)
513 {
514 	uint8_t first = rngp->first_read;
515 	uint8_t last  = rngp->last;
516 	uint8_t mask  = rngp->mask;
517 
518 	/* Signal error if the pool is full. */
519 	if (((last - first) & mask) == mask) {
520 		return -ENOBUFS;
521 	}
522 
523 	rngp->buffer[last] = byte;
524 	rngp->last = (last + 1) & mask;
525 
526 	return 0;
527 }
528 
rng_pool_init(struct rng_pool * rngp,uint16_t size,uint8_t threshold)529 static void rng_pool_init(struct rng_pool *rngp, uint16_t size,
530 			uint8_t threshold)
531 {
532 	rngp->first_alloc = 0U;
533 	rngp->first_read  = 0U;
534 	rngp->last	  = 0U;
535 	rngp->mask	  = size - 1;
536 	rngp->threshold	  = threshold;
537 }
538 
stm32_rng_isr(const void * arg)539 static void stm32_rng_isr(const void *arg)
540 {
541 	int byte, ret;
542 
543 	ARG_UNUSED(arg);
544 
545 	byte = random_byte_get();
546 	if (byte < 0) {
547 		return;
548 	}
549 
550 	ret = rng_pool_put((struct rng_pool *)(entropy_stm32_rng_data.isr),
551 				byte);
552 	if (ret < 0) {
553 		ret = rng_pool_put(
554 				(struct rng_pool *)(entropy_stm32_rng_data.thr),
555 				byte);
556 		if (ret < 0) {
557 			irq_disable(IRQN);
558 			release_rng();
559 			pm_policy_state_lock_put(PM_STATE_SUSPEND_TO_IDLE, PM_ALL_SUBSTATES);
560 			if (IS_ENABLED(CONFIG_PM_S2RAM)) {
561 				pm_policy_state_lock_put(PM_STATE_SUSPEND_TO_RAM, PM_ALL_SUBSTATES);
562 			}
563 			entropy_stm32_rng_data.filling_pools = false;
564 		}
565 
566 		k_sem_give(&entropy_stm32_rng_data.sem_sync);
567 	}
568 }
569 
entropy_stm32_rng_get_entropy(const struct device * dev,uint8_t * buf,uint16_t len)570 static int entropy_stm32_rng_get_entropy(const struct device *dev,
571 					 uint8_t *buf,
572 					 uint16_t len)
573 {
574 	/* Check if this API is called on correct driver instance. */
575 	__ASSERT_NO_MSG(&entropy_stm32_rng_data == dev->data);
576 
577 	while (len) {
578 		uint16_t bytes;
579 
580 		k_sem_take(&entropy_stm32_rng_data.sem_lock, K_FOREVER);
581 		bytes = rng_pool_get(
582 				(struct rng_pool *)(entropy_stm32_rng_data.thr),
583 				buf, len);
584 
585 		if (bytes == 0U) {
586 			/* Pool is empty: Sleep until next interrupt. */
587 			k_sem_take(&entropy_stm32_rng_data.sem_sync, K_FOREVER);
588 		}
589 
590 		k_sem_give(&entropy_stm32_rng_data.sem_lock);
591 
592 		len -= bytes;
593 		buf += bytes;
594 	}
595 
596 	return 0;
597 }
598 
entropy_stm32_rng_get_entropy_isr(const struct device * dev,uint8_t * buf,uint16_t len,uint32_t flags)599 static int entropy_stm32_rng_get_entropy_isr(const struct device *dev,
600 					     uint8_t *buf,
601 					     uint16_t len,
602 					     uint32_t flags)
603 {
604 	uint16_t cnt = len;
605 
606 	/* Check if this API is called on correct driver instance. */
607 	__ASSERT_NO_MSG(&entropy_stm32_rng_data == dev->data);
608 
609 	if (likely((flags & ENTROPY_BUSYWAIT) == 0U)) {
610 		return rng_pool_get(
611 				(struct rng_pool *)(entropy_stm32_rng_data.isr),
612 				buf, len);
613 	}
614 
615 	if (len) {
616 		unsigned int key;
617 		int irq_enabled;
618 		bool rng_already_acquired;
619 
620 		key = irq_lock();
621 		irq_enabled = irq_is_enabled(IRQN);
622 		irq_disable(IRQN);
623 		irq_unlock(key);
624 
625 		/* Do not release if IRQ is enabled. RNG will be released in ISR
626 		 * when the pools are full.
627 		 */
628 		rng_already_acquired = z_stm32_hsem_is_owned(CFG_HW_RNG_SEMID) ||
629 				       irq_enabled;
630 		acquire_rng();
631 
632 		cnt = generate_from_isr(buf, len);
633 
634 		/* Restore the state of the RNG lock and IRQ */
635 		if (!rng_already_acquired) {
636 			release_rng();
637 		}
638 
639 		if (irq_enabled) {
640 			irq_enable(IRQN);
641 		}
642 	}
643 
644 	return cnt;
645 }
646 
entropy_stm32_rng_init(const struct device * dev)647 static int entropy_stm32_rng_init(const struct device *dev)
648 {
649 	struct entropy_stm32_rng_dev_data *dev_data;
650 	const struct entropy_stm32_rng_dev_cfg *dev_cfg;
651 	int res;
652 
653 	__ASSERT_NO_MSG(dev != NULL);
654 
655 	dev_data = dev->data;
656 	dev_cfg = dev->config;
657 
658 	__ASSERT_NO_MSG(dev_data != NULL);
659 	__ASSERT_NO_MSG(dev_cfg != NULL);
660 
661 	dev_data->clock = DEVICE_DT_GET(STM32_CLOCK_CONTROL_NODE);
662 
663 	if (!device_is_ready(dev_data->clock)) {
664 		return -ENODEV;
665 	}
666 
667 	res = clock_control_on(dev_data->clock,
668 		(clock_control_subsys_t)&dev_cfg->pclken[0]);
669 	__ASSERT_NO_MSG(res == 0);
670 
671 	/* Configure domain clock if any */
672 	if (DT_INST_NUM_CLOCKS(0) > 1) {
673 		res = clock_control_configure(dev_data->clock,
674 					      (clock_control_subsys_t)&dev_cfg->pclken[1],
675 					      NULL);
676 		__ASSERT(res == 0, "Could not select RNG domain clock");
677 	}
678 
679 	/* Locking semaphore initialized to 1 (unlocked) */
680 	k_sem_init(&dev_data->sem_lock, 1, 1);
681 
682 	/* Synching semaphore */
683 	k_sem_init(&dev_data->sem_sync, 0, 1);
684 
685 	k_work_init(&dev_data->filling_work, pool_filling_work_handler);
686 
687 	rng_pool_init((struct rng_pool *)(dev_data->thr),
688 		      CONFIG_ENTROPY_STM32_THR_POOL_SIZE,
689 		      CONFIG_ENTROPY_STM32_THR_THRESHOLD);
690 	rng_pool_init((struct rng_pool *)(dev_data->isr),
691 		      CONFIG_ENTROPY_STM32_ISR_POOL_SIZE,
692 		      CONFIG_ENTROPY_STM32_ISR_THRESHOLD);
693 
694 	IRQ_CONNECT(IRQN, IRQ_PRIO, stm32_rng_isr, &entropy_stm32_rng_data, 0);
695 
696 #if !defined(CONFIG_SOC_SERIES_STM32WBX) && !defined(CONFIG_STM32H7_DUAL_CORE)
697 	/* For multi-core MCUs, RNG configuration is automatically performed
698 	 * after acquiring the RNG in start_pool_filling()
699 	 */
700 	configure_rng();
701 #endif /* !CONFIG_SOC_SERIES_STM32WBX && !CONFIG_STM32H7_DUAL_CORE */
702 
703 	start_pool_filling(true);
704 
705 	return 0;
706 }
707 
708 #ifdef CONFIG_PM_DEVICE
entropy_stm32_rng_pm_action(const struct device * dev,enum pm_device_action action)709 static int entropy_stm32_rng_pm_action(const struct device *dev,
710 				       enum pm_device_action action)
711 {
712 	struct entropy_stm32_rng_dev_data *dev_data = dev->data;
713 
714 	int res = 0;
715 
716 	/* Remove warning on some platforms */
717 	ARG_UNUSED(dev_data);
718 
719 	switch (action) {
720 	case PM_DEVICE_ACTION_SUSPEND:
721 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
722 		/* Lock to Prevent concurrent access with PM */
723 		z_stm32_hsem_lock(CFG_HW_RNG_SEMID, HSEM_LOCK_WAIT_FOREVER);
724 	/* Call release_rng instead of entropy_stm32_suspend to avoid double hsem_unlock */
725 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
726 		release_rng();
727 		break;
728 	case PM_DEVICE_ACTION_RESUME:
729 		if (IS_ENABLED(CONFIG_PM_S2RAM)) {
730 #if DT_INST_NODE_HAS_PROP(0, health_test_config)
731 			entropy_stm32_resume();
732 #if DT_INST_NODE_HAS_PROP(0, health_test_magic)
733 			LL_RNG_SetHealthConfig(dev_data->rng, DT_INST_PROP(0, health_test_magic));
734 #endif /* health_test_magic */
735 			if (LL_RNG_GetHealthConfig(dev_data->rng) !=
736 				DT_INST_PROP_OR(0, health_test_config, 0U)) {
737 				entropy_stm32_rng_init(dev);
738 			} else if (!entropy_stm32_rng_data.filling_pools) {
739 				/* Resume RNG only if it was suspended during filling pool */
740 #if defined(CONFIG_SOC_SERIES_STM32WBX) || defined(CONFIG_STM32H7_DUAL_CORE)
741 				/* Lock to Prevent concurrent access with PM */
742 				z_stm32_hsem_lock(CFG_HW_RNG_SEMID, HSEM_LOCK_WAIT_FOREVER);
743 				/*
744 				 * Call release_rng instead of entropy_stm32_suspend
745 				 * to avoid double hsem_unlock
746 				 */
747 #endif /* CONFIG_SOC_SERIES_STM32WBX || CONFIG_STM32H7_DUAL_CORE */
748 				release_rng();
749 			}
750 #endif /* health_test_config */
751 		} else {
752 			/* Resume RNG only if it was suspended during filling pool */
753 			if (entropy_stm32_rng_data.filling_pools) {
754 				res = entropy_stm32_resume();
755 			}
756 		}
757 		break;
758 	default:
759 		return -ENOTSUP;
760 	}
761 
762 	return res;
763 }
764 #endif /* CONFIG_PM_DEVICE */
765 
766 static DEVICE_API(entropy, entropy_stm32_rng_api) = {
767 	.get_entropy = entropy_stm32_rng_get_entropy,
768 	.get_entropy_isr = entropy_stm32_rng_get_entropy_isr
769 };
770 
771 PM_DEVICE_DT_INST_DEFINE(0, entropy_stm32_rng_pm_action);
772 
773 DEVICE_DT_INST_DEFINE(0,
774 		    entropy_stm32_rng_init,
775 		    PM_DEVICE_DT_INST_GET(0),
776 		    &entropy_stm32_rng_data, &entropy_stm32_rng_config,
777 		    PRE_KERNEL_1, CONFIG_ENTROPY_INIT_PRIORITY,
778 		    &entropy_stm32_rng_api);
779