kern/57876: HWRNG drivers should use RND_FLAG_COLLECT_VALUE, not RND_FLAG_DEFAULT

[campbell+netbsd%mumble.net@localhost]

>Number:         57876
>Category:       kern
>Synopsis:       HWRNG drivers should use RND_FLAG_COLLECT_VALUE, not RND_FLAG_DEFAULT
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 24 22:10:01 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The NetBSD Randomization
>Environment:
>Description:
The entropy provided by HWRNG devices usually comes from the values sampled out of them, not the times when we choose to sample them.

So kernel rndsources backed by HWRNG devices should generally use RND_FLAG_COLLECT_VALUE, but not RND_FLAG_COLLECT_TIME or, worse, RND_FLAG_ESTIMATE_TIME, which are both in RND_FLAG_DEFAULT.

Affected HWRNG drivers:

- rndrrs (arch/aarch64/aarch64/cpu.c)
- rk_v1crypto (arch/arm/rockchip/rk_v1crypto.c)
- octrnm (arch/mips/cavium/dev/octeon_rnm.c)
- virt68k bootinfo (arch/virt68k/virt68k/bootinfo.c)
- fdt efirng (dev/fdt/fdt_boot.c)
- hifn (dev/pci/hifn7751.c)


Also: sun8i_crypto (arch/arm/sunxi/sun8i_crypto.c) and tpm (dev/ic/tpm.c) should skip RND_FLAG_ESTIMATE_VALUE, which currently does nothing.
>How-To-Repeat:
rndctl -l on a machine with efirng
>Fix:
Yes, please!