-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update vendored OpenTitan entropy IPs to Earlgrey-PROD-M5 #665
base: main
Are you sure you want to change the base?
Conversation
For better portability, use /usr/bin/env instead. For context, /bin/bash does not exist on NixOS. NixOS provides /bin/sh and /usr/bin/env for POSIX compliance but other command (including bash) needs to come from the PATH.
The commits have been updated to OpenTitan's Earlgrey-PROD-M5 tag. Caliptra-specifc changes (e.g. the prim -> caliptra_prim) renames are kept. This is a simple update as lc_ctrl isn't instantiated in Caliptra, it's only vendored since the pkgs are used by other OpenTitan IP blocks. Signed-off-by: Gary Guo <[email protected]>
Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - 2608b59 [reggen] Move prj metadata into main hjson - 96b75ae [entropy_src] Latch rng_enable - 5c304ae [dv/kmac] Fix nightly regression error - 218294b [hw,doc] Add one-line descriptions to all blocks - 8940820 [entropy_src] Don't push to input FIFO unless indicating ready to AST - f8500c0 [hw,doc] Add one-paragraph descriptions to all blocks - 6211349 [hw,doc] Add human-readable name to all blocks - f111d02 [aes, rtl] Update comment on the suitability of the masking PRNG - 7660c94 [doc] Fix `the the` typo - 5ed1d60 [kmac] Prevent SW from reading capacity for sideloaded KMAC - d37f46a [entropy_src] Clarify different modes of operation (FIPS / FW_OV etc.) - 09ebf56 [entropy_src, doc] Clarify which CSR settings lead to (non-)FIPS entropy - 2817424 [entropy_src] Don't predict counter clearing in FW_OV mode, align doc - 51269de [entropy_src/rtl] Remove stale TODO - 108428b [csrng/doc] Specify behavior around `cs_aes_halt` - cdd4afd [csrng/rtl] Fix `cs_aes_halt_ack` for four-phase HS - 902088b [csrng] Add assertions for `cs_aes_halt` and AES activity - 3c5d763 [kmac/rtl] Move `keccak_round` state definition to `sha3_pkg` - c0dc961 [kmac] Remove an obsolete TODO - fb5ae1e [kmac] Remove a TODO item, but link a related issue - 12debc6 [kmac] Icebox a TODO item - 1961b61 [entropy_src/dv] Assert no entropy gets dropped in FIPS-compliant mode - 048e179 [entropy_src/doc] Define intention and limitations of `cs_aes_halt` - 93e2096 [entropy_src] Add assertions around `cs_aes_halt` - 646bd2d [csrng, rtl] Remove output mux on genbits bus - 835bfe1 [csrng, rtl] Simplify main input mux - 0fe3399 [entropy_src, rtl] Change sync FIFO prims to not output 0 when empty - d4c659f [entropy_src] Define ObserveFifoDepth parameter in hjson - c819ca8 [entropy_src] Doc and check required bypass health test window size - 477ae95 [csrng/rtl] Restrict `glen` to 12 bit (thus <= 4095) - cce7634 [aes, rtl] Update S-Box data/mask in sync with PRD - e47df29 [misc] Use lc_tx_t testing functions at endpoints - 9bc003c [aes, kmac] Replace term aggravate in SCA/FI context - 7688e71 [reggen] Add initial support for version and cip_id hjson fields - 1b16ca2 [reggen] Add mubi support SWAccess that sets/clears a reg - 05a3bb1 [hw,rtl,prim] Switch AND/OR for Mubi W1S/W1C - b311812 [edn/dv] check commands on EDN-CSRNG interface - a5a80a6 [chip-test] List ENTROPY_SRC functional features - 589a1e6 [csrng,SiVal] Add features of CSRNG module - 3a07cce [csrng] Clarify relevance of en_csrng_sw_app_read OTP switch - f068d1c [csrng/doc] Correct some minor documentation errors Authors of the upstream commits: - Michael Schaffner <[email protected]> - Eli Kim <[email protected]> - Cindy Chen <[email protected]> - Andreas Kurth <[email protected]> - Pirmin Vogel <[email protected]> - Douglas Reis <[email protected]> - Fatih Balli <[email protected]> - Robert Schilling <[email protected]> - Hakim Filali <[email protected]> - Marno van der Maas <[email protected]> Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - de31bdf [reggen] Remove the devmode input - 564d414 [edn] Add new states to SM state_e typedef enum - a47ee96 [edn] Add transition to SW mode after boot sequence is done - 61a237e [util/reggen] reverse order of substruct generation - 74f54dc [mubi,gen] Fix comments Authors of the upstream commits: - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Guillermo Maturana <[email protected]> Signed-off-by: Gary Guo <[email protected]>
Upstream OpenTitan commit c721c51c133b75a9c429e7b04eba98b685b3605e When the new `commit_i` input is enabled (via the 'EnableCommit' parameter) changes to the count will only occur if `commit_i` is set. Crucially the `cnt_next_o` output is unaffected by the commit. That provides you with the next counter state, if the commit occurs. Upstream commit is authored by: Greg Chadwick <[email protected]> Signed-off-by: Gary Guo <[email protected]>
This is needed by vendored AES blocks. VF file list is updated to reflect the added primitive. This includes the following upstream OpenTitan commits: - 0ded564 [caliptra_prim] Add Trivium/Bivium stream cipher primitives - 4cf2479 [caliptra_prim_trivium] Allow dynamically disabling the lockup protection The upstream commits are authored by: Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - b9afd40 [aes,rtl] Switch to Bivium-based masking PRNG implementation - 3f447cc [otp_ctrl] Remove entropy_src chicken switches - 75df0ae [edn/rtl] Handle backpressure from CSRNG without an output FIFO - 809ba9c [entropy_src/doc] Document behavior of SHA3 conditioner engine - 96c75dc [edn/rtl] Enter recoverable alert state when error is received from CSRNG - 55763e1 [entropy_src/rtl] Add new fips fields to CONF register - 6b5f40f [entropy_src/rtl] Use the new fips_flag registers - 46fe194 [entropy_src/rtl] Move back 1-4 packer - 0b25451 [entropy_src/doc] Align the documentation with the moved esbit FIFO - 381ccf9 [entropy_src/rtl] Move the esbit FIFO down in sv file - 3eadcfd [entropy_src/rtl] Change the mubi4 true test to loose - e0a5f9d [entropy_src] Remove line diabling TRNG when esrng FIFO is full - 043b0e0 [kmac] Simplify randomness update requests and PRNG control logic - dd4b689 [kmac] Move DOM multiplier control from keccak_2share to keccak_round - 365dfd2 [kmac] Make DOM multiplier I/O muxing glitch free - 4414aaa [kmac] Add param to keccak_round/2share to only use external randomness - 15f75fa [kmac, sha3] Add REQ/ACK interface to delay Keccak operations - 21adde1 [entropy_src] Fix CS AES Halt interface - f76a236 [entropy_src] Fix a Verilator lint warning - 7ebb11a [entropy_src] Fix FIFO controls, move drop point to before postht FIFO - c2c27db [entropy_src] Align prim_fifo_sync instantation parameters - 74a6e9b [entropy_src] Add FIFO to deal with backpressure from the conditioner - 534a41e [entropy_src] Remove unneeded main SM state and input signals - 2b8870c [entropy_src] Align enable delay module with fixed CS AES Halt interface - fcd7af1 [entropy_src] Reduce depth of esfinal FIFO from 4 to 3 entries - 2d82cc8 [entropy_src] Rework the swread packer FIFO to reduce area - 0522f11 [aes] Add parameter to cipher core for forward-only operation - bef6aa2 [csrng] Instantiate the AES core with support for forward-only operation - f9f25c0 [aes, csrng] Move generation of prd_clearing_128/256 signals - e103570 [csrng] Perform debug state reads directly from state database - 03f5ab6 [csrng] Perform internal state reads directly from state database - 54661e6 [entropy_src] Reduce depth of Observe FIFO - 1254476 [entropy_src/doc] Clean up documentation of interrupts - 7eff696 [entropy_src/doc] Fix documentation of security countermeausures - 3d2bd37 [entropy_src/doc] Clarify behavior re health test failures and alert - 92a7627 [entropy_src] Add SEC_CM labels and testplan entries for hardened FIFOs - c0fb4c8 [entropy_src] Increase version number, revert verification stage to V1 - c2dd19d [csrng] Increase version number, revert verification stage to V1 - f4c2bb9 Remove trailing whitespaces - 30d7e78 Add the project name to the copyright header Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Michael Munday <[email protected]> Signed-off-by: Gary Guo <[email protected]>
Signed-off-by: Gary Guo <[email protected]>
This is needed for CSRNG. Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - 5e3d643 [kmac] Fix silly lint warning in keccak_2share.sv - 042e0b9 [csrng/rtl] Change and assign cmd_sts signal - d9a0305 [entropy_src,rtl] Factor sfifo errors into fatal alert - 903b319 [csrng/rtl] Add command out of sequence cmd_sts error - 1d12ff7 [csrng/rtl] Remove zeroize state after uni error from ctr drbg cmd - b65b9ef [csrng/rtl] Fix lint error - 0c397d7 [csrng] Add SVAs to check for unexpected pushes to the genbits FIFO - 19dc3a4 [aes, rtl] Uniquify type names for PRD structs inside DOM S-Box - fc6e4b2 [aes] Move PRD input buffers out of S-Boxes - 735338e [aes] Correct some comments regarding the masking PRNG implementation - 6a2080f [aes] Use the buffered PRNG output data for input data masking - 799882c [aes] Advance the masking PRNG unconditionally during data processing - e41236f [aes] Don't update the cycle counter during PRNG reseeding only - 7f84f7c [csrng/rtl] Add reseed interval status error Authors of the upstream commits: - Rupert Swarbrick <[email protected]> - Hakim Filali <[email protected]> - Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]>
Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - b9e0388 [csrng/rtl] Move cmd checks to the cmd stage - 3931c32 [csrng/rtl] Check for GENU instead of GEN for CMD_STS_INVALID_GEN_CMD - 8577cce [csrng] Add option to force FIPS/CC compliance flag - eecef82 [csrng/doc] Use enum type for SW_CMD_STS.CMD_STS field - baa7e6a [csrng/doc] Correct documentation around INVALID_ACMD errors - 27279ff [entropy_src] Locally escalate upon internal FIFO errors and FSM errors - c903d65 [csrng] Make reseed counters readable at any point in time Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]>
The multireg feature of OpenTitan HJSON is not supported by the reg_json.py tool and adding support is non-trivial. Given that there's a single usage here, expand it manually instead. Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - 3a4c42f [csrng] Add per-instance internal state read enable - 01551bc [csrng] Locally escalate upon FSM errors - 6381071 [csrng] Flush command FIFO after signaling ACK errors - b447bf7 [csrng/rtl] Make the main SM error test signal fatal - 5caedf3 [entropy_src/doc] Doc interplay of startup health testing and FW_OV_MODE - f49daa9 [entropy_src/rtl] Delay the main_sm_done signal Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]>
Signed-off-by: Gary Guo <[email protected]>
This includes the following upstream OpenTitan commits: - 5784189 [entropy_src] Add SVA to ensure FIFOs are empty when triggering SHA - 64c91b8 [entropy_src] Fix prediction for entropy dropping at esfinal FIFO input - af726e8 [entropy_src] Use `es_delayed_enable` for SVAs tracking entropy flow - 5b9568d [csrng] Move CSRNG version 2.0.0 verification_stage to V2S - 481cee6 [entropy_src/doc] Document the fw_ov_rd_data read when empty behavior - 509b468 [entropy_src] Move ENTROPY_SRC version 2.0.0 verification_stage to V2S Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]>
Hi @nbdd0121 , can you please review https://github.com/chipsalliance/caliptra-rtl/blob/main/.github/workflow_metadata/README.md regarding the 'Hash Check' action for pull requests? Our ask here is that you use your own internal pipelines to validate this commit with all the proprietary tools that we can't publish to GitHub, for simulations/lint/synthesis, and once the branch passes run |
I am looking at this, however it's not clear exactly what I should do? I can't seem to find a script that will run all the required test for me, do I need to go through individual smoke test and invoke Furthermore I am struggling to reproduce the exact environment needed, for example when I try to run
digging into it I think this is due to an output format change of OpenSSL from 1.1 to 3, however I can't install OpenSSL 1.1 since it's EOL'ed in 2023. An detailed instruction to reproduce the environment needed to do Caliptra dev is highly appreciated! |
Please review by commits.
This bring lc_ctrl, aes, kmac, csrng, entropy_src up-to-date with the changes in OpenTitan Earlgrey M5. Primitives related (prim_count, prim_onehot_enc, prim_subreg, prim_trivium) are also updated.
The update strategy moves vendored IPs one milestone at a time to be able to track the changes easier. Related headers used by smoke tests are updated a commit after the OT update commit.