Make WDT more module for MCI reuse #679
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
clayton8
commented
Jan 3, 2025
clayton8
commented
…g parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI
clayton8
changed the title
Nitsirks
reviewed
Jan 3, 2025
calebofearth
reviewed
Jan 6, 2025
…hing with the wdt.sv params - PR request from Caleb.
…or has changed. The qualification now lives in the WDT module.
…ated timestamp and hash after successful run
…g parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI
…hing with the wdt.sv params - PR request from Caleb.
…or has changed. The qualification now lives in the WDT module.
…ce/caliptra-rtl into ckuchta-msft-wdt-reuse
…g parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI
…hing with the wdt.sv params - PR request from Caleb.
…or has changed. The qualification now lives in the WDT module.
…g parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI
calebofearth
force-pushed
the
ckuchta-msft-wdt-reuse
branch
from
40f74f6 to
645aa6b
Compare
…ce/caliptra-rtl into ckuchta-msft-wdt-reuse
… timingout regression
calebofearth
approved these changes
Jan 9, 2025
upadhyayulakiran
approved these changes
Jan 9, 2025
anjpar
pushed a commit
that referenced
this pull request
Jan 13, 2025
* 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * MICROSOFT AUTOMATED PIPELINE: Stamp 'ckuchta-msft-wdt-reuse' with updated timestamp and hash after successful run * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix typo in comment * Update pr_hash and pr_timestamp manually since pipeline is blocked by timingout regression
anjpar
pushed a commit
that referenced
this pull request
Jan 14, 2025
* 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * MICROSOFT AUTOMATED PIPELINE: Stamp 'ckuchta-msft-wdt-reuse' with updated timestamp and hash after successful run * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix typo in comment * Update pr_hash and pr_timestamp manually since pipeline is blocked by timingout regression
bharatpillilli
pushed a commit
that referenced
this pull request
Jan 16, 2025
#685) * Avoid hardcoding /bin/bash in Makefile SHELL For better portability, use /usr/bin/env instead. For context, /bin/bash does not exist on NixOS. NixOS provides /bin/sh and /usr/bin/env for POSIX compliance but other command (including bash) needs to come from the PATH. * Update lc_ctrl_*pkg.sv to match upstream OpenTitan The commits have been updated to OpenTitan's Earlgrey-PROD-M5 tag. Caliptra-specifc changes (e.g. the prim -> caliptra_prim) renames are kept. This is a simple update as lc_ctrl isn't instantiated in Caliptra, it's only vendored since the pkgs are used by other OpenTitan IP blocks. Signed-off-by: Gary Guo <[email protected]> * [entropy_src] keep entropy_src.hjson in sync with upstream Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-ES-SV2 This includes the following upstream OpenTitan commits: - 2608b59 [reggen] Move prj metadata into main hjson - 96b75ae [entropy_src] Latch rng_enable - 5c304ae [dv/kmac] Fix nightly regression error - 218294b [hw,doc] Add one-line descriptions to all blocks - 8940820 [entropy_src] Don't push to input FIFO unless indicating ready to AST - f8500c0 [hw,doc] Add one-paragraph descriptions to all blocks - 6211349 [hw,doc] Add human-readable name to all blocks - f111d02 [aes, rtl] Update comment on the suitability of the masking PRNG - 7660c94 [doc] Fix `the the` typo - 5ed1d60 [kmac] Prevent SW from reading capacity for sideloaded KMAC - d37f46a [entropy_src] Clarify different modes of operation (FIPS / FW_OV etc.) - 09ebf56 [entropy_src, doc] Clarify which CSR settings lead to (non-)FIPS entropy - 2817424 [entropy_src] Don't predict counter clearing in FW_OV mode, align doc - 51269de [entropy_src/rtl] Remove stale TODO - 108428b [csrng/doc] Specify behavior around `cs_aes_halt` - cdd4afd [csrng/rtl] Fix `cs_aes_halt_ack` for four-phase HS - 902088b [csrng] Add assertions for `cs_aes_halt` and AES activity - 3c5d763 [kmac/rtl] Move `keccak_round` state definition to `sha3_pkg` - c0dc961 [kmac] Remove an obsolete TODO - fb5ae1e [kmac] Remove a TODO item, but link a related issue - 12debc6 [kmac] Icebox a TODO item - 1961b61 [entropy_src/dv] Assert no entropy gets dropped in FIPS-compliant mode - 048e179 [entropy_src/doc] Define intention and limitations of `cs_aes_halt` - 93e2096 [entropy_src] Add assertions around `cs_aes_halt` - 646bd2d [csrng, rtl] Remove output mux on genbits bus - 835bfe1 [csrng, rtl] Simplify main input mux - 0fe3399 [entropy_src, rtl] Change sync FIFO prims to not output 0 when empty - d4c659f [entropy_src] Define ObserveFifoDepth parameter in hjson - c819ca8 [entropy_src] Doc and check required bypass health test window size - 477ae95 [csrng/rtl] Restrict `glen` to 12 bit (thus <= 4095) - cce7634 [aes, rtl] Update S-Box data/mask in sync with PRD - e47df29 [misc] Use lc_tx_t testing functions at endpoints - 9bc003c [aes, kmac] Replace term aggravate in SCA/FI context - 7688e71 [reggen] Add initial support for version and cip_id hjson fields - 1b16ca2 [reggen] Add mubi support SWAccess that sets/clears a reg - 05a3bb1 [hw,rtl,prim] Switch AND/OR for Mubi W1S/W1C - b311812 [edn/dv] check commands on EDN-CSRNG interface - a5a80a6 [chip-test] List ENTROPY_SRC functional features - 589a1e6 [csrng,SiVal] Add features of CSRNG module - 3a07cce [csrng] Clarify relevance of en_csrng_sw_app_read OTP switch - f068d1c [csrng/doc] Correct some minor documentation errors Authors of the upstream commits: - Michael Schaffner <[email protected]> - Eli Kim <[email protected]> - Cindy Chen <[email protected]> - Andreas Kurth <[email protected]> - Pirmin Vogel <[email protected]> - Douglas Reis <[email protected]> - Fatih Balli <[email protected]> - Robert Schilling <[email protected]> - Hakim Filali <[email protected]> - Marno van der Maas <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M2 prior to prim updates This includes the following upstream OpenTitan commits: - de31bdf [reggen] Remove the devmode input - 564d414 [edn] Add new states to SM state_e typedef enum - a47ee96 [edn] Add transition to SW mode after boot sequence is done - 61a237e [util/reggen] reverse order of substruct generation - 74f54dc [mubi,gen] Fix comments Authors of the upstream commits: - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Guillermo Maturana <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [caliptra_prim] Add 'commit' functionality to prim_count Upstream OpenTitan commit c721c51c133b75a9c429e7b04eba98b685b3605e When the new `commit_i` input is enabled (via the 'EnableCommit' parameter) changes to the count will only occur if `commit_i` is set. Crucially the `cnt_next_o` output is unaffected by the commit. That provides you with the next counter state, if the commit occurs. Upstream commit is authored by: Greg Chadwick <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Vendor Trivium/Bivium stream cipher primitives from OpenTitan This is needed by vendored AES blocks. VF file list is updated to reflect the added primitive. This includes the following upstream OpenTitan commits: - 0ded564 [caliptra_prim] Add Trivium/Bivium stream cipher primitives - 4cf2479 [caliptra_prim_trivium] Allow dynamically disabling the lockup protection The upstream commits are authored by: Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M2 This includes the following upstream OpenTitan commits: - b9afd40 [aes,rtl] Switch to Bivium-based masking PRNG implementation - 3f447cc [otp_ctrl] Remove entropy_src chicken switches - 75df0ae [edn/rtl] Handle backpressure from CSRNG without an output FIFO - 809ba9c [entropy_src/doc] Document behavior of SHA3 conditioner engine - 96c75dc [edn/rtl] Enter recoverable alert state when error is received from CSRNG - 55763e1 [entropy_src/rtl] Add new fips fields to CONF register - 6b5f40f [entropy_src/rtl] Use the new fips_flag registers - 46fe194 [entropy_src/rtl] Move back 1-4 packer - 0b25451 [entropy_src/doc] Align the documentation with the moved esbit FIFO - 381ccf9 [entropy_src/rtl] Move the esbit FIFO down in sv file - 3eadcfd [entropy_src/rtl] Change the mubi4 true test to loose - e0a5f9d [entropy_src] Remove line diabling TRNG when esrng FIFO is full - 043b0e0 [kmac] Simplify randomness update requests and PRNG control logic - dd4b689 [kmac] Move DOM multiplier control from keccak_2share to keccak_round - 365dfd2 [kmac] Make DOM multiplier I/O muxing glitch free - 4414aaa [kmac] Add param to keccak_round/2share to only use external randomness - 15f75fa [kmac, sha3] Add REQ/ACK interface to delay Keccak operations - 21adde1 [entropy_src] Fix CS AES Halt interface - f76a236 [entropy_src] Fix a Verilator lint warning - 7ebb11a [entropy_src] Fix FIFO controls, move drop point to before postht FIFO - c2c27db [entropy_src] Align prim_fifo_sync instantation parameters - 74a6e9b [entropy_src] Add FIFO to deal with backpressure from the conditioner - 534a41e [entropy_src] Remove unneeded main SM state and input signals - 2b8870c [entropy_src] Align enable delay module with fixed CS AES Halt interface - fcd7af1 [entropy_src] Reduce depth of esfinal FIFO from 4 to 3 entries - 2d82cc8 [entropy_src] Rework the swread packer FIFO to reduce area - 0522f11 [aes] Add parameter to cipher core for forward-only operation - bef6aa2 [csrng] Instantiate the AES core with support for forward-only operation - f9f25c0 [aes, csrng] Move generation of prd_clearing_128/256 signals - e103570 [csrng] Perform debug state reads directly from state database - 03f5ab6 [csrng] Perform internal state reads directly from state database - 54661e6 [entropy_src] Reduce depth of Observe FIFO - 1254476 [entropy_src/doc] Clean up documentation of interrupts - 7eff696 [entropy_src/doc] Fix documentation of security countermeausures - 3d2bd37 [entropy_src/doc] Clarify behavior re health test failures and alert - 92a7627 [entropy_src] Add SEC_CM labels and testplan entries for hardened FIFOs - c0fb4c8 [entropy_src] Increase version number, revert verification stage to V1 - c2dd19d [csrng] Increase version number, revert verification stage to V1 - f4c2bb9 Remove trailing whitespaces - 30d7e78 Add the project name to the copyright header Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Michael Munday <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [entropy_src] Update tests to account for register format change Signed-off-by: Gary Guo <[email protected]> * [caliptra_prim] vendor prim_onehot_enc from OpenTitan This is needed for CSRNG. Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M3 This includes the following upstream OpenTitan commits: - 5e3d643 [kmac] Fix silly lint warning in keccak_2share.sv - 042e0b9 [csrng/rtl] Change and assign cmd_sts signal - d9a0305 [entropy_src,rtl] Factor sfifo errors into fatal alert - 903b319 [csrng/rtl] Add command out of sequence cmd_sts error - 1d12ff7 [csrng/rtl] Remove zeroize state after uni error from ctr drbg cmd - b65b9ef [csrng/rtl] Fix lint error - 0c397d7 [csrng] Add SVAs to check for unexpected pushes to the genbits FIFO - 19dc3a4 [aes, rtl] Uniquify type names for PRD structs inside DOM S-Box - fc6e4b2 [aes] Move PRD input buffers out of S-Boxes - 735338e [aes] Correct some comments regarding the masking PRNG implementation - 6a2080f [aes] Use the buffered PRNG output data for input data masking - 799882c [aes] Advance the masking PRNG unconditionally during data processing - e41236f [aes] Don't update the cycle counter during PRNG reseeding only - 7f84f7c [csrng/rtl] Add reseed interval status error Authors of the upstream commits: - Rupert Swarbrick <[email protected]> - Hakim Filali <[email protected]> - Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] update integration tests for new CSRNG register maps Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M4 prior to multireg This includes the following upstream OpenTitan commits: - b9e0388 [csrng/rtl] Move cmd checks to the cmd stage - 3931c32 [csrng/rtl] Check for GENU instead of GEN for CMD_STS_INVALID_GEN_CMD - 8577cce [csrng] Add option to force FIPS/CC compliance flag - eecef82 [csrng/doc] Use enum type for SW_CMD_STS.CMD_STS field - baa7e6a [csrng/doc] Correct documentation around INVALID_ACMD errors - 27279ff [entropy_src] Locally escalate upon internal FIFO errors and FSM errors - c903d65 [csrng] Make reseed counters readable at any point in time Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] expand multireg from vendored HJSON and update tests The multireg feature of OpenTitan HJSON is not supported by the reg_json.py tool and adding support is non-trivial. Given that there's a single usage here, expand it manually instead. Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M4 This includes the following upstream OpenTitan commits: - 3a4c42f [csrng] Add per-instance internal state read enable - 01551bc [csrng] Locally escalate upon FSM errors - 6381071 [csrng] Flush command FIFO after signaling ACK errors - b447bf7 [csrng/rtl] Make the main SM error test signal fatal - 5caedf3 [entropy_src/doc] Doc interplay of startup health testing and FW_OV_MODE - f49daa9 [entropy_src/rtl] Delay the main_sm_done signal Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] update tests after register map changes Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M5 This includes the following upstream OpenTitan commits: - 5784189 [entropy_src] Add SVA to ensure FIFOs are empty when triggering SHA - 64c91b8 [entropy_src] Fix prediction for entropy dropping at esfinal FIFO input - af726e8 [entropy_src] Use `es_delayed_enable` for SVAs tracking entropy flow - 5b9568d [csrng] Move CSRNG version 2.0.0 verification_stage to V2S - 481cee6 [entropy_src/doc] Document the fw_ov_rd_data read when empty behavior - 509b468 [entropy_src] Move ENTROPY_SRC version 2.0.0 verification_stage to V2S Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Added additional primitives (*secded* anad others) required by fuse controller * Added additional generic primitives required by fuse controller * Added size to component interface port list as this is required for AXI to TLUL conversion * Added size to axi_sub instance port list * Fixed typo in axi_sub_wr * Updated axi_sub instance in caliptra_axi_sram with size port * Avoid hardcoding /bin/bash in Makefile SHELL For better portability, use /usr/bin/env instead. For context, /bin/bash does not exist on NixOS. NixOS provides /bin/sh and /usr/bin/env for POSIX compliance but other command (including bash) needs to come from the PATH. * Update lc_ctrl_*pkg.sv to match upstream OpenTitan The commits have been updated to OpenTitan's Earlgrey-PROD-M5 tag. Caliptra-specifc changes (e.g. the prim -> caliptra_prim) renames are kept. This is a simple update as lc_ctrl isn't instantiated in Caliptra, it's only vendored since the pkgs are used by other OpenTitan IP blocks. Signed-off-by: Gary Guo <[email protected]> * [entropy_src] keep entropy_src.hjson in sync with upstream Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-ES-SV2 This includes the following upstream OpenTitan commits: - 2608b59 [reggen] Move prj metadata into main hjson - 96b75ae [entropy_src] Latch rng_enable - 5c304ae [dv/kmac] Fix nightly regression error - 218294b [hw,doc] Add one-line descriptions to all blocks - 8940820 [entropy_src] Don't push to input FIFO unless indicating ready to AST - f8500c0 [hw,doc] Add one-paragraph descriptions to all blocks - 6211349 [hw,doc] Add human-readable name to all blocks - f111d02 [aes, rtl] Update comment on the suitability of the masking PRNG - 7660c94 [doc] Fix `the the` typo - 5ed1d60 [kmac] Prevent SW from reading capacity for sideloaded KMAC - d37f46a [entropy_src] Clarify different modes of operation (FIPS / FW_OV etc.) - 09ebf56 [entropy_src, doc] Clarify which CSR settings lead to (non-)FIPS entropy - 2817424 [entropy_src] Don't predict counter clearing in FW_OV mode, align doc - 51269de [entropy_src/rtl] Remove stale TODO - 108428b [csrng/doc] Specify behavior around `cs_aes_halt` - cdd4afd [csrng/rtl] Fix `cs_aes_halt_ack` for four-phase HS - 902088b [csrng] Add assertions for `cs_aes_halt` and AES activity - 3c5d763 [kmac/rtl] Move `keccak_round` state definition to `sha3_pkg` - c0dc961 [kmac] Remove an obsolete TODO - fb5ae1e [kmac] Remove a TODO item, but link a related issue - 12debc6 [kmac] Icebox a TODO item - 1961b61 [entropy_src/dv] Assert no entropy gets dropped in FIPS-compliant mode - 048e179 [entropy_src/doc] Define intention and limitations of `cs_aes_halt` - 93e2096 [entropy_src] Add assertions around `cs_aes_halt` - 646bd2d [csrng, rtl] Remove output mux on genbits bus - 835bfe1 [csrng, rtl] Simplify main input mux - 0fe3399 [entropy_src, rtl] Change sync FIFO prims to not output 0 when empty - d4c659f [entropy_src] Define ObserveFifoDepth parameter in hjson - c819ca8 [entropy_src] Doc and check required bypass health test window size - 477ae95 [csrng/rtl] Restrict `glen` to 12 bit (thus <= 4095) - cce7634 [aes, rtl] Update S-Box data/mask in sync with PRD - e47df29 [misc] Use lc_tx_t testing functions at endpoints - 9bc003c [aes, kmac] Replace term aggravate in SCA/FI context - 7688e71 [reggen] Add initial support for version and cip_id hjson fields - 1b16ca2 [reggen] Add mubi support SWAccess that sets/clears a reg - 05a3bb1 [hw,rtl,prim] Switch AND/OR for Mubi W1S/W1C - b311812 [edn/dv] check commands on EDN-CSRNG interface - a5a80a6 [chip-test] List ENTROPY_SRC functional features - 589a1e6 [csrng,SiVal] Add features of CSRNG module - 3a07cce [csrng] Clarify relevance of en_csrng_sw_app_read OTP switch - f068d1c [csrng/doc] Correct some minor documentation errors Authors of the upstream commits: - Michael Schaffner <[email protected]> - Eli Kim <[email protected]> - Cindy Chen <[email protected]> - Andreas Kurth <[email protected]> - Pirmin Vogel <[email protected]> - Douglas Reis <[email protected]> - Fatih Balli <[email protected]> - Robert Schilling <[email protected]> - Hakim Filali <[email protected]> - Marno van der Maas <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M2 prior to prim updates This includes the following upstream OpenTitan commits: - de31bdf [reggen] Remove the devmode input - 564d414 [edn] Add new states to SM state_e typedef enum - a47ee96 [edn] Add transition to SW mode after boot sequence is done - 61a237e [util/reggen] reverse order of substruct generation - 74f54dc [mubi,gen] Fix comments Authors of the upstream commits: - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Guillermo Maturana <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [caliptra_prim] Add 'commit' functionality to prim_count Upstream OpenTitan commit c721c51c133b75a9c429e7b04eba98b685b3605e When the new `commit_i` input is enabled (via the 'EnableCommit' parameter) changes to the count will only occur if `commit_i` is set. Crucially the `cnt_next_o` output is unaffected by the commit. That provides you with the next counter state, if the commit occurs. Upstream commit is authored by: Greg Chadwick <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Vendor Trivium/Bivium stream cipher primitives from OpenTitan This is needed by vendored AES blocks. VF file list is updated to reflect the added primitive. This includes the following upstream OpenTitan commits: - 0ded564 [caliptra_prim] Add Trivium/Bivium stream cipher primitives - 4cf2479 [caliptra_prim_trivium] Allow dynamically disabling the lockup protection The upstream commits are authored by: Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M2 This includes the following upstream OpenTitan commits: - b9afd40 [aes,rtl] Switch to Bivium-based masking PRNG implementation - 3f447cc [otp_ctrl] Remove entropy_src chicken switches - 75df0ae [edn/rtl] Handle backpressure from CSRNG without an output FIFO - 809ba9c [entropy_src/doc] Document behavior of SHA3 conditioner engine - 96c75dc [edn/rtl] Enter recoverable alert state when error is received from CSRNG - 55763e1 [entropy_src/rtl] Add new fips fields to CONF register - 6b5f40f [entropy_src/rtl] Use the new fips_flag registers - 46fe194 [entropy_src/rtl] Move back 1-4 packer - 0b25451 [entropy_src/doc] Align the documentation with the moved esbit FIFO - 381ccf9 [entropy_src/rtl] Move the esbit FIFO down in sv file - 3eadcfd [entropy_src/rtl] Change the mubi4 true test to loose - e0a5f9d [entropy_src] Remove line diabling TRNG when esrng FIFO is full - 043b0e0 [kmac] Simplify randomness update requests and PRNG control logic - dd4b689 [kmac] Move DOM multiplier control from keccak_2share to keccak_round - 365dfd2 [kmac] Make DOM multiplier I/O muxing glitch free - 4414aaa [kmac] Add param to keccak_round/2share to only use external randomness - 15f75fa [kmac, sha3] Add REQ/ACK interface to delay Keccak operations - 21adde1 [entropy_src] Fix CS AES Halt interface - f76a236 [entropy_src] Fix a Verilator lint warning - 7ebb11a [entropy_src] Fix FIFO controls, move drop point to before postht FIFO - c2c27db [entropy_src] Align prim_fifo_sync instantation parameters - 74a6e9b [entropy_src] Add FIFO to deal with backpressure from the conditioner - 534a41e [entropy_src] Remove unneeded main SM state and input signals - 2b8870c [entropy_src] Align enable delay module with fixed CS AES Halt interface - fcd7af1 [entropy_src] Reduce depth of esfinal FIFO from 4 to 3 entries - 2d82cc8 [entropy_src] Rework the swread packer FIFO to reduce area - 0522f11 [aes] Add parameter to cipher core for forward-only operation - bef6aa2 [csrng] Instantiate the AES core with support for forward-only operation - f9f25c0 [aes, csrng] Move generation of prd_clearing_128/256 signals - e103570 [csrng] Perform debug state reads directly from state database - 03f5ab6 [csrng] Perform internal state reads directly from state database - 54661e6 [entropy_src] Reduce depth of Observe FIFO - 1254476 [entropy_src/doc] Clean up documentation of interrupts - 7eff696 [entropy_src/doc] Fix documentation of security countermeausures - 3d2bd37 [entropy_src/doc] Clarify behavior re health test failures and alert - 92a7627 [entropy_src] Add SEC_CM labels and testplan entries for hardened FIFOs - c0fb4c8 [entropy_src] Increase version number, revert verification stage to V1 - c2dd19d [csrng] Increase version number, revert verification stage to V1 - f4c2bb9 Remove trailing whitespaces - 30d7e78 Add the project name to the copyright header Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Michael Schaffner <[email protected]> - Hakim Filali <[email protected]> - Michael Munday <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [entropy_src] Update tests to account for register format change Signed-off-by: Gary Guo <[email protected]> * [caliptra_prim] vendor prim_onehot_enc from OpenTitan This is needed for CSRNG. Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M3 This includes the following upstream OpenTitan commits: - 5e3d643 [kmac] Fix silly lint warning in keccak_2share.sv - 042e0b9 [csrng/rtl] Change and assign cmd_sts signal - d9a0305 [entropy_src,rtl] Factor sfifo errors into fatal alert - 903b319 [csrng/rtl] Add command out of sequence cmd_sts error - 1d12ff7 [csrng/rtl] Remove zeroize state after uni error from ctr drbg cmd - b65b9ef [csrng/rtl] Fix lint error - 0c397d7 [csrng] Add SVAs to check for unexpected pushes to the genbits FIFO - 19dc3a4 [aes, rtl] Uniquify type names for PRD structs inside DOM S-Box - fc6e4b2 [aes] Move PRD input buffers out of S-Boxes - 735338e [aes] Correct some comments regarding the masking PRNG implementation - 6a2080f [aes] Use the buffered PRNG output data for input data masking - 799882c [aes] Advance the masking PRNG unconditionally during data processing - e41236f [aes] Don't update the cycle counter during PRNG reseeding only - 7f84f7c [csrng/rtl] Add reseed interval status error Authors of the upstream commits: - Rupert Swarbrick <[email protected]> - Hakim Filali <[email protected]> - Pirmin Vogel <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] update integration tests for new CSRNG register maps Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M4 prior to multireg This includes the following upstream OpenTitan commits: - b9e0388 [csrng/rtl] Move cmd checks to the cmd stage - 3931c32 [csrng/rtl] Check for GENU instead of GEN for CMD_STS_INVALID_GEN_CMD - 8577cce [csrng] Add option to force FIPS/CC compliance flag - eecef82 [csrng/doc] Use enum type for SW_CMD_STS.CMD_STS field - baa7e6a [csrng/doc] Correct documentation around INVALID_ACMD errors - 27279ff [entropy_src] Locally escalate upon internal FIFO errors and FSM errors - c903d65 [csrng] Make reseed counters readable at any point in time Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] expand multireg from vendored HJSON and update tests The multireg feature of OpenTitan HJSON is not supported by the reg_json.py tool and adding support is non-trivial. Given that there's a single usage here, expand it manually instead. Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M4 This includes the following upstream OpenTitan commits: - 3a4c42f [csrng] Add per-instance internal state read enable - 01551bc [csrng] Locally escalate upon FSM errors - 6381071 [csrng] Flush command FIFO after signaling ACK errors - b447bf7 [csrng/rtl] Make the main SM error test signal fatal - 5caedf3 [entropy_src/doc] Doc interplay of startup health testing and FW_OV_MODE - f49daa9 [entropy_src/rtl] Delay the main_sm_done signal Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * [csrng] update tests after register map changes Signed-off-by: Gary Guo <[email protected]> * Update vendored OpenTitan IPs to Earlgrey-PROD-M5 This includes the following upstream OpenTitan commits: - 5784189 [entropy_src] Add SVA to ensure FIFOs are empty when triggering SHA - 64c91b8 [entropy_src] Fix prediction for entropy dropping at esfinal FIFO input - af726e8 [entropy_src] Use `es_delayed_enable` for SVAs tracking entropy flow - 5b9568d [csrng] Move CSRNG version 2.0.0 verification_stage to V2S - 481cee6 [entropy_src/doc] Document the fw_ov_rd_data read when empty behavior - 509b468 [entropy_src] Move ENTROPY_SRC version 2.0.0 verification_stage to V2S Authors of the upstream commits: - Pirmin Vogel <[email protected]> - Hakim Filali <[email protected]> Signed-off-by: Gary Guo <[email protected]> * Update compile.yml and .vf files with new OT prims * - Rebased caliptra_prim and caliptra_prim_generic modules to Earlgrey.PROD_M5 version - Regenerated file lists * Added csrng_pkg to edn_pkg dependency list. Temporarily renamed RndCnstRawUnlockToken to RncCnstRawUnlockTokenDefault * Updated file lists * Added MANUF to PROD state transitions * Resolved merge conflict in file lists * Additional fixes to resolve merge issues, package dependencies * Cleaned up duplicate pragmas and import * Regenerated and updated file lists * Fixed merge errors * Make WDT more modular for MCI reuse (#679) * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * MICROSOFT AUTOMATED PIPELINE: Stamp 'ckuchta-msft-wdt-reuse' with updated timestamp and hash after successful run * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix lint issues within wdt.sv and remove bitwise and boolean mixed logic * Add SOC_IFC_ prefix to WDT params in the soc_ifc_pkg.sv to avoid clashing with the wdt.sv params - PR request from Caleb. * Fix TB files due to WDT updates and wdt_error_t*_intr_serviced behavior has changed. The qualification now lives in the WDT module. * 1. Make WDT more moduler by removing the soc_ifc_pkg import and adding parameters to the module. - Better reusability with MCI 2. Move the wdt_timer*_timeout_serviced write restrictions from soc_ifc_top -> wdt. Better reusability with MCI. 3. Simplify moduler the timer*_count logic by creating new *_qual and *_restart signals that are separate from the timer*_count logic. - Code clean up 4. HW enfore the timer2_count cannot be reset by timer2_restart unless we are in independent mode. - New functionality 5. Add new fatal_error to WDT that is equivalent to nmi_intr logic in soc_ifc_top making it more resuable for MCI WDT. - Better reusability with MCI * Fix typo in comment * Update pr_hash and pr_timestamp manually since pipeline is blocked by timingout regression * Removed duplicate lines of code that was causing compile errors * Fixed lint errors, added waivers for W444, TwoStateData-ML * Removed files that got accidentally committed * Regenerated caliptra_reg.h and calitpra_reg_defines.svh * [TB] updated KV uvm to include AES (#689) * updated kV uvmf to include AES * MICROSOFT AUTOMATED PIPELINE: Stamp 'mojtaba-kv-uvm' with updated timestamp and hash after successful run * Adding wires to drive uds/field entropy from external source (#690) * option to take obf uds and field entropy from caliptra interface * adding valid wires to obf uds and field entropy * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/secret_wires' with updated timestamp and hash after successful run * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/secret_wires' with updated timestamp and hash after successful run * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-ot-update' with updated timestamp and hash after successful run --------- Signed-off-by: Gary Guo <[email protected]> Co-authored-by: Gary Guo <[email protected]> Co-authored-by: Caleb Whitehead <[email protected]> Co-authored-by: clayton8 <[email protected]> Co-authored-by: Mojtaba Bisheh-Niasar <[email protected]> Co-authored-by: Michael Norris <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.