[entropy_src/doc] Adapt documentation to the new fips_flag register

This commit brings the documentation in line with the newly added fips_flag field in the conf register. Signed-off-by: Hakim Filali <[email protected]>
lowRISC · Feb 14, 2024 · 253e170 · 253e170
1 parent 664b5e6
commit 253e170
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 12 deletions.
diff --git a/hw/ip/entropy_src/data/entropy_src.hjson b/hw/ip/entropy_src/data/entropy_src.hjson
@@ -414,8 +414,6 @@
           mubi: true,
           desc: '''
                 Setting this field to `kMultiBitBool4True` enables the single RNG bit mode, where only one bit is sampled.
-                Note that the ENTROPY_SRC block can only generate FIPS qualified entropy if this field is set to `kMultiBitBool4False`.
-                Additional requirements to generate FIPS qualified entropy are i) that !!CONF.FIPS_ENABLE is set to `kMultiBitBool4True`, and ii) that at most one of the !!ENTROPY_CONTROL.ES_ROUTE and !!ENTROPY_CONTROL.ES_TYPE fields but not both are set to `kMultiBitBool4True`.
                 '''
           resval: false
         },
@@ -458,10 +456,8 @@
                 When this field is `kMultiBitBool4False`, the hardware conditioning inside the ENTROPY_SRC block is enabled.
                 Setting this field to `kMultiBitBool4True` will bypass the hardware conditioning.
                 For this to work, also !!ENTROPY_CONTROL.ES_ROUTE needs to be set to `kMultiBitBool4True` to route the unconditioned, raw entropy to the !!ENTROPY_DATA register.
-                Alternatively, the hardware conditioning can be bypassed by setting !!CONF.FIPS_ENABLE to `kMultiBitBool4False` to disable FIPS mode and enable bypass / boot-time mode.
-                In both cases, the ENTROPY_SRC block will not generate FIPS qualified entropy.
-
-                To generate FIPS qualified entropy, i) !!CONF.FIPS_ENABLE needs to be set to `kMultiBitBool4True`, ii) !!CONF.RNG_BIT_ENABLE needs to be set to `kMultiBitBool4False`, and iii) at most one of the !!ENTROPY_CONTROL.ES_ROUTE and !!ENTROPY_CONTROL.ES_TYPE fields needs to be set to `kMultiBitBool4True` but not both.
+                Alternatively, the hardware conditioning can be bypassed by setting !!CONF.FIPS_ENABLE to `kMultiBitBool4False`.
+                This enables the bypass / boot-time mode.
                 '''
           resval: false
         },

diff --git a/hw/ip/entropy_src/doc/registers.md b/hw/ip/entropy_src/doc/registers.md
@@ -269,8 +269,6 @@ This two bit field selects the RNG bit stream:
 
 ### CONF . RNG_BIT_ENABLE
 Setting this field to `kMultiBitBool4True` enables the single RNG bit mode, where only one bit is sampled.
-Note that the ENTROPY_SRC block can only generate FIPS qualified entropy if this field is set to `kMultiBitBool4False`.
-Additional requirements to generate FIPS qualified entropy are i) that [`CONF.FIPS_ENABLE`](#conf) is set to `kMultiBitBool4True`, and ii) that at most one of the [`ENTROPY_CONTROL.ES_ROUTE`](#entropy_control) and [`ENTROPY_CONTROL.ES_TYPE`](#entropy_control) fields but not both are set to `kMultiBitBool4True`.
 
 ### CONF . THRESHOLD_SCOPE
 This field controls the scope (either by-line or by-sum) of the health checks.
@@ -314,10 +312,8 @@ Entropy control register
 When this field is `kMultiBitBool4False`, the hardware conditioning inside the ENTROPY_SRC block is enabled.
 Setting this field to `kMultiBitBool4True` will bypass the hardware conditioning.
 For this to work, also [`ENTROPY_CONTROL.ES_ROUTE`](#entropy_control) needs to be set to `kMultiBitBool4True` to route the unconditioned, raw entropy to the [`ENTROPY_DATA`](#entropy_data) register.
-Alternatively, the hardware conditioning can be bypassed by setting [`CONF.FIPS_ENABLE`](#conf) to `kMultiBitBool4False` to disable FIPS mode and enable bypass / boot-time mode.
-In both cases, the ENTROPY_SRC block will not generate FIPS qualified entropy.
-
-To generate FIPS qualified entropy, i) [`CONF.FIPS_ENABLE`](#conf) needs to be set to `kMultiBitBool4True`, ii) [`CONF.RNG_BIT_ENABLE`](#conf) needs to be set to `kMultiBitBool4False`, and iii) at most one of the [`ENTROPY_CONTROL.ES_ROUTE`](#entropy_control) and [`ENTROPY_CONTROL.ES_TYPE`](#entropy_control) fields needs to be set to `kMultiBitBool4True` but not both.
+Alternatively, the hardware conditioning can be bypassed by setting [`CONF.FIPS_ENABLE`](#conf) to `kMultiBitBool4False`.
+This enables the bypass / boot-time mode.
 
 ### ENTROPY_CONTROL . ES_ROUTE
 When this field is `kMultiBitBool4False`, the generated entropy will be forwarded out of this module to the hardware interface.

diff --git a/hw/ip/entropy_src/doc/theory_of_operation.md b/hw/ip/entropy_src/doc/theory_of_operation.md
@@ -12,6 +12,8 @@ After a reset, the ENTROPY_SRC block will start up in boot-time / bypass mode by
 This feature is designed to provide an initial seed's worth of entropy with lower latency than the normal FIPS/CC compliant health check process.
 Health testing will still be performed on boot-time mode entropy, but the window of checking is, by default, 384 bits instead of 2048 bits.
 When entropy is delivered to the downstream hardware block, a signal will indicate what type of entropy it is - FIPS/CC compliant or not.
+This signal is determined by the `FIPS_FLAG` field in the [`CONF`](registers.md#conf).
+When `FIPS_FLAG` is set to `kMultiBitBool4True`, the entropy_src will request high quality entropy from the noise source and set the entropy type signal at the output to high.
 
 Once the initial boot-time mode phase has completed, the ENTROPY_SRC block can be switched to FIPS/CC compliant mode (for simplicity referred to as FIPS mode) by setting the `FIPS_ENABLE` field in the [`CONF`](registers.md#conf) register to `kMultiBitBool4True`.
 In this mode, once the raw entropy has been health checked, it will be passed into a conditioner block.