From b1e7d85b90fbef81247f99c30b5df2f857ea13ed Mon Sep 17 00:00:00 2001 From: Hakim Filali Date: Wed, 14 Feb 2024 16:51:52 +0000 Subject: [PATCH] [chip-level/entropy_src] Align SW with the added fips_flag change This commit aligns the SW with the added fips flag. The fips_flag is now part of configuring the entropy_src. Signed-off-by: Hakim Filali --- sw/device/lib/crypto/drivers/entropy.c | 9 +++++++++ sw/device/lib/dif/dif_entropy_src.c | 5 +++++ sw/device/lib/dif/dif_entropy_src.h | 11 +++++++++++ sw/device/lib/dif/dif_entropy_src_unittest.cc | 6 ++++++ sw/device/lib/testing/entropy_testutils.c | 2 ++ sw/device/lib/testing/test_rom/test_rom_start.S | 1 + sw/device/silicon_creator/manuf/lib/sram_start.S | 1 + .../manuf/lib/sram_start_no_ast_init.S | 1 + sw/device/silicon_creator/rom/rom_start.S | 1 + sw/device/tests/edn_boot_mode.c | 3 +++ sw/device/tests/entropy_src_ast_rng_req_test.c | 1 + sw/device/tests/entropy_src_smoketest.c | 1 + sw/device/tests/power_virus_systemtest.c | 1 + sw/device/tests/sim_dv/ast_clk_rst_inputs.c | 1 + .../tests/rom/e2e_chip_specific_startup/src/main.rs | 2 ++ 15 files changed, 46 insertions(+) diff --git a/sw/device/lib/crypto/drivers/entropy.c b/sw/device/lib/crypto/drivers/entropy.c index e042b101f0e36b..2fe32b994a8f9a 100644 --- a/sw/device/lib/crypto/drivers/entropy.c +++ b/sw/device/lib/crypto/drivers/entropy.c @@ -120,6 +120,12 @@ typedef struct entropy_src_config { * processed by an SP 800-90B compliant conditioning function. */ multi_bit_bool_t fips_enable; + /** + * If set, the noise source is instructed to produce high quality entropy. + * Furthermore, the produced output entropy is marked as FIPS compliant through + * the FIPS bit being set to high. + */ + multi_bit_bool_t fips_flag; /** * If set, entropy will be routed to a firmware-visible register instead of * being distributed to other hardware IPs. @@ -216,6 +222,7 @@ static const entropy_complex_config_t .entropy_src = { .fips_enable = kMultiBitBool4True, + .fips_flag = kMultiBitBool4True, .route_to_firmware = kMultiBitBool4False, .bypass_conditioner = kMultiBitBool4False, .single_bit_mode = kMultiBitBool4False, @@ -633,6 +640,8 @@ static status_t entropy_src_configure(const entropy_src_config_t *config) { // Config register configuration reg = bitfield_field32_write(0, ENTROPY_SRC_CONF_FIPS_ENABLE_FIELD, config->fips_enable); + reg = bitfield_field32_write(reg, ENTROPY_SRC_CONF_FIPS_FLAG_FIELD, + config->fips_flag); reg = bitfield_field32_write(reg, ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_FIELD, config->route_to_firmware); diff --git a/sw/device/lib/dif/dif_entropy_src.c b/sw/device/lib/dif/dif_entropy_src.c index bdaf2268010ce6..20b9c308f941a8 100644 --- a/sw/device/lib/dif/dif_entropy_src.c +++ b/sw/device/lib/dif/dif_entropy_src.c @@ -80,6 +80,11 @@ dif_result_t dif_entropy_src_configure(const dif_entropy_src_t *entropy_src, 0, ENTROPY_SRC_CONF_FIPS_ENABLE_FIELD, config.fips_enable ? kMultiBitBool4True : kMultiBitBool4False); + // Configure FIPS flag. + entropy_conf_reg = bitfield_field32_write( + entropy_conf_reg, ENTROPY_SRC_CONF_FIPS_FLAG_FIELD, + config.fips_flag ? kMultiBitBool4True : kMultiBitBool4False); + // Configure entropy data register enable (enables firmware to read entropy). entropy_conf_reg = bitfield_field32_write( entropy_conf_reg, ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_FIELD, diff --git a/sw/device/lib/dif/dif_entropy_src.h b/sw/device/lib/dif/dif_entropy_src.h index 161837381596a5..9ce6a7f171634f 100644 --- a/sw/device/lib/dif/dif_entropy_src.h +++ b/sw/device/lib/dif/dif_entropy_src.h @@ -112,6 +112,12 @@ typedef struct dif_entropy_src_config { * responsible for implementing the conditioning function. */ bool fips_enable; + /** + * If set, the noise source is instructed to produce high quality entropy. + * Furthermore, the produced output entropy is marked as FIPS compliant through + * the FIPS bit being set to high. + */ + bool fips_flag; /** * If set, entropy will be routed to a firmware-visible register instead of * being distributed to other hardware IPs. @@ -430,6 +436,11 @@ typedef enum dif_entropy_src_alert_cause { * without waiting for the bypass packer FIFO to clear. */ kDifEntropySrcAlertFirmwareOverrideDisable = 1U << 16, + /** + * Triggered when the FIPS_FLAG field in the CONF register is set to an + * unsupported value. + */ + kDifEntropySrcAlertFipsFlagField = 1U << 17, /** * All alert reasons. * diff --git a/sw/device/lib/dif/dif_entropy_src_unittest.cc b/sw/device/lib/dif/dif_entropy_src_unittest.cc index 5f42418fd45cb8..00210ada42c528 100644 --- a/sw/device/lib/dif/dif_entropy_src_unittest.cc +++ b/sw/device/lib/dif/dif_entropy_src_unittest.cc @@ -25,6 +25,7 @@ class ConfigTest : public EntropySrcTest { protected: dif_entropy_src_config_t config_ = { .fips_enable = false, + .fips_flag = true, .route_to_firmware = false, .bypass_conditioner = false, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, @@ -56,6 +57,7 @@ TEST_F(ConfigTest, Locked) { struct ConfigParams { bool fips_enable; + bool fips_flag; bool route_to_firmware; bool bypass_conditioner; dif_entropy_src_single_bit_mode_t single_bit_mode; @@ -71,6 +73,7 @@ class ConfigTestAllParams : public ConfigTest, TEST_P(ConfigTestAllParams, ValidConfigurationMode) { const ConfigParams &test_param = GetParam(); config_.fips_enable = test_param.fips_enable; + config_.fips_flag = test_param.fips_flag; config_.route_to_firmware = test_param.route_to_firmware; config_.bypass_conditioner = test_param.bypass_conditioner; config_.single_bit_mode = test_param.single_bit_mode; @@ -94,6 +97,8 @@ TEST_P(ConfigTestAllParams, ValidConfigurationMode) { multi_bit_bool_t fips_enable_mubi = test_param.fips_enable ? kMultiBitBool4True : kMultiBitBool4False; + multi_bit_bool_t fips_flag_mubi = + test_param.fips_flag ? kMultiBitBool4True : kMultiBitBool4False; multi_bit_bool_t threshold_scope_mubi = test_param.health_test_threshold_scope ? kMultiBitBool4True : kMultiBitBool4False; @@ -112,6 +117,7 @@ TEST_P(ConfigTestAllParams, ValidConfigurationMode) { {ENTROPY_SRC_CONF_FIPS_ENABLE_OFFSET, fips_enable_mubi}, {ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_OFFSET, route_to_firmware_mubi}, + {ENTROPY_SRC_CONF_FIPS_FLAG_OFFSET, fips_flag_mubi}, {ENTROPY_SRC_CONF_THRESHOLD_SCOPE_OFFSET, threshold_scope_mubi}, {ENTROPY_SRC_CONF_RNG_BIT_ENABLE_OFFSET, rng_bit_enable_mubi}, {ENTROPY_SRC_CONF_RNG_BIT_SEL_OFFSET, rng_bit_sel}, diff --git a/sw/device/lib/testing/entropy_testutils.c b/sw/device/lib/testing/entropy_testutils.c index fa25f0e137ee8f..600ed9d3798d1c 100644 --- a/sw/device/lib/testing/entropy_testutils.c +++ b/sw/device/lib/testing/entropy_testutils.c @@ -23,6 +23,7 @@ static status_t setup_entropy_src(const dif_entropy_src_t *entropy_src) { dif_entropy_src_config_t entropy_testutils_config_default(void) { return (dif_entropy_src_config_t){ .fips_enable = true, + .fips_flag = true, .route_to_firmware = false, .bypass_conditioner = false, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, @@ -170,6 +171,7 @@ status_t entropy_testutils_fw_override_enable(dif_entropy_src_t *entropy_src, const dif_entropy_src_config_t config = { .fips_enable = true, + .fips_flag = true, .route_to_firmware = route_to_firmware, .bypass_conditioner = bypass_conditioner, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, diff --git a/sw/device/lib/testing/test_rom/test_rom_start.S b/sw/device/lib/testing/test_rom/test_rom_start.S index 7612a4cb74a8e2..701d123728e51d 100644 --- a/sw/device/lib/testing/test_rom/test_rom_start.S +++ b/sw/device/lib/testing/test_rom/test_rom_start.S @@ -185,6 +185,7 @@ _start: // to prevent the release of FIPS entropy until all the thresholds are set li t0, (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_ENABLE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_OFFSET) | \ + (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_FLAG_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_THRESHOLD_SCOPE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_RNG_BIT_ENABLE_OFFSET) sw t0, ENTROPY_SRC_CONF_REG_OFFSET(a0) diff --git a/sw/device/silicon_creator/manuf/lib/sram_start.S b/sw/device/silicon_creator/manuf/lib/sram_start.S index 74c641378efc75..965ab124fa333c 100644 --- a/sw/device/silicon_creator/manuf/lib/sram_start.S +++ b/sw/device/silicon_creator/manuf/lib/sram_start.S @@ -156,6 +156,7 @@ sram_start: li a0, TOP_EARLGREY_ENTROPY_SRC_BASE_ADDR li t0, (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_ENABLE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_OFFSET) | \ + (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_FLAG_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_THRESHOLD_SCOPE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_RNG_BIT_ENABLE_OFFSET) sw t0, ENTROPY_SRC_CONF_REG_OFFSET(a0) diff --git a/sw/device/silicon_creator/manuf/lib/sram_start_no_ast_init.S b/sw/device/silicon_creator/manuf/lib/sram_start_no_ast_init.S index d75887113780dd..fb8769b1e7da75 100644 --- a/sw/device/silicon_creator/manuf/lib/sram_start_no_ast_init.S +++ b/sw/device/silicon_creator/manuf/lib/sram_start_no_ast_init.S @@ -156,6 +156,7 @@ sram_start: li a0, TOP_EARLGREY_ENTROPY_SRC_BASE_ADDR li t0, (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_ENABLE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_OFFSET) | \ + (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_FLAG_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_THRESHOLD_SCOPE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_RNG_BIT_ENABLE_OFFSET) sw t0, ENTROPY_SRC_CONF_REG_OFFSET(a0) diff --git a/sw/device/silicon_creator/rom/rom_start.S b/sw/device/silicon_creator/rom/rom_start.S index 17fe3ec469c3db..09d77b53748d3e 100644 --- a/sw/device/silicon_creator/rom/rom_start.S +++ b/sw/device/silicon_creator/rom/rom_start.S @@ -369,6 +369,7 @@ LABEL_FOR_TEST(kRomStartWatchdogEnabled) // to prevent the release of FIPS entropy until all the thresholds are set li t0, (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_ENABLE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_ENTROPY_DATA_REG_ENABLE_OFFSET) | \ + (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_FIPS_FLAG_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_THRESHOLD_SCOPE_OFFSET) | \ (MULTIBIT_ASM_BOOL4_FALSE << ENTROPY_SRC_CONF_RNG_BIT_ENABLE_OFFSET) sw t0, ENTROPY_SRC_CONF_REG_OFFSET(a0) diff --git a/sw/device/tests/edn_boot_mode.c b/sw/device/tests/edn_boot_mode.c index 110dcb4714087b..3a6f543fba33d1 100644 --- a/sw/device/tests/edn_boot_mode.c +++ b/sw/device/tests/edn_boot_mode.c @@ -35,6 +35,7 @@ static dif_rv_core_ibex_t rv_core_ibex; dif_entropy_src_config_t entropy_src_config = { .fips_enable = false, + .fips_flag = true, .route_to_firmware = false, .bypass_conditioner = false, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, @@ -90,6 +91,7 @@ static status_t entropy_config(unsigned int round) { // Re-enable ENTROPY_SRC in FIPS mode. CHECK_DIF_OK(dif_entropy_src_stop(&entropy_src)); entropy_src_config.fips_enable = true; + entropy_src_config.fips_flag = false; CHECK_DIF_OK(dif_entropy_src_configure(&entropy_src, entropy_src_config, kDifToggleEnabled)); // Enable EDN0 in auto request mode. @@ -104,6 +106,7 @@ static status_t entropy_config(unsigned int round) { // Re-enable ENTROPY_SRC in Non-FIPS mode. CHECK_DIF_OK(dif_entropy_src_stop(&entropy_src)); entropy_src_config.fips_enable = false; + entropy_src_config.fips_flag = true; CHECK_DIF_OK(dif_entropy_src_configure(&entropy_src, entropy_src_config, kDifToggleEnabled)); // Enable EDN0 in boot-time request mode. diff --git a/sw/device/tests/entropy_src_ast_rng_req_test.c b/sw/device/tests/entropy_src_ast_rng_req_test.c index f9ddc78f5e3ace..58aaaf4e774b6c 100644 --- a/sw/device/tests/entropy_src_ast_rng_req_test.c +++ b/sw/device/tests/entropy_src_ast_rng_req_test.c @@ -45,6 +45,7 @@ bool test_main(void) { // Program the entropy src in normal RNG mode. const dif_entropy_src_config_t config = { .fips_enable = true, + .fips_flag = true, // Route the entropy data received from RNG to the FIFO. .route_to_firmware = true, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, diff --git a/sw/device/tests/entropy_src_smoketest.c b/sw/device/tests/entropy_src_smoketest.c index aa79159b93cfaf..a8ab9e6ad9d8cf 100644 --- a/sw/device/tests/entropy_src_smoketest.c +++ b/sw/device/tests/entropy_src_smoketest.c @@ -28,6 +28,7 @@ bool test_main(void) { // Setup fips grade entropy that can be read by firmware const dif_entropy_src_config_t config = { .fips_enable = true, + .fips_flag = true, .route_to_firmware = true, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, .health_test_threshold_scope = false, /*default*/ diff --git a/sw/device/tests/power_virus_systemtest.c b/sw/device/tests/power_virus_systemtest.c index 4a32b22bdfd4e2..1c54e026b3e983 100644 --- a/sw/device/tests/power_virus_systemtest.c +++ b/sw/device/tests/power_virus_systemtest.c @@ -762,6 +762,7 @@ static void configure_entropy_complex(void) { &entropy_src, (dif_entropy_src_config_t){ .fips_enable = true, + .fips_flag = true, .route_to_firmware = false, .bypass_conditioner = false, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, diff --git a/sw/device/tests/sim_dv/ast_clk_rst_inputs.c b/sw/device/tests/sim_dv/ast_clk_rst_inputs.c index 6c9b3d1dbf6a92..b240a473d81d0c 100644 --- a/sw/device/tests/sim_dv/ast_clk_rst_inputs.c +++ b/sw/device/tests/sim_dv/ast_clk_rst_inputs.c @@ -518,6 +518,7 @@ bool test_main(void) { const dif_entropy_src_config_t entropy_src_config = { .fips_enable = true, + .fips_flag = true, // Route the entropy data received from RNG to the FIFO. .route_to_firmware = true, .single_bit_mode = kDifEntropySrcSingleBitModeDisabled, diff --git a/sw/host/tests/rom/e2e_chip_specific_startup/src/main.rs b/sw/host/tests/rom/e2e_chip_specific_startup/src/main.rs index ad519e7e729a1d..9ccbbd860e9978 100644 --- a/sw/host/tests/rom/e2e_chip_specific_startup/src/main.rs +++ b/sw/host/tests/rom/e2e_chip_specific_startup/src/main.rs @@ -76,12 +76,14 @@ fn check_jitter(opts: &Opts, cs: &ChipStartup) -> Result<()> { fn check_entropy_config(_opts: &Opts, cs: &ChipStartup) -> Result<()> { let fips_enable = MultiBitBool4::try_from(cs.entropy.entropy_src & 0x0000_000F)?; + let fips_flag = MultiBitBool4::try_from(cs.entropy.entropy_src & 0x0000_0F00)?; let csrng_enable = MultiBitBool4::try_from(cs.entropy.csrng & 0x0000_000F)?; let edn_enable = MultiBitBool4::try_from(cs.entropy.edn & 0x0000_000F)?; let edn_boot_mode = MultiBitBool4::try_from((cs.entropy.edn >> 4) & 0x0000_000F)?; // No FIPS entropy for bootup. assert_eq!(fips_enable, MultiBitBool4::False); + assert_eq!(fips_flag, MultiBitBool4::False); // CSRNG should be enabled. assert_eq!(csrng_enable, MultiBitBool4::True); // EDN should be enabled and in boot mode.