Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[aes] D2S Signoff #20994

Closed
msfschaffner opened this issue Jan 25, 2024 · 4 comments
Closed

[aes] D2S Signoff #20994

msfschaffner opened this issue Jan 25, 2024 · 4 comments

Comments

@msfschaffner
Copy link
Contributor

msfschaffner commented Jan 25, 2024

Description

Ensure D2S signoff criteria are fulfilled after focus area changes have landed.

@vogelpi
Copy link
Contributor

vogelpi commented Feb 22, 2024

Commits since Earlgrey-ES tapeout

$ git log Earlgrey-M2.5.2-RC0..HEAD --oneline hw/ip/lc_ctrl

fa5dc8a [pre_sca] Convert PROLEAD configuration files to Unix format
66472e2 [pre_syn] Include csrng_pkg.sv to re-enable Yosys synthesis
0891b2f [aes,pre_sca] Modify evaluation parameters for PROLEAD
b9afd40 [aes,rtl] Switch to Bivium-based masking PRNG implementation
0726a6d [alma, aes] Add README for the verification flow
7e76564 [aes, alma] Add verification script for AES S-box
82dc6dc [alma] Add yosys template for AES S-box flattening
8354636 [alma] Add patching tool for techlib
25f488d [aes,dv] Fix aes_ctrl_cg sample function declaration
61a237e [util/reggen] reverse order of substruct generation
de31bdf [reggen] Remove the devmode input
895c541 [aes, doc] Clarify availability of sideload, change cryptolib link
ac5a127 [aes, pre_sca] Enable masking evaluation of AES with PROLEAD
5be278b [aes, kmac, otbn] Perform final clean -purge step in Yosys synthesis
2d0887b [aes,SiVal] Add features of AES module
78abd88 [aes, doc] Fix broken links
1b16ca2 [reggen] Add mubi support SWAccess that sets/clears a reg
59f8142 [doc] Moved badges over to using hosted images
7688e71 [reggen] Add initial support for version and cip_id hjson fields
fbd888e Revert "[reggen] Add CIP_IDs and bump all major versions"
ba2ca76 [aes, doc] Mention option of implementing GCM with Ibex and bitmanip
9bc003c [aes, kmac] Replace term aggravate in SCA/FI context
4dc21fb [aes, pre_dv] Add very basic scratch Verilator testbench for cipher core
0ba10b3 [reggen] Add CIP_IDs and bump all major versions
5b12b34 [aes, dv] Enable aes_stress_all(_with_rand_reset) tests
69fa03a [aes, dv] Move end detection of last message from scoreboard to env
3dbbf0b [aes, dv] Rework tracking of good, corrupted, split and skipped messages
af95b78 [aes, dv] Encapsulate vseqs in fork/join_any and disable fork blocks
30aee10 [aes, dv] Add randomization constraints for aes_alert_reset_vseq
f1dcf7a [aes, dv] Reorder test list, add comments to explain grouping
2526b01 [aes, dv] Fix aes_manual_config_err_vseq
cb90c98 [aes, dv] Fix cfg_error_type constraint resolution for aes_message_item
e47df29 [misc] Use lc_tx_t testing functions at endpoints
6744fe2 [aes, dv] Switch from csr_update() to csr_wr() for set_regwen()
f2b781b [aes, dv] Move regwen testing into base sequence
9cb2a1c [aes, dv] Add alert_test testing to aes_alert_reset_test
9d0f701 [aes, dv] Increase manual operation percentage for config error test
89f58b3 [aes, dv] Simplify handling of different modes in process_tl_access()
b392590 [aes, dv] Enable configuration error testing with sideload keys
5255197 [aes, dv] Comment and fix usage of status_fsm() task inside send_msg()
bd45097 [aes, dv] Make sure aes_status_cg.cp_alert_recov is hit
be7bae1 [aes, dv] Always set PRNG reseed rate during setup_dut()

Issues closed since the Earlgrey-ES tapeout

DD (& DV)

DV

Doc

Community support requests

Misc

Currently open issues

DD (& DV)

DV

Misc

Summary

The only relevant RTL change in this block was #19091 where we replaced the LFSR-based PRNG
with an implementation based on the Bivium stream cipher primitive to prevent brute-forcing attacks on the PRNG state. The change itself is very isolated to the PRNG itself and all SCA experiments (including a newly set up simulation-based tool flow) have been repeated to ensure the change doesn't negatively impact the SCA hardening and the masking off feature still works as expected. The change is very well understood.

The block should still fulfill the D2S criteria.

@vogelpi vogelpi changed the title [aes] D2 Signoff [aes] D2S Signoff Feb 22, 2024
@vogelpi
Copy link
Contributor

vogelpi commented Feb 22, 2024

@msfschaffner and @andreaskurth , would you mind reviewing this please?

Since there was just the isolated PRNG change in the RTL, I didn't downgrade AES to D1/V1. Hence, there is no associated PR for the sign-off. Similarly, the changes are fully transparent to software meaning no version increment is needed.

@vogelpi
Copy link
Contributor

vogelpi commented Feb 22, 2024

FYI @johngt

@msfschaffner
Copy link
Contributor Author

Thanks for the analysis @vogelpi.
The analysis that we would have had to perform to go from D2 -> D2S has already been performed in this case, so leaving this at D2S sounds good from my side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants