Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 1d6ca47cb9fa79201dbbbf4d4ffd303566d08bed
commit1d6ca47cb9fa79201dbbbf4d4ffd303566d08bed[log] [tgz]
authorPhilipp Wagner <phw@lowrisc.org>Thu Jul 22 16:41:11 2021 +0100
committerPhilipp Wagner <mail@philipp-wagner.com>Tue Jul 27 13:30:03 2021 +0100
treedb84d86aeadb8552e2938426aa289d59dd39813a
parent19aa501a9e30f1ce179ef4af343488fa88794e7c [diff]
[otbn] Clarify error behavior in specification

- Use consistent terminology: an error is when OTBN detects something
  went wrong. An alert is one of multiple actions as result of an error.
- Explicitly spell out what happens as result of a recoverable or fatal
  error.
- Give a bit more general context on errors, including a "over the
  thumb" guidance on when an error is recoverable, and when it is fatal.
- To avoid error nesting, specify that a secure wipe operation does not
  trigger any errors on its own.
- Specify that secure wipe operations triggered as part of the error
  handling scheme, or as part of a normal program termination, do not
  raise the done interrupt. Otherwise, we get two done interrupts for a
  normal program termination (one from the program, and one from the
  internal wipe), or a spurious done interrupt if a fatal alert was
  detected, but host software never started an operation (e.g. if a
  integrity violation is detected when reading the DMEM).
- Remove the big TODO note in the specification. Most of it is already
  covered implicitly in the text (e.g. program termination is following
  ECALL semantics, and we do an internal wipe, which clears the reg
  files). For the bus blocking topic we have an issue on file.
- Use "signaled" instead of "signalled" consistently, following American
  spelling.

Signed-off-by: Philipp Wagner <phw@lowrisc.org>
2 files changed
tree: db84d86aeadb8552e2938426aa289d59dd39813a
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. site/
  6. sw/
  7. test/
  8. util/
  9. .clang-format
  10. .dockerignore
  11. .flake8
  12. .gitignore
  13. .style.yapf
  14. .svlint.toml
  15. .svls.toml
  16. _index.md
  17. apt-requirements.txt
  18. azure-pipelines.yml
  19. check_tool_requirements.core
  20. CLA
  21. COMMITTERS
  22. CONTRIBUTING.md
  23. LICENSE
  24. meson.build
  25. meson_init.sh
  26. meson_options.txt
  27. python-requirements.txt
  28. README.md
  29. tool_requirements.py
  30. toolchain.txt
  31. topgen-generator.core
  32. topgen-reg-only.core
  33. topgen.core
  34. yum-requirements.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at CONTRIBUTING and our documentation on project organization and processes for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).