[entropy_src/security] countermeasure labels
Assets and countermeasure labels have been added.
Signed-off-by: Mark Branstad <mark.branstad@wdc.com>
diff --git a/hw/ip/entropy_src/data/entropy_src.hjson b/hw/ip/entropy_src/data/entropy_src.hjson
index f10a508..b4b7846 100644
--- a/hw/ip/entropy_src/data/entropy_src.hjson
+++ b/hw/ip/entropy_src/data/entropy_src.hjson
@@ -82,16 +82,25 @@
}
],
countermeasures: [
+ { name: "CONFIG.REGWEN"
+ desc: "Registers are protected from writes."
+ }
+ { name: "CONFIG.MUBI"
+ desc: "Registers have multi-bit encoded fields."
+ }
{ name: "FSM.SPARSE"
desc: "Sparse state machine implementation."
}
+ { name: "RNG.BKGN_CHK"
+ desc: "Random number generater is protected with continuous background health checks."
+ }
{ name: "CTR.REDUN"
desc: "Counter hardening for all health test counters."
}
- { name: "LOGIC.INTEGRITY"
+ { name: "ESFINAL_RDATA.BUS.INTEGRITY"
desc: "Comparison on successive bus values for the post-conditioned entropy seed bus."
}
- { name: "BUS.INTEGRITY"
+ { name: "TILE_LINK.BUS.INTEGRITY"
desc: "Tilelink end-to-end bus integrity scheme."
}
],
diff --git a/hw/ip/entropy_src/rtl/entropy_src.sv b/hw/ip/entropy_src/rtl/entropy_src.sv
index 66cceca..3056ce8 100644
--- a/hw/ip/entropy_src/rtl/entropy_src.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src.sv
@@ -116,6 +116,9 @@
logic [NumAlerts-1:0] intg_err_alert;
assign intg_err_alert[0] = 1'b0;
+ // SEC_CM: CONFIG.REGWEN
+ // SEC_CM: TILE_LINK.BUS.INTEGRITY
+
entropy_src_reg_top u_reg (
.clk_i,
.rst_ni,
diff --git a/hw/ip/entropy_src/rtl/entropy_src_ack_sm.sv b/hw/ip/entropy_src/rtl/entropy_src_ack_sm.sv
index 4bd3f41..3ab198e 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_ack_sm.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_ack_sm.sv
@@ -52,6 +52,7 @@
// This primitive is used to place a size-only constraint on the
// flops in order to prevent FSM state encoding optimizations.
+ // SEC_CM: FSM.SPARSE
prim_sparse_fsm_flop #(
.StateEnumT(state_e),
.Width(StateWidth),
diff --git a/hw/ip/entropy_src/rtl/entropy_src_adaptp_ht.sv b/hw/ip/entropy_src/rtl/entropy_src_adaptp_ht.sv
index 8392415..218bff1 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_adaptp_ht.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_adaptp_ht.sv
@@ -48,6 +48,7 @@
RegWidth'(entropy_bit_i[0]);
// cumulative ones counter
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(RegWidth),
.OutSelDnCnt(1'b0), // count up
diff --git a/hw/ip/entropy_src/rtl/entropy_src_bucket_ht.sv b/hw/ip/entropy_src/rtl/entropy_src_bucket_ht.sv
index 4b71cc9..7f94f8e 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_bucket_ht.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_bucket_ht.sv
@@ -50,6 +50,7 @@
// set the bin incrementer if the symbol matches that bin
assign bin_incr[i] = entropy_bit_vld_i && (entropy_bit_i == i);
// use the bin incrementer to increase the bin total count
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(RegWidth),
.OutSelDnCnt(1'b0), // count up
@@ -77,6 +78,7 @@
);
// Test event counter
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(RegWidth),
.OutSelDnCnt(1'b0), // count up
diff --git a/hw/ip/entropy_src/rtl/entropy_src_core.sv b/hw/ip/entropy_src/rtl/entropy_src_core.sv
index 6a9bf62..22d37dd 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_core.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_core.sv
@@ -446,6 +446,8 @@
import prim_mubi_pkg::mubi4_test_invalid;
// check for illegal enable field states, and set alert if detected
+
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_conf_en;
assign mubi_conf_en = mubi4_t'(reg2hw.conf.enable.q);
assign es_enable_pfe = mubi4_test_true_strict(mubi_conf_en);
@@ -453,6 +455,7 @@
assign hw2reg.recov_alert_sts.enable_field_alert.de = es_enable_pfa;
assign hw2reg.recov_alert_sts.enable_field_alert.d = es_enable_pfa;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_entropy_reg_en;
assign mubi_entropy_reg_en = mubi4_t'(reg2hw.conf.entropy_data_reg_enable.q);
assign entropy_data_reg_en_pfe = mubi4_test_true_strict(mubi_entropy_reg_en);
@@ -466,6 +469,7 @@
assign es_enable_rng = es_enable_q;
assign observe_fifo_thresh = reg2hw.observe_fifo_thresh.q;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_fw_ov_mode;
assign mubi_fw_ov_mode = mubi4_t'(reg2hw.fw_ov_control.fw_ov_mode.q);
assign fw_ov_mode_pfe = mubi4_test_true_strict(mubi_fw_ov_mode);
@@ -473,6 +477,7 @@
assign hw2reg.recov_alert_sts.fw_ov_mode_field_alert.de = fw_ov_mode_pfa;
assign hw2reg.recov_alert_sts.fw_ov_mode_field_alert.d = fw_ov_mode_pfa;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_fw_ov_entropy_insert;
assign mubi_fw_ov_entropy_insert = mubi4_t'(reg2hw.fw_ov_control.fw_ov_entropy_insert.q);
assign fw_ov_entropy_insert_pfe = mubi4_test_true_strict(mubi_fw_ov_entropy_insert);
@@ -711,6 +716,8 @@
// pack esrng bus into signal bit packer
+
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_rng_bit_en;
assign mubi_rng_bit_en = mubi4_t'(reg2hw.conf.rng_bit_enable.q);
assign rng_bit_enable_pfe = mubi4_test_true_strict(mubi_rng_bit_en);
@@ -770,6 +777,7 @@
assign markov_active = es_enable;
assign extht_active = es_enable;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_ht_clr;
assign mubi_ht_clr = mubi4_t'(reg2hw.conf.health_test_clr.q);
assign health_test_clr_pfe = mubi4_test_true_strict(mubi_ht_clr);
@@ -1146,6 +1154,7 @@
assign event_es_health_test_failed = es_main_sm_alert;
assign event_es_observe_fifo_ready = observe_fifo_thresh_met;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_es_route;
assign mubi_es_route = mubi4_t'(reg2hw.entropy_control.es_route.q);
assign es_route_pfe = mubi4_test_true_strict(mubi_es_route);
@@ -1153,6 +1162,7 @@
assign hw2reg.recov_alert_sts.es_route_field_alert.de = es_route_pfa;
assign hw2reg.recov_alert_sts.es_route_field_alert.d = es_route_pfa;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_es_type;
assign mubi_es_type = mubi4_t'(reg2hw.entropy_control.es_type.q);
assign es_type_pfe = mubi4_test_true_strict(mubi_es_type);
@@ -1160,6 +1170,7 @@
assign hw2reg.recov_alert_sts.es_type_field_alert.de = es_type_pfa;
assign hw2reg.recov_alert_sts.es_type_field_alert.d = es_type_pfa;
+ // SEC_CM: CONFIG.MUBI
mubi4_t mubi_boot_byp_dis;
assign mubi_boot_byp_dis = mubi4_t'(reg2hw.conf.boot_bypass_disable.q);
assign boot_bypass_disable_pfe = mubi4_test_true_strict(mubi_boot_byp_dis);
@@ -1187,6 +1198,7 @@
//--------------------------------------------
// Window counter
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(HalfRegWidth),
.OutSelDnCnt(1'b0), // count up
@@ -1219,6 +1231,7 @@
// repetitive count test
//--------------------------------------------
+ // SEC_CM: RNG.BKGN_CHK
entropy_src_repcnt_ht #(
.RegWidth(HalfRegWidth),
.RngBusWidth(RngBusWidth)
@@ -1280,6 +1293,7 @@
// repetitive count symbol test
//--------------------------------------------
+ // SEC_CM: RNG.BKGN_CHK
entropy_src_repcnts_ht #(
.RegWidth(HalfRegWidth),
.RngBusWidth(RngBusWidth)
@@ -1341,6 +1355,7 @@
// adaptive proportion test
//--------------------------------------------
+ // SEC_CM: RNG.BKGN_CHK
entropy_src_adaptp_ht #(
.RegWidth(HalfRegWidth),
.RngBusWidth(RngBusWidth)
@@ -1450,6 +1465,7 @@
// bucket test
//--------------------------------------------
+ // SEC_CM: RNG.BKGN_CHK
entropy_src_bucket_ht #(
.RegWidth(HalfRegWidth),
.RngBusWidth(RngBusWidth)
@@ -1513,6 +1529,7 @@
// Markov test
//--------------------------------------------
+ // SEC_CM: RNG.BKGN_CHK
entropy_src_markov_ht #(
.RegWidth(HalfRegWidth),
.RngBusWidth(RngBusWidth)
@@ -2224,6 +2241,8 @@
// an alert for sw to handle
//--------------------------------------------
+ // SEC_CM: ESFINAL_RDATA.BUS.INTEGRITY
+
// capture a copy of the entropy data
assign es_rdata_capt_vld = (sfifo_esfinal_pop && sfifo_esfinal_not_empty);
diff --git a/hw/ip/entropy_src/rtl/entropy_src_main_sm.sv b/hw/ip/entropy_src/rtl/entropy_src_main_sm.sv
index 7fda03e..1ba8016 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_main_sm.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_main_sm.sv
@@ -85,6 +85,8 @@
// This primitive is used to place a size-only constraint on the
// flops in order to prevent FSM state encoding optimizations.
+
+ // SEC_CM: FSM.SPARSE
prim_sparse_fsm_flop #(
.StateEnumT(state_e),
.Width(StateWidth),
diff --git a/hw/ip/entropy_src/rtl/entropy_src_repcnt_ht.sv b/hw/ip/entropy_src/rtl/entropy_src_repcnt_ht.sv
index e0fa383..d2ec1fd 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_repcnt_ht.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_repcnt_ht.sv
@@ -63,6 +63,7 @@
(prev_sample_q[sh] != entropy_bit_i[sh]);
// NIST B counter
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(RegWidth),
.OutSelDnCnt(1'b0), // count up
diff --git a/hw/ip/entropy_src/rtl/entropy_src_repcnts_ht.sv b/hw/ip/entropy_src/rtl/entropy_src_repcnts_ht.sv
index e904647..caa885e 100644
--- a/hw/ip/entropy_src/rtl/entropy_src_repcnts_ht.sv
+++ b/hw/ip/entropy_src/rtl/entropy_src_repcnts_ht.sv
@@ -59,6 +59,7 @@
(prev_sample_q != entropy_bit_i);
// NIST B counter
+ // SEC_CM: CTR.REDUN
prim_count #(
.Width(RegWidth),
.OutSelDnCnt(1'b0), // count up
