Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 14a43120128f32494cdf6fd5cbed1e3de95186de
commit14a43120128f32494cdf6fd5cbed1e3de95186de[log] [tgz]
authorEunchan Kim <eunchan@google.com>Fri Oct 18 13:59:04 2019 -0700
committerEunchan Kim <eunchan@google.com>Tue Oct 22 22:43:09 2019 -0700
tree5acde58ad23b3b3da13c7739ee4464087d9fefef
parenta40dc027a989dca3e5d4f15bf03354a7e4dde45f [diff]
[hmac] Error Handling: Discard Msg if sha_en:=0

First version of HMAC silently discarded the incoming message if the
message FIFO was full. The reasone was the FIFO was connected to the
register interface, which doesn't have back-pressure mechanism. So, the
consequences of the behavior was the hash digest could be wrong if the
feeder sends the data faster than what HMAC can consume.

Livestream mode was introduced to address the issue above. With
`prim_packer` module and the window feature in reggen, now the message
FIFO is connected through TL-UL window port not the register interface
port. Window port is another TL-UL port that can back-pressure the
requester (yes it has ready signal now).

The consequences? Now the feeder (software or DMA later) can be stuck at
requesting new data until HMAC consumes previous data. It becomes
important that the HMAC IP now shouldn't hang, which has a chance to
create a hang condition to the entire SoC system.

One particular case was what @cindychip found in #523. She tried to send
a message into the HMAC message FIFO while HMAC is turned off, aka
sha_en := 0. This case, HMAC accepts the message and let the message
FIFO full and eventually back-pressuring the host.

As the host is back-pressured, it cannot clear the hang condition!
(maybe watchdog eventually can do) So, the design is changed to clear
this issue. Now HMAC discards the incoming message if HMAC is not
enabled.

One more step taken in this issue is to create `ERR_CODE` register. It
might be OK to create another interrupt line named as
`new_msg_sha_disabled` or something similar. It, however, could be
beneficial to combine any error message into one error message code and
let the software knows what was the reason after getting the alert/
interrupt. So, HMAC stores error code while generating the interrupt.

It also adds a logic to detect the condition of the software that sets
`hash_start` when `sha_en` is 0. This ensures the earliest catch of
wrong software behavior.

Next PR will also merge `fifo_full` interrupt into `hmac_err`.
3 files changed
tree: 5acde58ad23b3b3da13c7739ee4464087d9fefef
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. site/
  6. sw/
  7. test/
  8. util/
  9. .clang-format
  10. .gitignore
  11. .style.yapf
  12. azure-pipelines.yml
  13. CONTRIBUTING.md
  14. index.md
  15. LICENSE
  16. meson.build
  17. meson_init.sh
  18. meson_options.txt
  19. python-requirements.txt
  20. README.md
  21. sitemap.md
  22. toolchain.txt
README.md

OpenTitan

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can either access it online or build it locally by following the steps below.

  1. Ensure that you have the required Python modules installed (to be executed in the repository root):
$ sudo apt install python3 python3-pip
$ pip3 install --user -r python-requirements.txt
  1. Execute the build script:
$ ./util/build_docs.py --preview

This compiles the documentation into ./opentitan-docs and starts a local server, which allows you to access the documentation at http://127.0.0.1:5500.

How to contribute

Have a look at CONTRIBUTING.md for guidelines how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).