Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 474d74afd1bad8b3edec2bf7ee9635bdbddc92be
commit474d74afd1bad8b3edec2bf7ee9635bdbddc92be[log] [tgz]
authorMartin Lueker-Boden <martin.lueker-boden@wdc.com>Mon Aug 29 19:11:05 2022 -0700
committerMartin Lueker-Boden <47870387+martin-lueker@users.noreply.github.com>Wed Sep 07 15:19:56 2022 -0700
tree8b7ac215e0cb7ed052254e95075cc6e238158c04
parent779e8f1b895f14f2f12d2a2bdcb5fef39a418472 [diff]
[entropy_src/rtl] Provide backpressure on core FIFOs

The DV changes added in PR #14643 immediately revealed that there are
some gaps in the backpressure pipeline in the entropy_src core, and
that stalls from the cs_aes_halt_ack can cause entropy to be dropped
before it gets SHA conditioner, which could lead to poor entropy
outputs if enough entropy is dropped.

This PR corrects the problem by applying consistent backpressure
throughout the entropy_src data processing chain.  With a
long enough delay entropy can be stalled all the way back at the
RNG input. Even if the external RNG source does not support
backpressure, this is fine because entropy dropped at the is not
counted when calculating the number of inputs gathered to create
the output seeds.

Applying backpressure all the way back to the RNG input also helps
for verification, as the test environement does support backpressure
at this interface.

-----

This commit also manipulates the timing of the internal enable
signals, as the new backpressure changes introduce one timing wrinkle.
Since RNG bit-select mode introduces an additional packer fifo stage
this creates a one cycle delay that comes and goes whether the RNG
bit select fifo is enabled, which can cause dropped samples at
disable time, and these particular samples are difficult to handle in
verification.  Therefore the enable/disable signal for most of the core
is delayed by one additional clock cycle.

This delayed enable signal is only used by processing stages after the
RNG bit select FIFO (which is most of the core).  Inputs to the
bit-select and RNG input FIFOs use separate enable signals.

Signed-off-by: Martin Lueker-Boden <martin.lueker-boden@wdc.com>
Co-authored-by: Mark Branstad <mark.branstad@wdc.com>
1 file changed
tree: 8b7ac215e0cb7ed052254e95075cc6e238158c04
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. release/
  6. rules/
  7. site/
  8. sw/
  9. third_party/
  10. util/
  11. .bazelignore
  12. .bazelrc
  13. .bazelversion
  14. .clang-format
  15. .dockerignore
  16. .flake8
  17. .gitattributes
  18. .gitignore
  19. .style.yapf
  20. .svlint.toml
  21. .svls.toml
  22. _index.md
  23. apt-requirements.txt
  24. azure-pipelines.yml
  25. bazelisk.sh
  26. BUILD.bazel
  27. check_tool_requirements.core
  28. CLA
  29. COMMITTERS
  30. CONTRIBUTING.md
  31. LICENSE
  32. mypy.ini
  33. python-requirements.txt
  34. README.md
  35. tool_requirements.py
  36. topgen-reg-only.core
  37. topgen.core
  38. WORKSPACE
  39. yum-requirements.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at CONTRIBUTING and our documentation on project organization and processes for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).