[otp_ctrl] Initialize noce/key regs with RndCnst instead of all-zero Signed-off-by: Michael Schaffner <msf@opentitan.org>
diff --git a/hw/ip/otp_ctrl/data/otp_ctrl.hjson b/hw/ip/otp_ctrl/data/otp_ctrl.hjson index 9fe4783..16dac1f 100644 --- a/hw/ip/otp_ctrl/data/otp_ctrl.hjson +++ b/hw/ip/otp_ctrl/data/otp_ctrl.hjson
@@ -78,6 +78,12 @@ randcount: "40", randtype: "perm", // random permutation for randcount elements } + { name: "RndCnstScrmblKeyInit", + desc: "Compile-time random permutation for scrambling key/nonce register reset value", + type: "otp_ctrl_pkg::scrmbl_key_init_t" + randcount: "256", + randtype: "data", // random permutation for randcount elements + } // Normal parameters { name: "NumSramKeyReqSlots", desc: "Number of key slots",
diff --git a/hw/ip/otp_ctrl/data/otp_ctrl.hjson.tpl b/hw/ip/otp_ctrl/data/otp_ctrl.hjson.tpl index d20cd95..5586fe7 100644 --- a/hw/ip/otp_ctrl/data/otp_ctrl.hjson.tpl +++ b/hw/ip/otp_ctrl/data/otp_ctrl.hjson.tpl
@@ -91,6 +91,12 @@ randcount: "40", randtype: "perm", // random permutation for randcount elements } + { name: "RndCnstScrmblKeyInit", + desc: "Compile-time random permutation for scrambling key/nonce register reset value", + type: "otp_ctrl_pkg::scrmbl_key_init_t" + randcount: "256", + randtype: "data", // random permutation for randcount elements + } // Normal parameters { name: "NumSramKeyReqSlots", desc: "Number of key slots",
diff --git a/hw/ip/otp_ctrl/rtl/otp_ctrl.sv b/hw/ip/otp_ctrl/rtl/otp_ctrl.sv index bd92aea..9f6cf8d 100644 --- a/hw/ip/otp_ctrl/rtl/otp_ctrl.sv +++ b/hw/ip/otp_ctrl/rtl/otp_ctrl.sv
@@ -17,6 +17,7 @@ // Compile time random constants, to be overriden by topgen. parameter lfsr_seed_t RndCnstLfsrSeed = RndCnstLfsrSeedDefault, parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault, + parameter scrmbl_key_init_t RndCnstScrmblKeyInit = RndCnstScrmblKeyInitDefault, // Hexfile file to initialize the OTP macro. // Note that the hexdump needs to account for ECC. parameter MemInitFile = "" @@ -1020,7 +1021,9 @@ logic [SramKeySeedWidth-1:0] sram_data_key_seed; logic [FlashKeySeedWidth-1:0] flash_data_key_seed, flash_addr_key_seed; - otp_ctrl_kdi u_otp_ctrl_kdi ( + otp_ctrl_kdi #( + .RndCnstScrmblKeyInit(RndCnstScrmblKeyInit) + ) u_otp_ctrl_kdi ( .clk_i, .rst_ni, .kdi_en_i ( pwr_otp_o.otp_done ),
diff --git a/hw/ip/otp_ctrl/rtl/otp_ctrl_kdi.sv b/hw/ip/otp_ctrl/rtl/otp_ctrl_kdi.sv index 03b5520..2917767 100644 --- a/hw/ip/otp_ctrl/rtl/otp_ctrl_kdi.sv +++ b/hw/ip/otp_ctrl/rtl/otp_ctrl_kdi.sv
@@ -11,7 +11,9 @@ import otp_ctrl_pkg::*; import otp_ctrl_reg_pkg::*; import otp_ctrl_part_pkg::*; -( +#( + parameter scrmbl_key_init_t RndCnstScrmblKeyInit = RndCnstScrmblKeyInitDefault +) ( input clk_i, input rst_ni, // Pulse to enable this module after OTP partitions have @@ -71,15 +73,8 @@ // Make sure EDN interface has compatible width. `ASSERT_INIT(EntropyWidthDividesDigestBlockWidth_A, (ScrmblKeyWidth % EdnDataWidth) == 0) - localparam int OtbnNonceSel = OtbnNonceWidth / ScrmblBlockWidth; - localparam int FlashNonceSel = FlashKeyWidth / ScrmblBlockWidth; - localparam int SramNonceSel = SramNonceWidth / ScrmblBlockWidth; - - // Get maximum nonce width - localparam int NumNonceChunks = - (OtbnNonceWidth > FlashKeyWidth) ? - ((OtbnNonceWidth > SramNonceSel) ? OtbnNonceWidth : SramNonceSel) : - ((FlashKeyWidth > SramNonceSel) ? FlashKeyWidth : SramNonceSel); + // Currently the assumption is that the SRAM nonce is the widest. + `ASSERT_INIT(NonceWidth_A, NumNonceChunks * ScrmblBlockWidth == SramNonceWidth) /////////////////////////////////// // Input Mapping and Arbitration // @@ -276,7 +271,7 @@ // Connect keys/nonce outputs to output regs. prim_sec_anchor_flop #( .Width(ScrmblKeyWidth), - .ResetValue('0) + .ResetValue(RndCnstScrmblKeyInit.key) ) u_key_out_anchor ( .clk_i, .rst_ni, @@ -588,7 +583,7 @@ always_ff @(posedge clk_i or negedge rst_ni) begin : p_regs if (!rst_ni) begin - nonce_out_q <= '0; + nonce_out_q <= RndCnstScrmblKeyInit.nonce; seed_valid_q <= 1'b0; edn_req_q <= 1'b0; end else begin
diff --git a/hw/ip/otp_ctrl/rtl/otp_ctrl_pkg.sv b/hw/ip/otp_ctrl/rtl/otp_ctrl_pkg.sv index fb4611d..5359890 100644 --- a/hw/ip/otp_ctrl/rtl/otp_ctrl_pkg.sv +++ b/hw/ip/otp_ctrl/rtl/otp_ctrl_pkg.sv
@@ -191,6 +191,16 @@ typedef logic [OtbnKeyWidth-1:0] otbn_key_t; typedef logic [OtbnNonceWidth-1:0] otbn_nonce_t; + localparam int OtbnNonceSel = OtbnNonceWidth / ScrmblBlockWidth; + localparam int FlashNonceSel = FlashKeyWidth / ScrmblBlockWidth; + localparam int SramNonceSel = SramNonceWidth / ScrmblBlockWidth; + + // Get maximum nonce width + localparam int NumNonceChunks = + (OtbnNonceWidth > FlashKeyWidth) ? + ((OtbnNonceWidth > SramNonceSel) ? OtbnNonceSel : SramNonceSel) : + ((FlashKeyWidth > SramNonceSel) ? FlashNonceSel : SramNonceSel); + typedef struct packed { logic valid; logic [KeyMgrKeyWidth-1:0] key_share0; @@ -297,4 +307,11 @@ localparam lfsr_perm_t RndCnstLfsrPermDefault = 240'h4235171482c225f79289b32181a0163a760355d3447063d16661e44c12a5; + typedef struct packed { + sram_key_t key; + sram_nonce_t nonce; + } scrmbl_key_init_t; + localparam scrmbl_key_init_t RndCnstScrmblKeyInitDefault = + 256'hcebeb96ffe0eced795f8b2cfe23c1e519e4fa08047a6bcfb811b04f0a479006e; + endpackage : otp_ctrl_pkg
diff --git a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson index f3099c3..43c5cad 100644 --- a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson +++ b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson
@@ -1446,6 +1446,16 @@ default: 0x5d294061e29a7c404f4593035a19097666e37072064153623855022d39e0 randwidth: 240 } + { + name: RndCnstScrmblKeyInit + desc: Compile-time random permutation for scrambling key/nonce register reset value + type: otp_ctrl_pkg::scrmbl_key_init_t + randcount: 256 + randtype: data + name_top: RndCnstOtpCtrlScrmblKeyInit + default: 0x6faf88f22bccd612d1c09f5c02b2c8d1fdb92558e2d9c5d24440722325a93144 + randwidth: 256 + } ] inter_signal_list: [ @@ -1788,7 +1798,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivInvalid - default: 0xfdb92558e2d9c5d24440722325a93144 + default: 0x79ee911ce801484ba8373086f9dd4eee randwidth: 128 } { @@ -1798,7 +1808,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivTestDevRma - default: 0x6faf88f22bccd612d1c09f5c02b2c8d1 + default: 0x3a0b091dc41d062dd10ca2d7b93136f randwidth: 128 } { @@ -1808,7 +1818,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivProduction - default: 0x79ee911ce801484ba8373086f9dd4eee + default: 0xee2a465fd4dabcbd877afb6bcfeed7e randwidth: 128 } { @@ -1818,7 +1828,7 @@ randcount: 1024 randtype: data name_top: RndCnstLcCtrlInvalidTokens - default: 0xe0f7489a309cbe57b77f07ff3d7297200d5ab25561af49c696466a983e5346826a43628219e5a91389b9fe0d3b818e46ce7d846469a3b8e35a6bd38295bd2fb366b3d62126c75eeaeb93d32f5cbc77463c91917516d51a2fa4400adc2669e2530ee2a465fd4dabcbd877afb6bcfeed7e03a0b091dc41d062dd10ca2d7b93136f + default: 0x699679edd5369f11b49bac9198bd1ff344c5da2242d290bede094ca8f1435f85e0f7489a309cbe57b77f07ff3d7297200d5ab25561af49c696466a983e5346826a43628219e5a91389b9fe0d3b818e46ce7d846469a3b8e35a6bd38295bd2fb366b3d62126c75eeaeb93d32f5cbc77463c91917516d51a2fa4400adc2669e253 randwidth: 1024 } ] @@ -2278,7 +2288,7 @@ randcount: 32 randtype: data name_top: RndCnstAlertHandlerLfsrSeed - default: 0xf1435f85 + default: 0xe10023ec randwidth: 32 } { @@ -2288,7 +2298,7 @@ randcount: 32 randtype: perm name_top: RndCnstAlertHandlerLfsrPerm - default: 0x8a9e933b2126cbfc2e87af8121b39db89bab4d10 + default: 0x74449a374b5678ffc0a1c18fb47bb50486cb4ee4 randwidth: 160 } ] @@ -4191,7 +4201,7 @@ randcount: 128 randtype: data name_top: RndCnstSramCtrlRetAonSramKey - default: 0x3af5fa0aaf8c6a6b90f868a3f2590e4a + default: 0x3635d1f47c8f05affc85f7d889ecd94b randwidth: 128 } { @@ -4201,7 +4211,7 @@ randcount: 128 randtype: data name_top: RndCnstSramCtrlRetAonSramNonce - default: 0x67eb674bbdf38d62d362249384b1a5a6 + default: 0xc87b69111a24d5e4442bcfb7032949cc randwidth: 128 } { @@ -4211,7 +4221,7 @@ randcount: 32 randtype: data name_top: RndCnstSramCtrlRetAonLfsrSeed - default: 0x89ecd94b + default: 0x48bae844 randwidth: 32 } { @@ -4221,7 +4231,7 @@ randcount: 32 randtype: perm name_top: RndCnstSramCtrlRetAonLfsrPerm - default: 0x3d96ced1f5b89d2e422a2b71b9fb440a723400df + default: 0x46b0e5d9f9e80fcf3212fc76a2b6a11d2f332482 randwidth: 160 } { @@ -4398,7 +4408,7 @@ randcount: 128 randtype: data name_top: RndCnstFlashCtrlAddrKey - default: 0x8440934dcb834f93689fe9e88ebd5340 + default: 0xaf06b42350bb6b68440934dcb834f93 randwidth: 128 } { @@ -4408,7 +4418,7 @@ randcount: 128 randtype: data name_top: RndCnstFlashCtrlDataKey - default: 0x192aadbb7c918acb0af06b42350bb6b6 + default: 0xed204633871cb178192aadbb7c918acb randwidth: 128 } { @@ -4418,7 +4428,7 @@ randcount: 32 randtype: data name_top: RndCnstFlashCtrlLfsrSeed - default: 0x871cb178 + default: 0x33a4ac96 randwidth: 32 } { @@ -4428,7 +4438,7 @@ randcount: 32 randtype: perm name_top: RndCnstFlashCtrlLfsrPerm - default: 0x3580d1897f7cb7dc51419f8b7d5630e65c441d2c + default: 0x3480d1896c7ff9ed5941bd125c6eb18772e220f3 randwidth: 160 } ]
diff --git a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv index d9640f7..58a33fc 100644 --- a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv +++ b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv
@@ -1440,7 +1440,8 @@ .AlertAsyncOn(alert_handler_reg_pkg::AsyncOn[14:12]), .MemInitFile(OtpCtrlMemInitFile), .RndCnstLfsrSeed(RndCnstOtpCtrlLfsrSeed), - .RndCnstLfsrPerm(RndCnstOtpCtrlLfsrPerm) + .RndCnstLfsrPerm(RndCnstOtpCtrlLfsrPerm), + .RndCnstScrmblKeyInit(RndCnstOtpCtrlScrmblKeyInit) ) u_otp_ctrl ( // Output
diff --git a/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv b/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv index 113c530..2df148c 100644 --- a/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv +++ b/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv
@@ -25,30 +25,35 @@ 240'h5D294061E29A7C404F4593035A19097666E37072064153623855022D39E0 }; + // Compile-time random permutation for scrambling key/nonce register reset value + parameter otp_ctrl_pkg::scrmbl_key_init_t RndCnstOtpCtrlScrmblKeyInit = { + 256'h6FAF88F22BCCD612D1C09F5C02B2C8D1FDB92558E2D9C5D24440722325A93144 + }; + //////////////////////////////////////////// // lc_ctrl //////////////////////////////////////////// // Compile-time random bits for lc state group diversification value parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivInvalid = { - 128'hFDB92558E2D9C5D24440722325A93144 + 128'h79EE911CE801484BA8373086F9DD4EEE }; // Compile-time random bits for lc state group diversification value parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivTestDevRma = { - 128'h6FAF88F22BCCD612D1C09F5C02B2C8D1 + 128'h03A0B091DC41D062DD10CA2D7B93136F }; // Compile-time random bits for lc state group diversification value parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivProduction = { - 128'h79EE911CE801484BA8373086F9DD4EEE + 128'h0EE2A465FD4DABCBD877AFB6BCFEED7E }; // Compile-time random bits used for invalid tokens in the token mux parameter lc_ctrl_pkg::lc_token_mux_t RndCnstLcCtrlInvalidTokens = { + 256'h699679EDD5369F11B49BAC9198BD1FF344C5DA2242D290BEDE094CA8F1435F85, 256'hE0F7489A309CBE57B77F07FF3D7297200D5AB25561AF49C696466A983E534682, 256'h6A43628219E5A91389B9FE0D3B818E46CE7D846469A3B8E35A6BD38295BD2FB3, - 256'h66B3D62126C75EEAEB93D32F5CBC77463C91917516D51A2FA4400ADC2669E253, - 256'h0EE2A465FD4DABCBD877AFB6BCFEED7E03A0B091DC41D062DD10CA2D7B93136F + 256'h66B3D62126C75EEAEB93D32F5CBC77463C91917516D51A2FA4400ADC2669E253 }; //////////////////////////////////////////// @@ -56,12 +61,12 @@ //////////////////////////////////////////// // Compile-time random bits for initial LFSR seed parameter alert_pkg::lfsr_seed_t RndCnstAlertHandlerLfsrSeed = { - 32'hF1435F85 + 32'hE10023EC }; // Compile-time random permutation for LFSR output parameter alert_pkg::lfsr_perm_t RndCnstAlertHandlerLfsrPerm = { - 160'h8A9E933B2126CBFC2E87AF8121B39DB89BAB4D10 + 160'h74449A374B5678FFC0A1C18FB47BB50486CB4EE4 }; //////////////////////////////////////////// @@ -69,22 +74,22 @@ //////////////////////////////////////////// // Compile-time random reset value for SRAM scrambling key. parameter otp_ctrl_pkg::sram_key_t RndCnstSramCtrlRetAonSramKey = { - 128'h3AF5FA0AAF8C6A6B90F868A3F2590E4A + 128'h3635D1F47C8F05AFFC85F7D889ECD94B }; // Compile-time random reset value for SRAM scrambling nonce. parameter otp_ctrl_pkg::sram_nonce_t RndCnstSramCtrlRetAonSramNonce = { - 128'h67EB674BBDF38D62D362249384B1A5A6 + 128'hC87B69111A24D5E4442BCFB7032949CC }; // Compile-time random bits for initial LFSR seed parameter sram_ctrl_pkg::lfsr_seed_t RndCnstSramCtrlRetAonLfsrSeed = { - 32'h89ECD94B + 32'h48BAE844 }; // Compile-time random permutation for LFSR output parameter sram_ctrl_pkg::lfsr_perm_t RndCnstSramCtrlRetAonLfsrPerm = { - 160'h3D96CED1F5B89D2E422A2B71B9FB440A723400DF + 160'h46B0E5D9F9E80FCF3212FC76A2B6A11D2F332482 }; //////////////////////////////////////////// @@ -92,22 +97,22 @@ //////////////////////////////////////////// // Compile-time random bits for default address key parameter flash_ctrl_pkg::flash_key_t RndCnstFlashCtrlAddrKey = { - 128'h8440934DCB834F93689FE9E88EBD5340 + 128'h0AF06B42350BB6B68440934DCB834F93 }; // Compile-time random bits for default data key parameter flash_ctrl_pkg::flash_key_t RndCnstFlashCtrlDataKey = { - 128'h192AADBB7C918ACB0AF06B42350BB6B6 + 128'hED204633871CB178192AADBB7C918ACB }; // Compile-time random bits for initial LFSR seed parameter flash_ctrl_pkg::lfsr_seed_t RndCnstFlashCtrlLfsrSeed = { - 32'h871CB178 + 32'h33A4AC96 }; // Compile-time random permutation for LFSR output parameter flash_ctrl_pkg::lfsr_perm_t RndCnstFlashCtrlLfsrPerm = { - 160'h3580D1897F7CB7DC51419F8B7D5630E65C441D2C + 160'h3480D1896C7FF9ED5941BD125C6EB18772E220F3 }; ////////////////////////////////////////////