[keymgr, rom_ctrl] Hook up rom digest data to keymgr
Signed-off-by: Timothy Chen <timothytim@google.com>
diff --git a/hw/ip/keymgr/data/keymgr.hjson b/hw/ip/keymgr/data/keymgr.hjson
index fe41388..22b372a 100644
--- a/hw/ip/keymgr/data/keymgr.hjson
+++ b/hw/ip/keymgr/data/keymgr.hjson
@@ -86,6 +86,12 @@
act: "rcv",
package: "lc_ctrl_pkg",
},
+ { struct: "keymgr_data"
+ type: "uni"
+ name: "rom_digest"
+ act: "rcv"
+ package: "rom_ctrl_pkg"
+ },
],
param_list: [
diff --git a/hw/ip/keymgr/dv/env/keymgr_if.sv b/hw/ip/keymgr/dv/env/keymgr_if.sv
index d5cfea5..2cdc7bd 100644
--- a/hw/ip/keymgr/dv/env/keymgr_if.sv
+++ b/hw/ip/keymgr/dv/env/keymgr_if.sv
@@ -12,6 +12,7 @@
otp_ctrl_part_pkg::otp_hw_cfg_t otp_hw_cfg;
otp_ctrl_pkg::otp_keymgr_key_t otp_key;
flash_ctrl_pkg::keymgr_flash_t flash;
+ rom_ctrl_pkg::keymgr_data_t rom_digest;
keymgr_pkg::hw_key_req_t kmac_key;
keymgr_pkg::hw_key_req_t hmac_key;
@@ -76,6 +77,8 @@
otp_hw_cfg.data.device_id = 'hF0F0;
otp_key = otp_ctrl_pkg::OTP_KEYMGR_KEY_DEFAULT;
flash = flash_ctrl_pkg::KEYMGR_FLASH_DEFAULT;
+ rom_digest.data = 256'hA20A046CF42E6EAC560A3F82BFA76285B5C1D4AEA7C915E49A32D1C89BE0F507;
+ rom_digest.valid = '1;
endtask
// reset local exp variables when reset is issued
@@ -107,6 +110,7 @@
bit [keymgr_pkg::DevIdWidth-1:0] local_otp_device_id;
otp_ctrl_pkg::otp_keymgr_key_t local_otp_key;
flash_ctrl_pkg::keymgr_flash_t local_flash;
+ rom_ctrl_pkg::keymgr_data_t local_rom_digest;
// async delay as these signals are from different clock domain
#($urandom_range(1000, 0) * 1ns);
@@ -128,6 +132,10 @@
!(local_flash.seeds[i] inside {0, '1});
}, , msg_id)
+ `DV_CHECK_STD_RANDOMIZE_WITH_FATAL(local_rom_digest,
+ local_rom_digest.valid == 1;
+ !(local_rom_digest.data inside {0, '1});, , msg_id)
+
// make HW input to be all 0s or 1s
repeat (num_invalid_input) begin
randcase
@@ -157,6 +165,7 @@
otp_hw_cfg.data.device_id = local_otp_device_id;
otp_key = local_otp_key;
flash = local_flash;
+ rom_digest = local_rom_digest;
endtask
// update kmac key for comparison during KDF
diff --git a/hw/ip/keymgr/dv/env/keymgr_scoreboard.sv b/hw/ip/keymgr/dv/env/keymgr_scoreboard.sv
index 3e8458c..a07295a 100644
--- a/hw/ip/keymgr/dv/env/keymgr_scoreboard.sv
+++ b/hw/ip/keymgr/dv/env/keymgr_scoreboard.sv
@@ -16,6 +16,7 @@
bit [keymgr_pkg::KeyWidth-1:0] HardwareRevisionSecret;
bit [keymgr_pkg::DevIdWidth-1:0] DeviceIdentifier;
bit [keymgr_pkg::HealthStateWidth-1:0] HealthMeasurement;
+ bit [keymgr_pkg::KeyWidth-1:0] RomDigest;
bit [keymgr_pkg::KeyWidth-1:0] DiversificationKey;
} adv_creator_data_t;
@@ -627,6 +628,10 @@
is_err = 1;
end
+ if (cfg.keymgr_vif.rom_digest.data inside {0, '1}) begin
+ is_err = 1;
+ end
+
if (cfg.keymgr_vif.otp_key.key_share0 inside {0, '1}) begin
is_err = 1;
end
@@ -686,15 +691,19 @@
act = {<<8{byte_data_q}};
exp.DiversificationKey = cfg.keymgr_vif.flash.seeds[flash_ctrl_pkg::CreatorSeedIdx];
+ exp.RomDigest = cfg.keymgr_vif.rom_digest.data;
exp.HealthMeasurement = cfg.keymgr_vif.keymgr_div;
exp.DeviceIdentifier = cfg.keymgr_vif.otp_hw_cfg.data.device_id;
exp.HardwareRevisionSecret = keymgr_pkg::RndCnstRevisionSeedDefault;
+
for (int i = 0; i < keymgr_reg_pkg::NumSwBindingReg; i++) begin
uvm_reg rg = ral.get_reg_by_name($sformatf("sw_binding_%0d", i));
exp.SoftwareBinding[i] = `gmv(rg);
end
+ // The order of the string creation must match the design
`CREATE_CMP_STR(DiversificationKey)
+ `CREATE_CMP_STR(RomDigest)
`CREATE_CMP_STR(HealthMeasurement)
`CREATE_CMP_STR(DeviceIdentifier)
`CREATE_CMP_STR(HardwareRevisionSecret)
diff --git a/hw/ip/keymgr/dv/tb.sv b/hw/ip/keymgr/dv/tb.sv
index 92e673c..5f9c61b 100644
--- a/hw/ip/keymgr/dv/tb.sv
+++ b/hw/ip/keymgr/dv/tb.sv
@@ -54,6 +54,7 @@
.lc_keymgr_div_i (keymgr_if.keymgr_div),
.otp_key_i (keymgr_if.otp_key),
.otp_hw_cfg_i (keymgr_if.otp_hw_cfg),
+ .rom_digest_i (keymgr_if.rom_digest),
.edn_o (edn_if.req),
.edn_i ({edn_if.ack, edn_if.d_data}),
.flash_i (keymgr_if.flash),
diff --git a/hw/ip/keymgr/keymgr.core b/hw/ip/keymgr/keymgr.core
index c9dac82..9f0a7a6 100644
--- a/hw/ip/keymgr/keymgr.core
+++ b/hw/ip/keymgr/keymgr.core
@@ -15,6 +15,7 @@
- lowrisc:prim:msb_extend
- lowrisc:ip:keymgr_pkg
- lowrisc:ip:kmac_pkg
+ - lowrisc:ip:rom_ctrl
files:
- rtl/keymgr_reg_top.sv
- rtl/keymgr_sideload_key_ctrl.sv
diff --git a/hw/ip/keymgr/rtl/keymgr.sv b/hw/ip/keymgr/rtl/keymgr.sv
index d0c79a3..d2a6c75 100644
--- a/hw/ip/keymgr/rtl/keymgr.sv
+++ b/hw/ip/keymgr/rtl/keymgr.sv
@@ -55,6 +55,9 @@
output edn_pkg::edn_req_t edn_o,
input edn_pkg::edn_rsp_t edn_i,
+ // connection to rom_ctrl
+ input rom_ctrl_pkg::keymgr_data_t rom_digest_i,
+
// interrupts and alerts
output logic intr_op_done_o,
input prim_alert_pkg::alert_rx_t [keymgr_reg_pkg::NumAlerts-1:0] alert_rx_i,
@@ -316,6 +319,7 @@
RndCnstRevisionSeed,
otp_hw_cfg_i.data.device_id,
lc_keymgr_div_i,
+ rom_digest_i.data,
creator_seed});
logic unused_otp_bits;
@@ -323,7 +327,8 @@
assign adv_dvalid[Creator] = creator_seed_vld &
devid_vld &
- health_state_vld;
+ health_state_vld &
+ rom_digest_i.valid;
// Advance to owner_intermediate_key
logic [KeyWidth-1:0] owner_seed;
diff --git a/hw/ip/keymgr/rtl/keymgr_pkg.sv b/hw/ip/keymgr/rtl/keymgr_pkg.sv
index d795f2e..4bf3760 100644
--- a/hw/ip/keymgr/rtl/keymgr_pkg.sv
+++ b/hw/ip/keymgr/rtl/keymgr_pkg.sv
@@ -69,7 +69,7 @@
// Width calculations
// These are the largest calculations in use across all stages
- parameter int AdvDataWidth = SwBindingWidth + 2*KeyWidth + DevIdWidth + HealthStateWidth;
+ parameter int AdvDataWidth = SwBindingWidth + 3*KeyWidth + DevIdWidth + HealthStateWidth;
parameter int IdDataWidth = KeyWidth;
// key version + salt + key ID + constant
parameter int GenDataWidth = 32 + SaltWidth + KeyWidth*2;
diff --git a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson
index bb543d3..15bda2e 100644
--- a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson
+++ b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson
@@ -4338,6 +4338,18 @@
index: -1
}
{
+ name: rom_digest
+ struct: keymgr_data
+ package: rom_ctrl_pkg
+ type: uni
+ act: rcv
+ width: 1
+ inst_name: keymgr
+ default: ""
+ top_signame: rom_ctrl_keymgr_data
+ index: -1
+ }
+ {
name: tl
struct: tl
package: tlul_pkg
@@ -5130,6 +5142,10 @@
act: req
width: 1
inst_name: rom_ctrl
+ default: ""
+ end_idx: -1
+ top_type: broadcast
+ top_signame: rom_ctrl_keymgr_data
index: -1
}
{
@@ -5736,6 +5752,10 @@
[
pwrmgr_aon.rom_ctrl
]
+ rom_ctrl.keymgr_data:
+ [
+ keymgr.rom_digest
+ ]
rv_core_ibex.crash_dump:
[
rstmgr_aon.cpu_dump
@@ -13819,6 +13839,18 @@
index: -1
}
{
+ name: rom_digest
+ struct: keymgr_data
+ package: rom_ctrl_pkg
+ type: uni
+ act: rcv
+ width: 1
+ inst_name: keymgr
+ default: ""
+ top_signame: rom_ctrl_keymgr_data
+ index: -1
+ }
+ {
name: tl
struct: tl
package: tlul_pkg
@@ -14292,6 +14324,10 @@
act: req
width: 1
inst_name: rom_ctrl
+ default: ""
+ end_idx: -1
+ top_type: broadcast
+ top_signame: rom_ctrl_keymgr_data
index: -1
}
{
@@ -16293,6 +16329,17 @@
default: ""
}
{
+ package: rom_ctrl_pkg
+ struct: keymgr_data
+ signame: rom_ctrl_keymgr_data
+ width: 1
+ type: uni
+ end_idx: -1
+ act: req
+ suffix: ""
+ default: ""
+ }
+ {
package: ibex_pkg
struct: crash_dump
signame: rv_core_ibex_crash_dump
diff --git a/hw/top_earlgrey/data/top_earlgrey.hjson b/hw/top_earlgrey/data/top_earlgrey.hjson
index 3c179f2..514272b 100644
--- a/hw/top_earlgrey/data/top_earlgrey.hjson
+++ b/hw/top_earlgrey/data/top_earlgrey.hjson
@@ -872,6 +872,7 @@
'pwrmgr_aon.strap' : ['pinmux_aon.strap_en'],
'pwrmgr_aon.low_power' : ['pinmux_aon.sleep_en','aon_timer_aon.sleep_mode'],
'rom_ctrl.pwrmgr_data' : ['pwrmgr_aon.rom_ctrl'],
+ 'rom_ctrl.keymgr_data' : ['keymgr.rom_digest'],
'flash_ctrl.keymgr' : ['keymgr.flash'],
'alert_handler.crashdump' : ['rstmgr_aon.alert_dump'],
'rv_core_ibex.crash_dump' : ['rstmgr_aon.cpu_dump'],
diff --git a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv
index 0e9ec66..003498f 100644
--- a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv
+++ b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv
@@ -489,6 +489,7 @@
logic pwrmgr_aon_strap;
logic pwrmgr_aon_low_power;
rom_ctrl_pkg::pwrmgr_data_t rom_ctrl_pwrmgr_data;
+ rom_ctrl_pkg::keymgr_data_t rom_ctrl_keymgr_data;
ibex_pkg::crash_dump_t rv_core_ibex_crash_dump;
logic usbdev_usb_out_of_rst;
logic usbdev_usb_aon_wake_en;
@@ -2092,6 +2093,7 @@
.flash_i(flash_ctrl_keymgr),
.lc_keymgr_en_i(lc_ctrl_lc_keymgr_en),
.lc_keymgr_div_i(lc_ctrl_lc_keymgr_div),
+ .rom_digest_i(rom_ctrl_keymgr_data),
.tl_i(keymgr_tl_req),
.tl_o(keymgr_tl_rsp),
@@ -2292,7 +2294,7 @@
// Inter-module signals
.rom_cfg_i(ast_rom_cfg),
.pwrmgr_data_o(rom_ctrl_pwrmgr_data),
- .keymgr_data_o(),
+ .keymgr_data_o(rom_ctrl_keymgr_data),
.kmac_data_o(kmac_app_req[1]),
.kmac_data_i(kmac_app_rsp[1]),
.regs_tl_i(rom_ctrl_regs_tl_req),
