Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[csrng] Make reseed counters always readable, allow locking down internal state access per instance #23539

Merged
merged 3 commits into from
Jun 7, 2024
Merged

[csrng] Make reseed counters always readable, allow locking down internal state access per instance #23539

merged 3 commits into from
Jun 7, 2024

Conversation

vogelpi
Copy link
Contributor

@vogelpi vogelpi commented Jun 6, 2024
edited
Loading

As discussed here: #21141 (comment)

@vogelpi vogelpi requested a review from a team as a code owner June 6, 2024 15:25
@vogelpi vogelpi requested review from marnovandermaas, h-filali, johannheyszl and andreaskurth and removed request for a team and marnovandermaas June 6, 2024 15:25
@vogelpi vogelpi mentioned this pull request Jun 6, 2024
Closed
@moidx
Copy link
Contributor

moidx commented Jun 6, 2024

Thanks @vogelpi. This LGTM.

vogelpi added 3 commits June 7, 2024 10:37
@vogelpi
[csrng] Make reseed counters readable at any point in time
5f596b5 
Previously, the reseed counters were only readable if the
otp_en_csrng_sw_app_read fuses were enabled and if the
CTRL.READ_INT_STATE field was enabled, i.e., if the full internal state
was readable.

However, the reseed counter should be readable even if the internal
state is not readable because this allows firmware to track the age
of the different CSRNG contexts. The reseed counter itself is not
sensitive information as it doesn't allow inferring the values of
Key and V.

Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
@vogelpi
[csrng] Add per-instance internal state read enable
c57d40b 
Previously, the design featured a single read enable switch plus an OTP
fuse controlling read access for all three CTR_DRBG instances. This is
non-ideal as firmware may want to perform known-answer testing of
individual instances after enabling and then lock down instances
individually.

This commit thus adds a per-instance internal state read enable on top
of the previously implemented mechanisms. After enabling, the internal
state of all instances can be read and firmware can disable read access
on a per-instance basis. Once firmware is done with the known-answer
testing, it can lock the per-instance internal state read enable
settings until the next reset.

This resolves lowRISC#21141.

Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
@vogelpi
[csrng/dv] Disable some SVAs during fatal error injection in csrng_intr
00c1934 
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
@vogelpi vogelpi force-pushed the csrng-state-access-locking branch from 2e3e4fb to 00c1934 Compare June 7, 2024 09:24
@vogelpi
Copy link
Contributor Author

vogelpi commented Jun 7, 2024

Thanks for your review @moidx . As discussed in the triage meeting yesterday it would be better to allow locking the read enable settings until the next reset in ROM_EXT . I've now modified the PR accordingly.

moidx
moidx approved these changes Jun 7, 2024
View reviewed changes
Copy link
Contributor

@moidx moidx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the REGWEN changes. This LGTM.

@vogelpi vogelpi mentioned this pull request Jun 7, 2024
Merged
@vogelpi
Copy link
Contributor Author

vogelpi commented Jun 7, 2024

All tests except for spi_passthru_test_fpga_cw310_rom_with_fake_keys which also fails for other unrelated PRs. I am merging this.

@vogelpi vogelpi merged commit 16d7604 into lowRISC:master Jun 7, 2024
29 of 31 checks passed
@vogelpi vogelpi deleted the csrng-state-access-locking branch June 13, 2024 09:26
This was referenced Jun 25, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moidx moidx moidx approved these changes

@h-filali h-filali Awaiting requested review from h-filali

@johannheyszl johannheyszl Awaiting requested review from johannheyszl

@andreaskurth andreaskurth Awaiting requested review from andreaskurth

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vogelpi @moidx