[otbn] Check seed_valid bit of OTP scrambling interface #13201
Comments
|
I thought the seed valid was more related to whether a particular seed was burned and locked in the otp. it would make sense to indicate this as a status though, and perhaps instead of the default 0, some kind of random fixed constant that can be parameterized. |
|
I think what @tjaychen suggests is most sensible. We may want to trigger the dmem/imem secure wipe when the bit is 0 for some testing/bring-up reason. Also all recoverable errors currently only occur during software execution. So a recoverable error during execution adds new error behaviour which adds more DV work which I'd rather avoid if at all possible. |
|
So this bit was intended to provide some more info on provisioning status. I don't think we want to error on that, since we may (as @tjaychen pointed out) want to run some OTBN tests before the key seeds are provisioned. It would however be good to expose this to SW via a CSR in a similar way as this has been done in the SRAM_CTRL so that SW could double check this: opentitan/hw/ip/sram_ctrl/data/sram_ctrl.hjson Lines 218 to 228 in 7dfc681 |
|
@tjaychen I think the scrambling key is not set to zero inside OTBN in that case. |
GregAC
added
the
Type:FutureRelease
|
I think the conclusion here it's there's no major security concern though exposing the seed valid to SW for OTBN could be useful, though I think we should only consider this for a future release @vogelpi any thoughts? |
msfschaffner
added
the
Earlgrey-PROD Candidate
|
@jadephilipoom PTAL: The current understanding is, that there is no security concern because either an OTP read or ephemeral seed is used for scrambling, but it might be useful for SW to understand if an ephemeral or OTP based seed is used. IMO this probably does not help much and we could close as not planned. |
johannheyszl
added
triaged-security
and removed
Milestone:D3
Type:FutureRelease
|
As currently written, OTBN drivers (for both silicon creator and cryptolib) always wipe IMEM/DMEM before loading any application to OTBN, so they would refresh the scrambling key before use anyway. I also don't see a security issue here. |
|
Okay, thanks for your input everybody (and sorry for my ultra late response). I agree that there are no security concerns then. I agree that it's not necessary to change the RTL of either OTBN or OTP. In both cases it wouldn't add much. But I do think we should add some notes to the OTP documentation on this (similar to what we have in the SRAM controller, namely that keys are still ephemeral). I'll take care of this. |
In the past, there have been misunderstandings whether scrambling keys having seed_valid = 0 are safe to be used at all. As it turns out, they are. This commit adds this information to the interfaces section of the otp_ctrl documentation. This resolves lowRISC#13201. Signed-off-by: Pirmin Vogel <[email protected]>
|
I just filed a PR to update the otp_ctrl documentation with the outcome of this discussion. See #20688. |
In the past, there have been misunderstandings whether scrambling keys having seed_valid = 0 are safe to be used at all. As it turns out, they are. This commit adds this information to the interfaces section of the otp_ctrl documentation. This resolves #13201. Signed-off-by: Pirmin Vogel <[email protected]>
@ctopal noted that inside OTBN, the
seed_validbit of the OTP scrambling interface is currently not used. We register the bit received from OTP but then don't do anything with it.If that bit isn't set, it means OTP has used an all-zero constant to derive the scrambling key. Meaning the key is not really safe to use. My understanding is that the first OTBN secure wipe requesting new scrambling keys is anyway initialized after setting up the entropy complex, so this bit should always be set unless something fishy is going on. I suggest to change the OTBN design such that a recoverable error is triggered when receiving a scrambling key with
seed_validlow.Any thoughts @mundaym , @GregAC , @msfschaffner ?
The text was updated successfully, but these errors were encountered: