Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[entropy_src] Restarting physical noise source through rng_en #20947

Closed
johannheyszl opened this issue Jan 24, 2024 · 2 comments · Fixed by #21685
Closed

[entropy_src] Restarting physical noise source through rng_en #20947

johannheyszl opened this issue Jan 24, 2024 · 2 comments · Fixed by #21685
Assignees
@h-filali
Labels
Component:RTL Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones Hotlist:Security Security Opinion Needed IP:entropy_src Subsystem:Entropy entropy_src, csrng, or edn related issues triaged-security
Milestone
Earlgrey-PROD.M2

Comments

@johannheyszl
Copy link
Contributor

johannheyszl commented Jan 24, 2024
edited
Loading

Description

We will restart the physical noise source for cases of a persistent error. This ability also helps with SP 800-90B restart testing to simplify test harnesses. An rng_en_i signal into AST is driving this off/on reset, and originates in entropy_src.

We need to make sure this rng_en is deasserted carefully and in sync with the entropy_src to maintain FIPS-compatibility. Startup testing shall be repeated upon each restart for instance.

  • For example, the signal shall not be deasserted upon the FIFO full event, even though this is expected to be very rare or ‘should never happen’ (@vogelpi to pls add context here). Beware that for startup testing we might need to fill the FIFO up to capacity and certainly do not want a deassert of the signal as a result.
  • Also check other conditions for deassertion.

Issue created after discussion b/w: @moidx @johannheyszl VadimS @vogelpi @zi-v @h-filali
@johannheyszl johannheyszl added IP:entropy_src Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones labels Jan 24, 2024
@johannheyszl johannheyszl added this to the Earlgrey-PROD.M2 milestone Jan 24, 2024
@johannheyszl
Copy link
Contributor Author

cc @msfschaffner @andreaskurth

@vogelpi
Copy link
Contributor

vogelpi commented Feb 1, 2024

We've discussed this in the Security WG meeting today. Even thought the 2 x 4-bit input FIFO should never become full during regular operation we should probably change the design to:

  1. Notify software if this FIFO or any of the following ones get full (except for the Observe FIFO for which this is already correctly handled). And, because software needs to know if entropy is dropped.
  2. Not lower the rng_enable_o signal if those FIFOs get full because the AST should not be disabled/enabled because of that.

@h-filali h-filali added the Subsystem:Entropy entropy_src, csrng, or edn related issues label Feb 23, 2024
@h-filali h-filali mentioned this issue Feb 26, 2024
Merged
This was referenced Mar 29, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@h-filali h-filali

Labels
Component:RTL Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones Hotlist:Security Security Opinion Needed IP:entropy_src Subsystem:Entropy entropy_src, csrng, or edn related issues triaged-security
Projects
None yet
Milestone
Earlgrey-PROD.M2
Development

Successfully merging a pull request may close this issue.

[entropy_src] Remove line diabling TRNG when esrng FIFO is full h-filali/opentitan
3 participants
@vogelpi @h-filali @johannheyszl