Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[entropy_src] Make HW health tests configurable to process either 1 or 4 bit samples/symbols #20954

Closed
johannheyszl opened this issue Jan 24, 2024 · 4 comments · Fixed by #21626
Closed

[entropy_src] Make HW health tests configurable to process either 1 or 4 bit samples/symbols #20954

johannheyszl opened this issue Jan 24, 2024 · 4 comments · Fixed by #21626
Assignees
@vogelpi @h-filali
Labels
Component:RTL Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones Hotlist:Security Security Opinion Needed IP:entropy_src Subsystem:Entropy entropy_src, csrng, or edn related issues
Milestone
Earlgrey-PROD.M2

Comments

@johannheyszl
Copy link
Contributor

Description

We can switch the entropy_src to a single bit mode. However, the health tests currently operate on 4 bit samples. We can change the HW to make them configurable to support single bit noise sources with HW health testing. Alternatively, the single bit FIPS processing can be achieved through FW bypass.

Issue created after discussion b/w: @moidx @johannheyszl VadimS @vogelpi @zi-v @h-filali
@johannheyszl johannheyszl added Component:RTL Hotlist:Security Security Opinion Needed IP:entropy_src Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones labels Jan 24, 2024
@johannheyszl johannheyszl added this to the Earlgrey-PROD.M2 milestone Jan 24, 2024
@johannheyszl
Copy link
Contributor Author

cc @msfschaffner @andreaskurth

@johannheyszl
Copy link
Contributor Author

Note: this would also include to move the 1 to 4 bit packer to after the health checks

@johannheyszl johannheyszl mentioned this issue Jan 24, 2024
Closed
@vogelpi vogelpi added the Subsystem:Entropy entropy_src, csrng, or edn related issues label Jan 25, 2024
@vogelpi vogelpi self-assigned this Jan 26, 2024
@vogelpi
Copy link
Contributor

vogelpi commented Jan 26, 2024

Thanks for opening the issue. The next thing is that @h-filali and I will look into the relevant NIST specifications.

@vogelpi
Copy link
Contributor

vogelpi commented Feb 1, 2024
edited
Loading

From my discussion with @h-filali : the purpose of the health tests is to - assuming initial validation passed - check that there is no catastrophic failure in the noise source. We currently see different options that could get validated:

  • 4-bit hardware pipeline
  • 1-bit hardware pipeline
  • software pipeline (4 or 1-bit)

The key is that the pipeline is operated for the health tests the same way it's used for the validation. I.e., the 1-bit
mode was validated and for validation a bitstream was considered, we should check the health tests. In contrast, if the 1-bit mode was validated and for validation a stream of packed 4-bit symbols was considered, the health tests should be left as is.

Both @h-filali and I currently think it would be better to modify the health tests for the 1-bit mode to get more meaningful health test results.

@h-filali h-filali mentioned this issue Feb 22, 2024
Merged
This was referenced Mar 29, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vogelpi vogelpi

@h-filali h-filali

Labels
Component:RTL Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones Hotlist:Security Security Opinion Needed IP:entropy_src Subsystem:Entropy entropy_src, csrng, or edn related issues
Projects
None yet
Milestone
Earlgrey-PROD.M2
Development

Successfully merging a pull request may close this issue.

[entropy_src/rtl] Move the 1-4 esbit packer h-filali/opentitan
3 participants
@vogelpi @h-filali @johannheyszl