[entropy_src] Outline potential hardware changes for ECDSA sigverify in ROM #21652
Comments
vogelpi
added
Subsystem:Entropy
|
Hi @vogelpi, I think it is worth considering to add support to initialize all EDN instances as a backup option, and potentially even one additional seed for CSRNG SW channel. It is too early for us to know the priority for this, but it is a good idea to get a high level estimate. |
h-filali
added
the
Earlgrey-PROD Candidate
|
Thanks for your feedback @moidx . I thought a bit more about this and also discussed with @h-filali and @johannheyszl . IIUC, we would need probably need FIPS quality entropy for this. And maybe it's only needed once per new ROM ext, so for these one off cases, one could boot the entropy src into FIPS mode. But discussions are still ongoing. We'll likely discuss this weeks Sec WG. Independent of such discussions, changing the hardware design to produce 3 seeds in boot mode should be doable without area overhead / timing impact. If we conclude that we really need that, we can add this also after M2. To not forget about this, I am moving this issue to M3 for now. |
|
@moidx: No longer an issue because ROM space is limited. |
Description
As @h-filali is working his way through the entropy_src hardware changes required for Earlgrey-PROD.M2, we were wondering if there are any hardware changes needed for ECDSA signature verification in ROM.
For example, in the current version of the ROM, the entropy_src is first setup in boot mode in which only a single seed can be generated. This is sufficient to instantiate one CSRNG instance / one EDN. But not for running OTBN code consuming entropy from both EDN interfaces (URND, RND).
@moidx , @cfrantz , @johannheyszl , @msfschaffner, @timothytrippel
The text was updated successfully, but these errors were encountered: