-
Notifications
You must be signed in to change notification settings - Fork 783
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[otp_ctrl] Remove entropy_src chicken switches #21118
Conversation
dfd0db7
to
a1c8683
Compare
This carries over a change from integrated_dev that removes unnecessary chicken switches for the entropy complex. Note however that this time we do not remove EN_CSRNG_SW_APP_READ since that may still be useful. Signed-off-by: Michael Schaffner <[email protected]>
a1c8683
to
17d5c2a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Software and test changes LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EN_CSRNG_SW_APP_READ
will have to be set to true in most cases (including to meet FIPS certification requirements).
It would be nice to document what use cases require EN_CSRNG_SW_APP_READ = False
given that the SW CSRNG channel in this configuration would not be usable.
@vogelpi if this looks good to you, can you merge it? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @msfschaffner , removing these two switches is okay. They enable the following functionality:
- otp_en_entropy_src_fw_over allows enabling the firmware override mode. This is required for evaluation related to certification (in PROD LC state) and to enable the software fallback mode. This gives firmware access to unconditioned entropy only.
- otp_en_entropy_src_fw_read allows routing (un-)conditioned entropy to a separate output path. This is required for KATs especially around the conditioner, which is probably also relevant for certification (in PROD LC state).
I agree to keep the EN_CSRNG_SW_APP_READ
switch and I agree to better document this / adapt the use of it. I'll open an issue for that.
The issue is here #21141 |
This carries over a change from
integrated_dev
that removes unnecessary chicken switches for the entropy complex.Note however that this time we do not remove
EN_CSRNG_SW_APP_READ
since that may still be useful.See the following discussion for context https://github.com/lowRISC/opentitan-integrated/pull/319#discussion_r1304821593.
This is in preparation for moving debug-related chicken switches into a new
HW_CFG1
partition, similarly as this has been done onintegrated_dev
.🐔