Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[keymgr] Don't update and reseed PRNG in Disabled/Invalid state forever #23071

Merged
merged 1 commit into from
May 14, 2024
Merged

[keymgr] Don't update and reseed PRNG in Disabled/Invalid state forever #23071

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions hw/ip/keymgr/rtl/keymgr.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ module keymgr
logic [LfsrWidth-1:0] seed;
logic reseed_req;
logic reseed_ack;
logic reseed_done;
logic reseed_cnt_err;

keymgr_reseed_ctrl u_reseed_ctrl (
Expand All @@ -194,6 +195,7 @@ module keymgr
.rst_edn_ni,
.reseed_req_i(reseed_req),
.reseed_ack_o(reseed_ack),
.reseed_done_o(reseed_done),
.reseed_interval_i(reg2hw.reseed_interval_shadowed.q),
.edn_o,
.edn_i,
Expand Down Expand Up @@ -285,6 +287,7 @@ module keymgr
.sideload_fsm_err_i(sideload_fsm_err),
.prng_reseed_req_o(reseed_req),
.prng_reseed_ack_i(reseed_ack),
.prng_reseed_done_i(reseed_done),
.prng_en_o(ctrl_lfsr_en),
.entropy_i(ctrl_rand),
.op_i(keymgr_ops_e'(reg2hw.control_shadowed.operation.q)),
Expand Down
30 changes: 28 additions & 2 deletions hw/ip/keymgr/rtl/keymgr_ctrl.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ module keymgr_ctrl

// prng control interface
input [Shares-1:0][RandWidth-1:0] entropy_i,
input prng_reseed_done_i,
input prng_reseed_ack_i,
output logic prng_reseed_req_o,
output logic prng_en_o
Expand Down Expand Up @@ -234,7 +235,24 @@ module keymgr_ctrl
// interaction between main fsm and prng
///////////////////////////

assign prng_en_o = random_req | disabled | invalid | wipe_req;
// Upon entering StCtrlDisabled or StCtrlInvalid, the PRNG is kept advancing until it has been
// reseeded twice (through the reseeding mechansism inside keymgr_reseed_ctrl.sv).
logic [1:0] prng_en_dis_inv_d, prng_en_dis_inv_q;
logic prng_en_dis_inv_set;

assign prng_en_dis_inv_d =
prng_en_dis_inv_set ? 2'b11 :
prng_reseed_done_i ? {1'b0, prng_en_dis_inv_q[1]} : prng_en_dis_inv_q;

always_ff @(posedge clk_i or negedge rst_ni) begin
if (!rst_ni) begin
prng_en_dis_inv_q <= '0;
end else begin
prng_en_dis_inv_q <= prng_en_dis_inv_d;
end
end

assign prng_en_o = random_req | wipe_req | prng_en_dis_inv_q[0];

//////////////////////////
// Main Control FSM
Expand Down Expand Up @@ -456,7 +474,10 @@ module keymgr_ctrl
// indication that state is invalid
invalid = 1'b0;

// enable prng toggling
// Don't request final PRNG updating and reseeding.
prng_en_dis_inv_set = 1'b0;

// Request PRNG reseeding.
prng_reseed_req_o = 1'b0;

// initialization complete
Expand Down Expand Up @@ -535,6 +556,7 @@ module keymgr_ctrl
state_d = StCtrlWipe;
end else if (dis_state) begin
state_d = StCtrlDisabled;
prng_en_dis_inv_set = 1'b1;
end else if (adv_state) begin
state_d = StCtrlCreatorRootKey;
end
Expand All @@ -554,6 +576,7 @@ module keymgr_ctrl
state_d = StCtrlWipe;
end else if (dis_state) begin
state_d = StCtrlDisabled;
prng_en_dis_inv_set = 1'b1;
end else if (adv_state) begin
state_d = StCtrlOwnerIntKey;
end
Expand All @@ -573,6 +596,7 @@ module keymgr_ctrl
state_d = StCtrlWipe;
end else if (dis_state) begin
state_d = StCtrlDisabled;
prng_en_dis_inv_set = 1'b1;
end else if (adv_state) begin
state_d = StCtrlOwnerKey;
end
Expand All @@ -592,6 +616,7 @@ module keymgr_ctrl
state_d = StCtrlWipe;
end else if (adv_state || dis_state) begin
state_d = StCtrlDisabled;
prng_en_dis_inv_set = 1'b1;
end
end

Expand All @@ -614,6 +639,7 @@ module keymgr_ctrl
// begin with (op_start_i == 0), in this case, don't wait and immediately transition
if (!op_start_i) begin
state_d = StCtrlInvalid;
prng_en_dis_inv_set = 1'b1;
end
end

Expand Down
2 changes: 2 additions & 0 deletions hw/ip/keymgr/rtl/keymgr_reseed_ctrl.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ module keymgr_reseed_ctrl import keymgr_pkg::*; (
// interface to keymgr_ctrl
input reseed_req_i,
output logic reseed_ack_o,
output logic reseed_done_o,

// interface to software
input [15:0] reseed_interval_i,
Expand Down Expand Up @@ -57,6 +58,7 @@ module keymgr_reseed_ctrl import keymgr_pkg::*; (

assign seed_en_o = edn_ack;
assign reseed_ack_o = reseed_req_i & edn_ack;
assign reseed_done_o = edn_done;

prim_edn_req #(
.OutWidth(LfsrWidth)
Expand Down