Skip to content

[keymgr_dpe] Replace keymgr in EG - PR5 dif functions#30619

Draft
rroth-lowrisc wants to merge 8 commits into
lowRISC:masterfrom
rroth-lowrisc:keymgr_dpe_PR5_dif
Draft

[keymgr_dpe] Replace keymgr in EG - PR5 dif functions#30619
rroth-lowrisc wants to merge 8 commits into
lowRISC:masterfrom
rroth-lowrisc:keymgr_dpe_PR5_dif

Conversation

@rroth-lowrisc

@rroth-lowrisc rroth-lowrisc commented Jul 2, 2026

Copy link
Copy Markdown

PR5 - dif functions

This PR is the fifth in a series which will replace the keymgr with the kemgr_dpe in earlgrey. The replacement was approved by this RFC.

Merge-Dependencies

Relevant Commits

The last commit

Description

This PR adds missing API feature to the existing dif interface of the keymgr_dpe. All of these feature were already present in the keymgr_dpe but not in the dif interface. To avoid breaking dependencies in a later PR an empty dif_keymgr_dpe_unittest.cc was created.

Split the otp_keymgr_key interface into its respective components.
Future version of the keymgr(_dpe) may receive the information from
different IP's rather than combined from the otp_ctrl.

To avoid a circular dependencies the DevIdWidth instantiated
in keymgr_dpe_pkg replaces the otp_ctrl_pkg::DeviceIdWidth.

As the keymgr still expects the combined message the earlgrey top
manually combines the key material. This fix will be removed when
the keymgr is replaced by the keymgr_dpe.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit updates the `otp_ctrl` dv to reflect the new interface between
the `keymgr` and the `otp_ctrl`. The secret / seed verification inside the
otp_ctrl scoreboard template are no longer dynamically generated. The reason
is that the previously shared port signal has been split into its respective
components, which does not interacts well with the dynamic generation anymore.

However, adding a secret to the otp now results in a port-list change anyways the
resulting overhead is deemed acceptable.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit removes all otp_ctrl dependency in the keymgr_dpe dv.
This change ensures that the dv architecture accurately reflects
the dependency in the RTL implementation.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit improves the block level dv by:
- Introducing more verbose messages
- Latching the correct DEFAULT_UDS_POLICY
- Prevent ambiguous state after the disable operation
  by restricting any advance call

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
The scoreboard loads the UDS directly from the DUT via interface.
The problem is the keymgr_dpe initializes the slot for the UDS with
randomness. The initally loaded UDS is xored with the randomness
already present in the destination slot as countermeasure for SCA.
The scoreboard however can currently not recreate this randomness
thus the backdoor load.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Introduction of the third bootstage defined in the opentitan identities-and-root-keys
(https://opentitan.org/book/doc/security/specs/identities_and_root_keys/index.html)
strategy. The `creator_seed` is now consumed by BootStageOwnerInt rather
than by BootStageCreator.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit allows for a limited parametrization by the top without
having a fully templated IP. The top can define the following:

- Number of bootstages (either two or three)
- Number of ROM digest values
- Number of HW slots instanciated (up to 8 slots)

The block level dv is extended to test two different configurations,
called earlgrey and darjeeling.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Add three missing features to the dif of the keymgr_dpe.

- The disable function to transition the keymgr_dpe into the disabled state
- The configuration function to set the re-seeding interval of the keymgr_dpe
- Any sideloaded key on the sideload interface can now be cleared by sw

Add an empty `dif_keymgr_dpe_unittest.cc` file to avoid triggering error
during the top integration, tracked in Issue lowRISC#30609.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant