Skip to content

[keymgr_dpe] Replace keymgr in EG - PR8 crypto driver#30677

Draft
rroth-lowrisc wants to merge 12 commits into
lowRISC:masterfrom
rroth-lowrisc:keymgr_dpe_PR8_cryptolib
Draft

[keymgr_dpe] Replace keymgr in EG - PR8 crypto driver#30677
rroth-lowrisc wants to merge 12 commits into
lowRISC:masterfrom
rroth-lowrisc:keymgr_dpe_PR8_cryptolib

Conversation

@rroth-lowrisc

@rroth-lowrisc rroth-lowrisc commented Jul 7, 2026

Copy link
Copy Markdown

PR8 - crypto driver

This PR is the eight in a series which will replace the keymgr with the kemgr_dpe in earlgrey. The replacement was approved by this RFC.

Merge-Dependencies

Relevant Commits

Last three two commit

Description

This PR will add a first version of the crypto lib driver for the keymgr_dpe. It adds the basic functionality to interact with the keymgr_dpe. A first draft version of the keymgr_dpe_test is already present, however some commits needs to be backported from the master branch first.

It is not yet included in the bazel build system as several dependencies are missing until the top integration is finished.

Split the otp_keymgr_key interface into its respective components.
Future version of the keymgr(_dpe) may receive the information from
different IP's rather than combined from the otp_ctrl.

To avoid a circular dependencies the DevIdWidth instantiated
in keymgr_dpe_pkg replaces the otp_ctrl_pkg::DeviceIdWidth.

As the keymgr still expects the combined message the earlgrey top
manually combines the key material. This fix will be removed when
the keymgr is replaced by the keymgr_dpe.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit updates the `otp_ctrl` dv to reflect the new interface between
the `keymgr` and the `otp_ctrl`. The secret / seed verification inside the
otp_ctrl scoreboard template are no longer dynamically generated. The reason
is that the previously shared port signal has been split into its respective
components, which does not interacts well with the dynamic generation anymore.

However, adding a secret to the otp now results in a port-list change anyways the
resulting overhead is deemed acceptable.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit removes all otp_ctrl dependency in the keymgr_dpe dv.
This change ensures that the dv architecture accurately reflects
the dependency in the RTL implementation.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit improves the block level dv by:
- Introducing more verbose messages
- Latching the correct DEFAULT_UDS_POLICY
- Prevent ambiguous state after the disable operation
  by restricting any advance call

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
The scoreboard loads the UDS directly from the DUT via interface.
The problem is the keymgr_dpe initializes the slot for the UDS with
randomness. The initally loaded UDS is xored with the randomness
already present in the destination slot as countermeasure for SCA.
The scoreboard however can currently not recreate this randomness
thus the backdoor load.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Introduction of the third bootstage defined in the opentitan identities-and-root-keys
(https://opentitan.org/book/doc/security/specs/identities_and_root_keys/index.html)
strategy. The `creator_seed` is now consumed by BootStageOwnerInt rather
than by BootStageCreator.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
@rroth-lowrisc

rroth-lowrisc commented Jul 7, 2026

Copy link
Copy Markdown
Author

DO NOT MERGE THIS PR

This PR cannot be merged until the following PR passes the CI:

  • TBD

The introduced keymgr_dpe drivers are not yet referenced in any build system until the TOP integration PR. Therefore none of the CI checks really verifies anything in this PR. The only reason for this PR is to break down the review effort into several smaller chunks of work along "logical" lines of code spaces.

@nasahlpa nasahlpa left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Raphael, I had a look into the last three commits.
The first commit I already have reviewed in another repo.
The other two commits LGTM!

Comment thread sw/device/lib/crypto/drivers/keymgr_dpe.c Outdated
@@ -0,0 +1,212 @@
// Copyright lowRISC contributors (OpenTitan project).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should be able to already add this test to the BUILD file but just mark it as broken such that it is not build and executed.

@nasahlpa nasahlpa left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Raphael - I had a look into the last three commits:

  • The first commit I already have reviewed in another repo
  • The last two commits look good to me, they streamline the cryptolib drivers with upstream as well as adding a new test

This commit allows for a limited parametrization by the top without
having a fully templated IP. The top can define the following:

- Number of bootstages (either two or three)
- Number of ROM digest values
- Number of HW slots instanciated (up to 8 slots)

The block level dv is extended to test two different configurations,
called earlgrey and darjeeling.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Add three missing features to the dif of the keymgr_dpe.

- The disable function to transition the keymgr_dpe into the disabled state
- The configuration function to set the re-seeding interval of the keymgr_dpe
- Any sideloaded key on the sideload interface can now be cleared by sw

Add an empty `dif_keymgr_dpe_unittest.cc` file to avoid triggering error
during the top integration, tracked in Issue lowRISC#30609.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit introduces a first version of the keymgr_dpe sw in
the silicon creator lib. It covers the basic keymgr_dpe features.

Add source / header file **without** linking them in the
appropriate *BUILD* file as some dependencies do not exist yet!

Add an empty keymgr_dpe_unittest.cc file to avoid triggering error
during the top integration, tracked in Issue lowRISC#30609.

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
To ensure backwards compatibility, the file has been split into two
sections due to the different boot processes. The first part covers
the boot process for darjeeling and the second part covers the boot process
for earlgrey. This `if define ...` should either be replaced with two
testutils files for the keymgr_dpe (linked by Bazel according to the top)
or with a finer granularity of defines (e.g. function-wise)

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit introduces a first version of the keymgr_dpe sw in
the crypto lib. It covers the basic keymgr_dpe features.

Add source / header file **without** linking them in the
appropriate BUILD file as some dependencies do not exist yet!

This commit contains the backported changes from the following
git commit hashes (changes done in `keymgr` but relevant for
`keymgr_dpe` too):

- 9dcbb05
- 4afe7cd
- ab8c166
- b10d2fe
- e587303
- 068c37e

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit introduces the test for the `keymgr_dpe` driver inside
the crypto lib. It covers the basic `keymgr_dpe` features.

Add source / header file **without** linking them in the
appropriate BUILD file as some dependencies do not exist yet!

Signed-off-by: Raphael Roth <rroth@lowrisc.org>
@rroth-lowrisc rroth-lowrisc force-pushed the keymgr_dpe_PR8_cryptolib branch from e167c75 to 910b63b Compare July 7, 2026 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants