[keymgr_dpe] Replace keymgr in EG - PR9 top level integration#30697
Draft
rroth-lowrisc wants to merge 34 commits into
Draft
[keymgr_dpe] Replace keymgr in EG - PR9 top level integration#30697rroth-lowrisc wants to merge 34 commits into
rroth-lowrisc wants to merge 34 commits into
Conversation
Split the otp_keymgr_key interface into its respective components. Future version of the keymgr(_dpe) may receive the information from different IP's rather than combined from the otp_ctrl. To avoid a circular dependencies the DevIdWidth instantiated in keymgr_dpe_pkg replaces the otp_ctrl_pkg::DeviceIdWidth. As the keymgr still expects the combined message the earlgrey top manually combines the key material. This fix will be removed when the keymgr is replaced by the keymgr_dpe. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit updates the `otp_ctrl` dv to reflect the new interface between the `keymgr` and the `otp_ctrl`. The secret / seed verification inside the otp_ctrl scoreboard template are no longer dynamically generated. The reason is that the previously shared port signal has been split into its respective components, which does not interacts well with the dynamic generation anymore. However, adding a secret to the otp now results in a port-list change anyways the resulting overhead is deemed acceptable. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit removes all otp_ctrl dependency in the keymgr_dpe dv. This change ensures that the dv architecture accurately reflects the dependency in the RTL implementation. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit improves the block level dv by: - Introducing more verbose messages - Latching the correct DEFAULT_UDS_POLICY - Prevent ambiguous state after the disable operation by restricting any advance call Signed-off-by: Raphael Roth <rroth@lowrisc.org>
The scoreboard loads the UDS directly from the DUT via interface. The problem is the keymgr_dpe initializes the slot for the UDS with randomness. The initally loaded UDS is xored with the randomness already present in the destination slot as countermeasure for SCA. The scoreboard however can currently not recreate this randomness thus the backdoor load. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Introduction of the third bootstage defined in the opentitan identities-and-root-keys (https://opentitan.org/book/doc/security/specs/identities_and_root_keys/index.html) strategy. The `creator_seed` is now consumed by BootStageOwnerInt rather than by BootStageCreator. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit allows for a limited parametrization by the top without having a fully templated IP. The top can define the following: - Number of bootstages (either two or three) - Number of ROM digest values - Number of HW slots instanciated (up to 8 slots) The block level dv is extended to test two different configurations, called earlgrey and darjeeling. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Add three missing features to the dif of the keymgr_dpe. - The disable function to transition the keymgr_dpe into the disabled state - The configuration function to set the re-seeding interval of the keymgr_dpe - Any sideloaded key on the sideload interface can now be cleared by sw Add an empty `dif_keymgr_dpe_unittest.cc` file to avoid triggering error during the top integration, tracked in Issue lowRISC#30609. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This was referenced Jul 9, 2026
652d637 to
e5af58b
Compare
This commit introduces a first version of the keymgr_dpe sw in the silicon creator lib. It covers the basic keymgr_dpe features. Add source / header file **without** linking them in the appropriate *BUILD* file as some dependencies do not exist yet! Add an empty keymgr_dpe_unittest.cc file to avoid triggering error during the top integration, tracked in Issue lowRISC#30609. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
To ensure backwards compatibility, the file has been split into two sections due to the different boot processes. The first part covers the boot process for darjeeling and the second part covers the boot process for earlgrey. This `if define ...` should either be replaced with two testutils files for the keymgr_dpe (linked by Bazel according to the top) or with a finer granularity of defines (e.g. function-wise) Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit introduces a first version of the keymgr_dpe sw in the crypto lib. It covers the basic keymgr_dpe features. Add source / header file **without** linking them in the appropriate BUILD file as some dependencies do not exist yet! This commit contains the backported changes from the following git commit hashes (changes done in `keymgr` but relevant for `keymgr_dpe` too): - 9dcbb05 - 4afe7cd - ab8c166 - b10d2fe - e587303 - 068c37e Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit introduces the test for the `keymgr_dpe` driver inside the crypto lib. It covers the basic `keymgr_dpe` features. Add source / header file **without** linking them in the appropriate BUILD file as some dependencies do not exist yet! Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit replaces the `keymgr` in Earl Grey with `keymgr_dpe` to implement the DICE Protected Environment (DPE) extension, which enables Key Manager to handle a multi-branch key derivation tree with independent secrets stored in parallel hardware slots. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit encompass all autogenerated code from the previous commit. This commit should be squashed before the merge. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
The creator / owner seed for the `keymgr_dpe` can be provided by the `flash` or the `otp`. The source is defined by a newly introduced toplevel parameter. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit removes all countermeasures targeting modules from the original `keymgr`. The `./ci/scripts/check-countermeasures.sh earlgrey`script does not recognize cross ip countermeasures. These countermeasures must be re-enabled once the `keymgr` is deprecated and all relevant modules are mitgrated to the `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Change all the dependencies in the build-system from the deprecated `keymgr` to `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
…em further up) Signed-off-by: Raphael Roth <rroth@lowrisc.org>
This commit disables all tests that are failing due to the `keymgr_dpe` migration. All of the excluded tests contain references to the old `keymgr`, which need to be updated. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
First draft for the `keymgr_dpe` functest which tests the basic functionality of the keymgr_dpe driver. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
…eep` Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Replace all occurrence of `keymgr` with their respective counterpart from `keymgr_dpe`. Currently this test does not end successfully, however the same error appears in the nightly build too. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Signed-off-by: Raphael Roth <rroth@lowrisc.org>
…estplan` Replace the `keymgr_testplan` with the `keymgr_dpe_testplan`. Temporarily disable all `crypto` tests as the library is not updated yet. Remove the `chip_sw_keymgr_derive_attestation` and the `chip_sw_keymgr_derive_sealing` as these tests cannot be ported directly. In the future, these tests should be included again as soon as a suitable replacement test is written. Signed-off-by: Raphael Roth <rroth@lowrisc.org>
Signed-off-by: Raphael Roth <rroth@lowrisc.org>
e5af58b to
a4efea8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR9 - Top level integration
This PR is the ninth in a series which will replace the keymgr with the kemgr_dpe in earlgrey. The replacement was approved by this RFC.
Merge-Dependencies
Note: The last three PR's (#30668 / #30670 / #30677) can only be merged after this PR is approved as the SW are not included in the build system until this PR.
Relevant Commits
The last ??? commits.
Description
This PR actually replaces the
keymgrwith thekeymgr_dpeon the top-layer. All backdoor loads in the chip_if.sv are disable for the time being. It is possible to select if the creator / owner seed is provided by either theflash_ctrlor theotp_ctrl. To avoid breaking a lot of tests they are updated directly inside this PR.The first commit encompasses all changes on the top-layer to replace the
keymgrwithkeymgr_dpe. I split all autogenerated code into a separate commit to allow for a faster review process.In general all commits in this PR needs to be squashed together as otherwise we will have a broken master between commits.