Pavona Software APIs
rnd.c
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#include "sw/device/silicon_creator/lib/drivers/rnd.h"
6
7#include "hw/top/dt/entropy_src.h"
8#include "hw/top/dt/rv_core_ibex.h"
9#include "sw/device/lib/arch/boot_stage.h"
10#include "sw/device/lib/base/abs_mmio.h"
11#include "sw/device/lib/base/crc32.h"
12#include "sw/device/lib/base/csr.h"
13#include "sw/device/lib/base/hardened.h"
14#include "sw/device/lib/base/macros.h"
15#include "sw/device/silicon_creator/lib/drivers/otp.h"
16
17#include "hw/top/entropy_src_regs.h"
18#include "hw/top/otp_ctrl_regs.h"
19#include "hw/top/rv_core_ibex_regs.h"
20
21enum {
22 // This covers the health threshold registers which are contiguous. The alert
23 // threshold register is not included here.
24 kNumHealthRegisters = 9,
25};
26
27static inline uint32_t entropy_src_base(void) {
28 return dt_entropy_src_primary_reg_block(kDtEntropySrc);
29}
30
31static inline uint32_t ibex_base(void) {
32 return dt_rv_core_ibex_primary_reg_block(kDtRvCoreIbex);
33}
34
35// Check the number of health registers covered by this driver.
36static_assert(kNumHealthRegisters ==
37 (ENTROPY_SRC_EXTHT_LO_THRESHOLDS_REG_OFFSET -
38 ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET) /
39 sizeof(uint32_t) +
40 1,
41 "Unexpected entropy_src health register count.");
42
43// Ensure the relative offsets of OTP versus entropy_src registers are
44// equivalent. This is imporant as rom_start.S uses a copy function to
45// copy the values from OTP into the entropy_src.
46#define ASSERT_REG_OFFSET(otp_offset_, entropy_src_offset_) \
47 static_assert( \
48 ((otp_offset_) - \
49 OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET) == \
50 ((entropy_src_offset_) - ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET), \
51 "OTP configuration offset does not match the expected entropy_src " \
52 "register offset")
53
54ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET,
55 ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET);
56ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS_OFFSET,
57 ENTROPY_SRC_REPCNTS_THRESHOLDS_REG_OFFSET);
58ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS_OFFSET,
59 ENTROPY_SRC_ADAPTP_HI_THRESHOLDS_REG_OFFSET);
60ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS_OFFSET,
61 ENTROPY_SRC_ADAPTP_LO_THRESHOLDS_REG_OFFSET);
62ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS_OFFSET,
63 ENTROPY_SRC_BUCKET_THRESHOLDS_REG_OFFSET);
64ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS_OFFSET,
65 ENTROPY_SRC_MARKOV_HI_THRESHOLDS_REG_OFFSET);
66ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS_OFFSET,
67 ENTROPY_SRC_MARKOV_LO_THRESHOLDS_REG_OFFSET);
68ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS_OFFSET,
69 ENTROPY_SRC_EXTHT_HI_THRESHOLDS_REG_OFFSET);
70ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS_OFFSET,
71 ENTROPY_SRC_EXTHT_LO_THRESHOLDS_REG_OFFSET);
72
73/**
74 * Calculates CRC32 over the entropy_src health test and alert thresholds.
75 */
76static uint32_t health_config_crc32(void) {
77 uint32_t ctx;
78 crc32_init(&ctx);
79
80 // Health test thresholds, whose offsets are statically checked.
81 uint32_t offset = ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET;
82 for (size_t i = 0; i < kNumHealthRegisters; ++i, offset += sizeof(uint32_t)) {
83 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() + offset));
84 }
85 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() +
86 ENTROPY_SRC_ALERT_THRESHOLD_REG_OFFSET));
87 return crc32_finish(&ctx);
88}
89
90rom_error_t rnd_health_config_check(lifecycle_state_t lc_state) {
91 if (otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) !=
92 kHardenedBoolTrue) {
93 return kErrorOk;
94 }
95
96 uint32_t crc32 = health_config_crc32();
97 rom_error_t res = crc32;
98
99 if (launder32(lc_state) == kLcStateTest) {
100 res ^= crc32 ^ kErrorOk;
101 HARDENED_CHECK_EQ(res, kErrorOk);
102 HARDENED_CHECK_EQ(lc_state, kLcStateTest);
103 return res;
104 }
105
106 res ^=
107 otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST_OFFSET);
108 if (launder32(res) != kErrorOk) {
109 return kErrorRndBadCrc32;
110 }
111
112 HARDENED_CHECK_EQ(res, kErrorOk);
113 return res;
114}
115
116uint32_t rnd_uint32(void) {
117 if (kBootStage == kBootStageOwner ||
118 otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) ==
119 kHardenedBoolTrue) {
120 // When bit-0 is clear an EDN request for new data for RND_DATA is
121 // pending.
122 while (!(abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_STATUS_REG_OFFSET) &
123 1)) {
124 }
125 }
126 uint32_t mcycle;
127 CSR_READ(CSR_REG_MCYCLE, &mcycle);
128 return mcycle +
129 abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_DATA_REG_OFFSET);
130}
131
132// Provides the source of randomness for `hardened_memshred` (see
133// `hardened_memory.h`). Declare as weak in case the cryptolib driver is also
134// included.
135OT_WEAK
136uint32_t hardened_memshred_random_word(void) { return rnd_uint32(); }
137
138// Provides the source of randomness for `random_order` (see `random_order.h`).
139// Declare as weak in case the cryptolib driver is also included.
140OT_WEAK
141uint32_t random_order_random_word(void) { return rnd_uint32(); }