From 8dffe3613d3e2bb848c81f284513b89138eb964a Mon Sep 17 00:00:00 2001 From: Miguel Osorio Date: Thu, 14 Nov 2024 14:37:16 -0800 Subject: [PATCH 1/5] [build] Introduce OTP emulation images. This change is in preparation for managing the SiVal silicon configuration using a separate OTP scaffolding. The `//sw/ip/otp_ctrl/data/earlgrey_skus/emulation` targets will contain OTP images used for simulation as well as FPGA emulation. FPGA emulation images will include both pre-silicon and post-silicon use cases. Targets under `//sw/ip/otp_ctrl/data/earlgrey_skus/sival` will be used strictly for configuring silicon for Silicon Validation flows. We refer to this as the SiVal SKU. The SiVal SKU will contain secure boot public keys backed by code-signing infrastructure as opposed to the the `emulation` configuration which will continue to use the test (i.e. fake) keys stored in the repository. Signed-off-by: Miguel Osorio --- hw/bitstream/README.md | 2 +- hw/top_earlgrey/BUILD | 8 +- hw/top_earlgrey/data/otp/emulation/BUILD | 371 ++++++++++++++++++ sw/device/silicon_creator/manuf/README.md | 2 +- sw/device/silicon_creator/manuf/base/BUILD | 4 +- .../manuf/base/provisioning_inputs.bzl | 1 + sw/device/silicon_creator/manuf/lib/BUILD | 2 +- sw/device/tests/BUILD | 28 +- sw/device/tests/doc/sival/devguide.md | 9 +- 9 files changed, 401 insertions(+), 26 deletions(-) create mode 100644 hw/top_earlgrey/data/otp/emulation/BUILD diff --git a/hw/bitstream/README.md b/hw/bitstream/README.md index 45058b1168e69..1f51c7aa2376b 100644 --- a/hw/bitstream/README.md +++ b/hw/bitstream/README.md @@ -35,7 +35,7 @@ opentitan_test( name = "individualize_sw_cfg_functest", srcs = ["individualize_sw_cfg_functest.c"], fpga = fpga_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked0_manuf_initialized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked0_manuf_initialized", tags = ["manuf"], ), exec_env = { diff --git a/hw/top_earlgrey/BUILD b/hw/top_earlgrey/BUILD index 6d3f5a4d92cc9..eaab473f0b392 100644 --- a/hw/top_earlgrey/BUILD +++ b/hw/top_earlgrey/BUILD @@ -239,7 +239,7 @@ fpga_cw310( # binary. ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, exec_env = "fpga_cw310_sival", - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, tags = ["cw310_sival"], ) @@ -259,7 +259,7 @@ fpga_cw310( "//sw/device/lib/arch:fpga_cw310", "//hw/top_earlgrey/sw/dt:fpga_cw310", ], - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a", tags = ["cw310_sival_rom_ext"], ) @@ -394,7 +394,7 @@ fpga_cw340( # binary. ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, exec_env = "fpga_cw340_sival", - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, tags = ["cw340_sival"], ) @@ -414,7 +414,7 @@ fpga_cw340( "//sw/device/lib/arch:fpga_cw340", "//hw/top_earlgrey/sw/dt:fpga_cw340", ], - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a", tags = ["cw340_sival_rom_ext"], ) diff --git a/hw/top_earlgrey/data/otp/emulation/BUILD b/hw/top_earlgrey/data/otp/emulation/BUILD new file mode 100644 index 0000000000000..d83de8149da57 --- /dev/null +++ b/hw/top_earlgrey/data/otp/emulation/BUILD @@ -0,0 +1,371 @@ +# Copyright lowRISC contributors (OpenTitan project). +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +# SKU: SiVal Bringup. ASCII code `SV00`. +# The SiVal bringup SKU is intended to be use in early bring-up stages of +# Earl Grey silicon. Some of the countermeasures in the ROM are disabled to +# de-risk bring-up and provisioning tests. + +load( + "//rules:const.bzl", + "CONST", + "EARLGREY_ALERTS", + "EARLGREY_LOC_ALERTS", + "get_lc_items", +) +load( + "//rules:otp.bzl", + "OTP_SIGVERIFY_FAKE_KEYS", + "otp_alert_classification", + "otp_alert_digest", + "otp_hex", + "otp_image", + "otp_image_consts", + "otp_json", + "otp_partition", + "otp_per_class_bytes", + "otp_per_class_ints", + "otp_per_class_lists", +) + +package(default_visibility = ["//visibility:public"]) + +otp_json( + name = "otp_json_creator_sw_cfg", + partitions = [ + otp_partition( + name = "CREATOR_SW_CFG", + items = { + # Enable AST initialization. + # CREATOR_SW_CFG_AST_CFG is handled by the manufacturing flow + # and not listed directly in this configuration. + "CREATOR_SW_CFG_AST_INIT_EN": otp_hex(CONST.MUBI4_TRUE), + "CREATOR_SW_CFG_ROM_EXT_SKU": otp_hex(0x0), + # Enable SPX+ signature verification. See the definitions of + # `kSigverifySpxDisabledOtp` in + # sw/device/silicon_creator/lib/sigverify/spx_verify.h for + # details on how to disable this feature. + "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x0), + # Enable flash data page scrambling and ECC. + "CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG": "0000090606", + "CREATOR_SW_CFG_FLASH_INFO_BOOT_DATA_CFG": otp_hex(0x0), + "CREATOR_SW_CFG_FLASH_HW_INFO_CFG_OVERRIDE": otp_hex(0x0), + # Disable use of entropy for countermeasures. See the definition + # of `hardened_bool_t` in sw/device/lib/base/hardened.h. + "CREATOR_SW_CFG_RNG_EN": otp_hex(CONST.HARDENED_FALSE), + "CREATOR_SW_CFG_JITTER_EN": otp_hex(CONST.MUBI4_FALSE), + "CREATOR_SW_CFG_RET_RAM_RESET_MASK": otp_hex(0x0), + "CREATOR_SW_CFG_MANUF_STATE": otp_hex(CONST.MANUF_STATE.SIVAL), + # ROM execution is enabled if this item is set to a non-zero + # value. + "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), + # Value to write to the cpuctrl CSR in `rom_init()`. + # See: + # https://ibex-core.readthedocs.io/en/latest/03_reference/cs_registers.html#cpu-control-register-cpuctrl + # CPUCTRL = 0x1 enables ICACHE. + "CREATOR_SW_CFG_CPUCTRL": otp_hex(0x1), + # Value of the min_security_version_rom_ext field of the + # default boot data. + "CREATOR_SW_CFG_MIN_SEC_VER_ROM_EXT": otp_hex(0x0), + # Value of the min_security_version_bl0 field of the default + # boot data. + "CREATOR_SW_CFG_MIN_SEC_VER_BL0": otp_hex(0x0), + # Enable the default boot data in PROD and PROD_END life cycle + # states. See the definition of `hardened_bool_t` in + # sw/device/lib/base/hardened.h. + "CREATOR_SW_CFG_DEFAULT_BOOT_DATA_IN_PROD_EN": otp_hex(CONST.HARDENED_TRUE), + # This enables a busyloop in the ROM to give time to + # trigger an RMA lifecycle transition via JTAG. + # TODO: The following value needs to be updated once we have an + # idea of how many cycles are needed to enter RMA. + "CREATOR_SW_CFG_RMA_SPIN_EN": otp_hex(CONST.HARDENED_TRUE), + "CREATOR_SW_CFG_RMA_SPIN_CYCLES": otp_hex(0x2000000), + # Entropy source health check default values. This needs to be + # populated when `CREATOR_SW_CFG_RNG_EN` is set to true. + "CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_ALERT_THRESHOLD": otp_hex(0xfffd0002), + "CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST": otp_hex(0x8264cf75), + + # Any value different than `CONST.HARDENED_FALSE` will force + # main SRAM scramble key rotation. + "CREATOR_SW_CFG_SRAM_KEY_RENEW_EN": otp_hex(0x0), + + # Disable the use of the ROM_EXT immutable section. + "CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN": otp_hex(CONST.HARDENED_FALSE), + }, + ), + ], +) + +otp_json( + name = "otp_json_owner_sw_cfg", + partitions = [ + otp_partition( + name = "OWNER_SW_CFG", + items = { + # Report errors without any redaction. + "OWNER_SW_CFG_ROM_ERROR_REPORTING": otp_hex(CONST.SHUTDOWN.REDACT.NONE), + # Enable bootstrap. See `hardened_bool_t` in + # sw/device/lib/base/hardened.h. + "OWNER_SW_CFG_ROM_BOOTSTRAP_DIS": otp_hex(CONST.HARDENED_FALSE), + # Set the enables to kAlertEnableNone. + # See `alert_enable_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_CLASS_EN": otp_per_class_bytes( + A = CONST.ALERT.NONE, + B = CONST.ALERT.NONE, + C = CONST.ALERT.NONE, + D = CONST.ALERT.NONE, + ), + # Set the escalation policies to kAlertEscalateNone. + # See `alert_escalate_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_ESCALATION": otp_per_class_bytes( + A = CONST.ALERT.ESC_NONE, + B = CONST.ALERT.ESC_NONE, + C = CONST.ALERT.ESC_NONE, + D = CONST.ALERT.ESC_NONE, + ), + # Set the classifications to kAlertClassX. + # See `alert_class_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_CLASSIFICATION": otp_alert_classification( + alert_list = EARLGREY_ALERTS, + # The ordering is "prod, prod_end, dev, rma" + default = "X, X, X, X", + ), + # Set the classifications to kAlertClassX. See `alert_class_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_LOCAL_ALERT_CLASSIFICATION": otp_alert_classification( + alert_list = EARLGREY_LOC_ALERTS, + # The ordering is "prod, prod_end, dev, rma" + default = "X, X, X, X", + ), + # Set the alert accumulation thresholds to 0 per class. + "OWNER_SW_CFG_ROM_ALERT_ACCUM_THRESH": otp_per_class_ints( + A = 0, + B = 0, + C = 0, + D = 0, + ), + # Set the alert timeout cycles to 0 per class. + "OWNER_SW_CFG_ROM_ALERT_TIMEOUT_CYCLES": otp_per_class_ints( + A = 0, + B = 0, + C = 0, + D = 0, + ), + # Set the alert phase cycles to 0,10,10,0xFFFFFFFF for classes + # A and B, and to all zeros for classes C and D. + "OWNER_SW_CFG_ROM_ALERT_PHASE_CYCLES": otp_per_class_lists( + A = "0x0, 0xa, 0xa, 0xffffffff", + B = "0x0, 0xa, 0xa, 0xffffffff", + C = "0x0, 0x0, 0x0, 0x0", + D = "0x0, 0x0, 0x0, 0x0", + ), + "OWNER_SW_CFG_ROM_WATCHDOG_BITE_THRESHOLD_CYCLES": otp_hex(0x0), + # Set to 0x739 to use the OTP hash measurement of the software + # readable OTP partitions as the key manager attestation binding + # value. Since our attestation scheme is not finalized, we keep + # this unprovisioned (disabled). + "OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN": otp_hex(0x0), + "OWNER_SW_CFG_MANUF_STATE": otp_hex(0x0), + "OWNER_SW_CFG_ROM_RSTMGR_INFO_EN": otp_hex(0x0), + # Disable ROM_EXT recovery feature. + "OWNER_SW_CFG_ROM_EXT_BOOTSTRAP_EN": otp_hex(0x0), + # Disable SRAM readback for both ret-ram and main sram. + "OWNER_SW_CFG_ROM_SRAM_READBACK_EN": otp_hex(CONST.MUBI4_FALSE << 4 | CONST.MUBI4_FALSE), + "OWNER_SW_CFG_ROM_PRESERVE_RESET_REASON_EN": otp_hex(CONST.HARDENED_FALSE), + "OWNER_SW_CFG_ROM_RESET_REASON_CHECK_VALUE": otp_hex(CONST.HARDENED_FALSE << 16 | CONST.HARDENED_FALSE), + "OWNER_SW_CFG_ROM_FLASH_ECC_EXC_HANDLER_EN": otp_hex(CONST.HARDENED_TRUE), + # By default, the sensor_ctrl should disable all sensors and mark + # alerts as recoverable. + "OWNER_SW_CFG_ROM_SENSOR_CTRL_ALERT_CFG": [ + otp_hex(0x69696969), + otp_hex(0x69696969), + otp_hex(0x69696969), + ], + }, + ), + ], +) + +# Create an overlay for the alert_handler digest. +otp_alert_digest( + name = "alert_digest_cfg", + otp_img = ":otp_json_owner_sw_cfg", +) + +# Create an overlay that enables the rv_dm late debug feature. +otp_json( + name = "otp_json_hw_cfg1_enable_rv_dm_late_debug", + partitions = [ + otp_partition( + name = "HW_CFG1", + items = { + # Use legacy behavior and disable late debug enable. + "DIS_RV_DM_LATE_DEBUG": False, + }, + lock = True, + ), + ], +) + +# The `LC_MISSION_STATES` object contains the set of mission mode life cycle +# states. A device is considered to be mission mode configured if it has a +# matching `MANUF_PERSONALIZED` OTP configuration. +LC_MISSION_STATES = get_lc_items( + CONST.LCV.DEV, + CONST.LCV.PROD, + CONST.LCV.PROD_END, +) + +# The `MANUF_INITIALIZED` OTP profile configures the SECRET0 partition to +# enable the device to transition between test_unlock and test_locked states, +# as well as to transition out of test_unlock into any mission mode state. +# This profile represents the OTP state of a device that has completed CP +# provisioning. +MANUF_INITIALIZED = [ + "//hw/top_earlgrey/data/otp:otp_json_fixed_secret0", +] + +# The `MANUF_SW_INITIALIZED` OTP profile configures the following partitions: +# - CREATOR_SW_CFG, and +# - OWNER_SW_CFG. +# This profile is used to construct the `MANUF_INDIVIDUALIZED` profile below. +MANUF_SW_INITIALIZED = [ + ":alert_digest_cfg", + ":otp_json_creator_sw_cfg", + ":otp_json_owner_sw_cfg", +] + +# The `MANUF_INDIVIDUALIZED` OTP profile configures the following partitions: +# - CREATOR_SW_CFG, +# - OWNER_SW_CFG, +# - ROT_CREATOR_AUTH_CODESIGN, +# - ROT_CREATOR_AUTH_STATE, and +# - HW_CFG0/1. +# It also includes the `MANUF_INITIALIZED` profile defined above. It represents +# the OTP state of a device that has completed FT individualize provisioning. +MANUF_INDIVIDUALIZED = MANUF_INITIALIZED + MANUF_SW_INITIALIZED + OTP_SIGVERIFY_FAKE_KEYS + [ + "//hw/top_earlgrey/data/otp:otp_json_hw_cfg0", + "//hw/top_earlgrey/data/otp:otp_json_hw_cfg1", +] + +# The `MANUF_PERSONALIZED` OTP profile configures the SECRET1 and SECRET2 OTP +# partitions. It also includes the `MANUF_INDIVIDUALIZED` profile. It represents +# the OTP state of a device that has completed all provisioning steps. +MANUF_PERSONALIZED = MANUF_INDIVIDUALIZED + [ + "//hw/top_earlgrey/data/otp:otp_json_secret1", + "//hw/top_earlgrey/data/otp:otp_json_fixed_secret2", +] + +# OTP *_SW_CFG and ROT_CREATOR_AUTH_* constants used to generate an FT +# individualization binary. +otp_image_consts( + name = "otp_consts_c_file", + src = "//hw/top_earlgrey/data/otp:otp_json_baseline", + # Do not add additional overlays here. Update the `MANUF_SW_INITIALIZED` + # OTP profile instead. + overlays = MANUF_SW_INITIALIZED + OTP_SIGVERIFY_FAKE_KEYS, +) + +# Library containing {CREATOR,OWNER}_SW_CFG and +# ROT_CREATOR_AUTH_{CODESIGN,STATE} partition constants. +cc_library( + name = "otp_consts", + srcs = [":otp_consts_c_file"], + deps = [ + "//hw/top:otp_ctrl_c_regs", + "//sw/device/silicon_creator/manuf/lib:otp_img_types", + ], +) + +# Initial test_unlocked state. Only applicable for test_unlocked0. All other +# test states require the SECRET0 partition to be configured. +# In this configuration, ROM execution is disabled by default. JTAG should be +# used to bootstrap code into SRAM or FLASH. +# See sw/device/tests/doc/sival/devguide.md for more details. +otp_image( + name = "otp_img_test_unlocked0_manuf_empty", + src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked0", +) + +# `MANUF_INITIALIZED` configuration. This configuration will be generally used +# to lock the chips before shipping to the Final-Test test house. +# See sw/device/tests/doc/sival/devguide.md for more details. +otp_image( + name = "otp_img_test_locked0_manuf_initialized", + src = "//hw/top_earlgrey/data/otp:otp_json_test_locked0", + overlays = MANUF_INITIALIZED, +) + +# `MANUF_INITIALIZED` OTP configuration. Available on TEST_UNLOCK states 1-7. +# See sw/device/tests/doc/sival/devguide.md for more details. +[ + otp_image( + name = "otp_img_test_unlocked{}_manuf_initialized".format(i), + src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked{}".format(i), + overlays = MANUF_INITIALIZED, + ) + for i in range(1, 8) +] + +# `MANUF_INDIVIDUALIZED` configuration. Available on TEST_UNLOCK states 1-7, as +# well as DEV, PROD, PROD_END and RMA. This configuration has flash scrambling +# disabled. See the personalized OTP configuration for targets requiring flash +# scrambling enabled. +# See sw/device/tests/doc/sival/devguide.md for more details. +[ + otp_image( + name = "otp_img_{}_manuf_individualized".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), + overlays = MANUF_INDIVIDUALIZED, + ) + for lc_state, _ in get_lc_items( + CONST.LCV.TEST_UNLOCKED1, + CONST.LCV.TEST_UNLOCKED2, + CONST.LCV.TEST_UNLOCKED3, + CONST.LCV.TEST_UNLOCKED4, + CONST.LCV.TEST_UNLOCKED5, + CONST.LCV.TEST_UNLOCKED6, + CONST.LCV.TEST_UNLOCKED7, + CONST.LCV.DEV, + CONST.LCV.PROD, + CONST.LCV.PROD_END, + ) +] + +# `MANUF_PERSONALIZED` configuration. Available on `LC_MISSION_STATES` life +# cycle states. +# See sw/device/tests/doc/sival/devguide.md for more details. +[ + otp_image( + name = "otp_img_{}_manuf_personalized".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), + overlays = MANUF_PERSONALIZED, + ) + for lc_state, _ in LC_MISSION_STATES +] + +otp_image( + name = "otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", + src = "//hw/top_earlgrey/data/otp:otp_json_dev", + overlays = MANUF_PERSONALIZED + [":otp_json_hw_cfg1_enable_rv_dm_late_debug"], +) + +# `MANUF_PERSONALIZED` configuration for RMA. Only available in secure environments. +otp_image( + name = "otp_img_rma_manuf_personalized", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", + overlays = MANUF_PERSONALIZED, +) diff --git a/sw/device/silicon_creator/manuf/README.md b/sw/device/silicon_creator/manuf/README.md index 55a231e6138cb..b7cf17c91127c 100644 --- a/sw/device/silicon_creator/manuf/README.md +++ b/sw/device/silicon_creator/manuf/README.md @@ -16,7 +16,7 @@ ## Manufacturing Stages The following section describes the EarlGrey manufacturing stages with respect -to the state of OTP. See `//hw/top_earlgrey/data/otp/sival_skus/BUILD` +to the state of OTP. See `//hw/top_earlgrey/data/otp/emulation/BUILD` for more details. ### `MANUF_EMPTY` diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD index c5b3d5c826513..72009b3dccc9b 100644 --- a/sw/device/silicon_creator/manuf/base/BUILD +++ b/sw/device/silicon_creator/manuf/base/BUILD @@ -136,7 +136,7 @@ opentitan_test( binaries = {":sram_cp_provision": "sram_cp_provision"}, changes_otp = True, needs_jtag = True, - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked0_manuf_empty", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked0_manuf_empty", tags = ["manuf"], test_cmd = _CP_PROVISIONING_CMD_ARGS, test_harness = _CP_PROVISIONING_HARNESS, @@ -404,7 +404,7 @@ filegroup( changes_otp = True, data = config["ca_data"], needs_jtag = True, - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_locked0_manuf_initialized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_test_locked0_manuf_initialized", owner_slot_b = OWNER_SLOTS["b"], rom_ext_slot_a = SLOTS["a"], rom_ext_slot_b = SLOTS["b"], diff --git a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl index 6b43499dec677..efcee8c4b8ba1 100644 --- a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl +++ b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl @@ -13,6 +13,7 @@ load( # these bazel targets. EARLGREY_OTP_CFGS = { "sival": "//hw/top_earlgrey/data/otp/sival_skus:otp_consts", + "emulation": "//hw/top_earlgrey/data/otp/emulation:otp_consts", } | EXT_EARLGREY_OTP_CFGS # A dictionary of SKU configurations that will be used to generate FT diff --git a/sw/device/silicon_creator/manuf/lib/BUILD b/sw/device/silicon_creator/manuf/lib/BUILD index 3fe3a079ba05e..c6cb8f3fadd37 100644 --- a/sw/device/silicon_creator/manuf/lib/BUILD +++ b/sw/device/silicon_creator/manuf/lib/BUILD @@ -269,7 +269,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_individualized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_individualized", tags = [ "lc_dev", "manuf", diff --git a/sw/device/tests/BUILD b/sw/device/tests/BUILD index c9f8b17bfce46..6e2f119dd4c31 100644 --- a/sw/device/tests/BUILD +++ b/sw/device/tests/BUILD @@ -827,7 +827,7 @@ opentitan_test( {"//hw/top_earlgrey:fpga_cw310_sival": None}, ), fpga = fpga_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_personalized", ), verilator = verilator_params(tags = ["broken"]), deps = [ @@ -844,7 +844,7 @@ opentitan_test( "//hw/top_earlgrey:sim_verilator": None, }, fpga = fpga_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_personalized", # TODO(lowrisc/opentitan#19620): fpga doesn't support lowering main clk frequency tags = ["broken"], ), @@ -1896,13 +1896,13 @@ test_suite( name = "flash_ctrl_info_access_lc_{}_personalized".format(lc_state), srcs = ["flash_ctrl_info_access_lc.c"], dv = dv_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_{}_manuf_personalized".format(lc_state), + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_{}_manuf_personalized".format(lc_state), ), exec_env = { "//hw/top_earlgrey:fpga_cw310_sival": None, }, fpga = fpga_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_{}_manuf_personalized".format(lc_state), + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_{}_manuf_personalized".format(lc_state), ), deps = [ "//hw/top_earlgrey/sw/autogen:top_earlgrey", @@ -2050,7 +2050,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_personalized", tags = [ "broken", "lc_dev", @@ -5626,7 +5626,7 @@ opentitan_test( }, ), fpga = fpga_params( - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", test_cmd = """ --bootstrap="{firmware}" """, @@ -5773,12 +5773,12 @@ opentitan_test( ) _SIVAL_OTP_IMAGE = { - "test_unlocked1": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked1_manuf_individualized", - "test_locked0": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_locked0_manuf_initialized", - "dev": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", - "prod": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", - "prod_end": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_end_manuf_personalized", - "rma": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_rma_manuf_personalized", + "test_unlocked1": "//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked1_manuf_individualized", + "test_locked0": "//hw/top_earlgrey/data/otp/emulation:otp_img_test_locked0_manuf_initialized", + "dev": "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_personalized", + "prod": "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", + "prod_end": "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_end_manuf_personalized", + "rma": "//hw/top_earlgrey/data/otp/emulation:otp_img_rma_manuf_personalized", } _RV_DM_JTAG_LC_STATES = get_lc_items( @@ -5804,7 +5804,7 @@ _RV_DM_TEST_CONFIGURATIONS = [ "name": "dev_rv_dm_delayed_enabled", "lc_state": "dev", "rv_dm_delayed_en": "--rv-dm-delayed-enable", - "otp": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", + "otp": "//hw/top_earlgrey/data/otp/emulation:otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", }, { "name": "rma", @@ -7412,7 +7412,7 @@ opentitan_test( fpga = fpga_params( timeout = "moderate", needs_jtag = True, - otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_rma_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_rma_manuf_personalized", test_cmd = " ".join([ "--bootstrap=\"{firmware}\"", "--firmware-elf=\"{firmware:elf}\"", diff --git a/sw/device/tests/doc/sival/devguide.md b/sw/device/tests/doc/sival/devguide.md index 5180817349644..db3521ef45464 100644 --- a/sw/device/tests/doc/sival/devguide.md +++ b/sw/device/tests/doc/sival/devguide.md @@ -79,8 +79,11 @@ Silicon bring-up and validation activities have to be planned in a way that minimizes the number of OTP configurations given that there may be limited availability of samples during early post-silicon stages. -`//hw/top_earlgrey/data/otp/sival_skus/BUILD` contains the OTP -configurations used in Silicon Validation (SiVal) for the EarlGrey design. +* `//hw/top_earlgrey/data/otp/emulation/BUILD`: contains the OTP + configurations used for pre-silicon simulation and emulation, as well as for + Silicon Validation (SiVal) targets running on the FPGA. +* `//hw/top_earlgrey/data/otp/sival_skus/BUILD`: contains the OTP + configurations used in Silicon Validation (SiVal) for the EarlGrey design. ### `:otp_img_test_unlocked0_manuf_empty` @@ -187,7 +190,7 @@ Configuration: ```python { rom = "//sw/device/silicon_creator/rom:mask_rom", - otp = "//hw/top_earlgrey/otp/data/sival_skus:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_prod_manuf_personalized", } ``` From daa02179cb596b879daf1785e33a702917c2fbe3 Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Fri, 18 Jul 2025 17:44:14 +0200 Subject: [PATCH 2/5] [doc,provisioning] Fix wrong bazel target Signed-off-by: Amaury Pouly --- sw/host/provisioning/orchestrator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sw/host/provisioning/orchestrator/README.md b/sw/host/provisioning/orchestrator/README.md index 4f7d03aee13e8..b4f3140e6b910 100644 --- a/sw/host/provisioning/orchestrator/README.md +++ b/sw/host/provisioning/orchestrator/README.md @@ -12,7 +12,7 @@ To run on an CW310 FPGA for testing, run: ``` bazel run \ --//hw/bitstream/universal:env=//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys \ - --//hw/bitstream/universal:otp=//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_unlocked0_manuf_empty \ + --//hw/bitstream/universal:otp=//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked0_manuf_empty \ //sw/host/provisioning/orchestrator/src:orchestrator -- \ --sku-config=$(pwd)/sw/host/provisioning/orchestrator/configs/skus/sival.hjson \ --test-unlock-token="0x11111111_11111111_11111111_11111111" \ From 4d25cf68777300ea815d177c2b33b039141001b3 Mon Sep 17 00:00:00 2001 From: Miguel Osorio Date: Fri, 15 Nov 2024 11:40:01 -0800 Subject: [PATCH 3/5] [sival] Remove unused OTP targets from sival SKU. The provisioning firmware contains hardcoded settings for the HWCFG1 partition, and uses data generated at manufacturing time to calculate the DEVICE_ID. As a result, most of the otp image targets and hardware partition settings in the sival SKU, are not derived from the OTP build targets. This change removes unused tardgets to simplify the build / provisioning maintenance. pre-silicon and post-silicon simulation and emulation environments should use the emulation SKU instead. Signed-off-by: Miguel Osorio --- hw/top_earlgrey/data/otp/sival_skus/BUILD | 156 +--------------------- 1 file changed, 7 insertions(+), 149 deletions(-) diff --git a/hw/top_earlgrey/data/otp/sival_skus/BUILD b/hw/top_earlgrey/data/otp/sival_skus/BUILD index a04998970f8e7..21264e7b875e1 100644 --- a/hw/top_earlgrey/data/otp/sival_skus/BUILD +++ b/hw/top_earlgrey/data/otp/sival_skus/BUILD @@ -12,7 +12,6 @@ load( "CONST", "EARLGREY_ALERTS", "EARLGREY_LOC_ALERTS", - "get_lc_items", ) load( "//rules:otp.bzl", @@ -20,7 +19,6 @@ load( "otp_alert_classification", "otp_alert_digest", "otp_hex", - "otp_image", "otp_image_consts", "otp_json", "otp_partition", @@ -206,79 +204,19 @@ otp_alert_digest( otp_img = ":otp_json_owner_sw_cfg", ) -# Create an overlay that enalbes the rv_dm late debug feature. -otp_json( - name = "otp_json_hw_cfg1_enable_rv_dm_late_debug", - partitions = [ - otp_partition( - name = "HW_CFG1", - items = { - # Use legacy behavior and disable late debug enable. - "DIS_RV_DM_LATE_DEBUG": False, - }, - lock = True, - ), - ], -) - -# The `LC_MISSION_STATES` object contains the set of mission mode life cycle -# states. A device is considered to be mission mode configured if it has a -# matching `MANUF_PERSONALIZED` OTP configuration. -LC_MISSION_STATES = get_lc_items( - CONST.LCV.DEV, - CONST.LCV.PROD, - CONST.LCV.PROD_END, -) - -# The `MANUF_INITIALIZED` OTP profile configures the SECRET0 partition to -# enable the device to transition between test_unlock and test_locked states, -# as well as to transition out of test_unlock into any mission mode state. -# This profile represents the OTP state of a device that has completed CP -# provisioning. -MANUF_INITIALIZED = [ - "//hw/top_earlgrey/data/otp:otp_json_fixed_secret0", -] - -# The `MANUF_SW_INITIALIZED` OTP profile configures the following partitions: -# - CREATOR_SW_CFG, and -# - OWNER_SW_CFG. -# This profile is used to construct the `MANUF_INDIVIDUALIZED` profile below. -MANUF_SW_INITIALIZED = [ - ":alert_digest_cfg", - ":otp_json_creator_sw_cfg", - ":otp_json_owner_sw_cfg", -] - -# The `MANUF_INDIVIDUALIZED` OTP profile configures the following partitions: -# - CREATOR_SW_CFG, -# - OWNER_SW_CFG, -# - ROT_CREATOR_AUTH_CODESIGN, -# - ROT_CREATOR_AUTH_STATE, and -# - HW_CFG0/1. -# It also includes the `MANUF_INITIALIZED` profile defined above. It represents -# the OTP state of a device that has completed FT individualize provisioning. -MANUF_INDIVIDUALIZED = MANUF_INITIALIZED + MANUF_SW_INITIALIZED + OTP_SIGVERIFY_FAKE_KEYS + [ - "//hw/top_earlgrey/data/otp:otp_json_hw_cfg0", - "//hw/top_earlgrey/data/otp:otp_json_hw_cfg1", -] - -# The `MANUF_PERSONALIZED` OTP profile configures the SECRET1 and SECRET2 OTP -# partitions. It also includes the `MANUF_INDIVIDUALIZED` profile. It represents -# the OTP state of a device that has completed all provisioning steps. -MANUF_PERSONALIZED = MANUF_INDIVIDUALIZED + [ - "//hw/top_earlgrey/data/otp:otp_json_secret1", - "//hw/top_earlgrey/data/otp:otp_json_fixed_secret2", -] - # OTP *_SW_CFG and ROT_CREATOR_AUTH_* constants used to generate an FT # individualization binary. otp_image_consts( name = "otp_consts_c_file", src = "//hw/top_earlgrey/data/otp:otp_json_baseline", mmap_def = "//hw/top_earlgrey/data/otp:otp_ctrl_mmap.hjson", - # Do not add additional overlays here. Update the `MANUF_SW_INITIALIZED` - # OTP profile instead. - overlays = MANUF_SW_INITIALIZED + OTP_SIGVERIFY_FAKE_KEYS, + # TODO: Replace `OTP_SIGVERIFY_FAKE_KEYS` for real keys once they are + # available. + overlays = [ + ":alert_digest_cfg", + ":otp_json_creator_sw_cfg", + ":otp_json_owner_sw_cfg", + ] + OTP_SIGVERIFY_FAKE_KEYS, ) # Library containing {CREATOR,OWNER}_SW_CFG and @@ -291,83 +229,3 @@ cc_library( "//sw/device/silicon_creator/manuf/lib:otp_img_types", ], ) - -# Initial test_unlocked state. Only applicable for test_unlocked0. All other -# test states require the SECRET0 partition to be configured. -# In this configuration, ROM execution is disabled by default. JTAG should be -# used to bootstrap code into SRAM or FLASH. -# See sw/device/tests/doc/sival/devguide.md for more details. -otp_image( - name = "otp_img_test_unlocked0_manuf_empty", - src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked0", -) - -# `MANUF_INITIALIZED` configuration. This configuration will be generally used -# to lock the chips before shipping to the Final-Test test house. -# See sw/device/tests/doc/sival/devguide.md for more details. -otp_image( - name = "otp_img_test_locked0_manuf_initialized", - src = "//hw/top_earlgrey/data/otp:otp_json_test_locked0", - overlays = MANUF_INITIALIZED, -) - -# `MANUF_INITIALIZED` OTP configuration. Available on TEST_UNLOCK states 1-7. -# See sw/device/tests/doc/sival/devguide.md for more details. -[ - otp_image( - name = "otp_img_test_unlocked{}_manuf_initialized".format(i), - src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked{}".format(i), - overlays = MANUF_INITIALIZED, - ) - for i in range(1, 8) -] - -# `MANUF_INDIVIDUALIZED` configuration. Available on TEST_UNLOCK states 1-7, as -# well as DEV, PROD, PROD_END and RMA. This configuration has flash scrambling -# disabled. See the personalized OTP configuration for targets requiring flash -# scrambling enabled. -# See sw/device/tests/doc/sival/devguide.md for more details. -[ - otp_image( - name = "otp_img_{}_manuf_individualized".format(lc_state), - src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), - overlays = MANUF_INDIVIDUALIZED, - ) - for lc_state, _ in get_lc_items( - CONST.LCV.TEST_UNLOCKED1, - CONST.LCV.TEST_UNLOCKED2, - CONST.LCV.TEST_UNLOCKED3, - CONST.LCV.TEST_UNLOCKED4, - CONST.LCV.TEST_UNLOCKED5, - CONST.LCV.TEST_UNLOCKED6, - CONST.LCV.TEST_UNLOCKED7, - CONST.LCV.DEV, - CONST.LCV.PROD, - CONST.LCV.PROD_END, - ) -] - -# `MANUF_PERSONALIZED` configuration. Available on `LC_MISSION_STATES` life -# cycle states. -# See sw/device/tests/doc/sival/devguide.md for more details. -[ - otp_image( - name = "otp_img_{}_manuf_personalized".format(lc_state), - src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), - overlays = MANUF_PERSONALIZED, - ) - for lc_state, _ in LC_MISSION_STATES -] - -otp_image( - name = "otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", - src = "//hw/top_earlgrey/data/otp:otp_json_dev", - overlays = MANUF_PERSONALIZED + [":otp_json_hw_cfg1_enable_rv_dm_late_debug"], -) - -# `MANUF_PERSONALIZED` configuration for RMA. Only available in secure environments. -otp_image( - name = "otp_img_rma_manuf_personalized", - src = "//hw/top_earlgrey/data/otp:otp_json_rma", - overlays = MANUF_PERSONALIZED, -) From 909c8e77ca18c172f0e6dd9a047475104ce4039f Mon Sep 17 00:00:00 2001 From: Miguel Osorio Date: Fri, 15 Nov 2024 12:04:30 -0800 Subject: [PATCH 4/5] [otp] Remove SiVal manuf identifier from emulation images. The use of `CREATOR_SW_CFG_MANUF_STATE` as the SKU identifier is getting deprecated in favor of using the DeviceID. The DeviceID definition contains enough information to constraint code signatures to a particular SKU. The `CREATOR_SW_CFG_MANUF_STATE` will be used to capture the manufacturing state of the device. At the end of manufacturing, there will be a value configured to flag end of manufacturing. Signed-off-by: Miguel Osorio --- hw/top_earlgrey/data/otp/emulation/BUILD | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hw/top_earlgrey/data/otp/emulation/BUILD b/hw/top_earlgrey/data/otp/emulation/BUILD index d83de8149da57..efbcbf5cc4c18 100644 --- a/hw/top_earlgrey/data/otp/emulation/BUILD +++ b/hw/top_earlgrey/data/otp/emulation/BUILD @@ -2,10 +2,8 @@ # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 -# SKU: SiVal Bringup. ASCII code `SV00`. -# The SiVal bringup SKU is intended to be use in early bring-up stages of -# Earl Grey silicon. Some of the countermeasures in the ROM are disabled to -# de-risk bring-up and provisioning tests. +# This file contains the build rules for the OTP data for pre-silicon and +# post-silicon simulation and emulation targets. load( "//rules:const.bzl", @@ -56,7 +54,7 @@ otp_json( "CREATOR_SW_CFG_RNG_EN": otp_hex(CONST.HARDENED_FALSE), "CREATOR_SW_CFG_JITTER_EN": otp_hex(CONST.MUBI4_FALSE), "CREATOR_SW_CFG_RET_RAM_RESET_MASK": otp_hex(0x0), - "CREATOR_SW_CFG_MANUF_STATE": otp_hex(CONST.MANUF_STATE.SIVAL), + "CREATOR_SW_CFG_MANUF_STATE": otp_hex(CONST.MANUF_STATE.PERSONALIZED), # ROM execution is enabled if this item is set to a non-zero # value. "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), From 9c666da0db475585cfeb32a48e1e36002f41abdb Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Thu, 24 Jul 2025 14:32:24 +0000 Subject: [PATCH 5/5] [rom_ext, emulation] Temporarily disable SPX signing of ROM_EXT This is essentially applying #26061 to the emulation OTP images. See #26060 for the rationale and plan for re-enabling SPX signatures. Signed-off-by: Amaury Pouly --- hw/top_earlgrey/data/otp/emulation/BUILD | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/top_earlgrey/data/otp/emulation/BUILD b/hw/top_earlgrey/data/otp/emulation/BUILD index efbcbf5cc4c18..6eaf77d529147 100644 --- a/hw/top_earlgrey/data/otp/emulation/BUILD +++ b/hw/top_earlgrey/data/otp/emulation/BUILD @@ -40,11 +40,12 @@ otp_json( # and not listed directly in this configuration. "CREATOR_SW_CFG_AST_INIT_EN": otp_hex(CONST.MUBI4_TRUE), "CREATOR_SW_CFG_ROM_EXT_SKU": otp_hex(0x0), - # Enable SPX+ signature verification. See the definitions of + # TODO(#26060): Temporarily disable SPX verification. + # Disable SPX+ signature verification. See the definitions of # `kSigverifySpxDisabledOtp` in # sw/device/silicon_creator/lib/sigverify/spx_verify.h for - # details on how to disable this feature. - "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x0), + # details on how to enable this feature. + "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x8d6c8c17), # Enable flash data page scrambling and ECC. "CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG": "0000090606", "CREATOR_SW_CFG_FLASH_INFO_BOOT_DATA_CFG": otp_hex(0x0),