Merge pull request #234 from chipsalliance/main

Merge main -> dev-msft

Release_Notes.md

@@ -14,13 +14,113 @@ See the License for the specific language governing permissions and<BR>
 limitations under the License.*_<BR>
 
 # **Release Notes** #
-_*Last Update: 2023/08/25*_
+_*Last Update: 2023/09/13*_
 
-## Rev 0p8 ##
+## Rev 1p0 ##
 
-### DISCALIMER: This is NOT A BUG-FREE MODEL YET. This is a 0p8 release model. Please see testplan document in docs folder to know the status of validation. ###
-#### This model is released mainly for interface, floorplan planning purposes for consumers. ####
-#### Rev 0p8 release date: 03-31-2023 ####
+### Rev 1p0 release date: (pending ROM release for official declaration) ###
+- Caliptra IP Specification: see docs/ folder
+- Caliptra Integration Specification: see docs/ folder
+- Caliptra testplan: see docs/ folder
+- Data Vault
+- RISC-V Timers
+  - mtime + mtimecmp implementation
+  - Watchdog timer configuration by SOC; escalate interrupts to error
+- Reliability, Availability, Serviceability Features
+  - Connectivity for cptra_error_fatal/cptra_error_non_fatal interrupts
+  - Mailbox protocol violation detection and Error state
+  - SRAM ECC error detection and reporting for ICCM, DCCM, Mailbox
+  - Key clearing and system reset on fatal errors
+- SOC Interface
+  - QSPI inout changed to input+output+enable
+  - FUSE PAUSER config registers and enforcement
+- Reset Domain Crossing (RDC) fixes
+  - Reset-triggered clock gating on cross-domain registers
+  - Reset timing changes for noncore reset assertion
+  - Migrate most internal logic to the noncore reset domain
+  - Migrate APB interface to noncore reset domain
+- FIPS compliance updates
+  - SHA Accelerator LOCK default to Caliptra-owned
+  - LMS Fuse
+  - SOC Stepping ID field in HW Revision
+  - Extended pcr_nonce from 32-bit to 256-bit
+  - TRNG Data Clear
+- RISC-V Core
+  - Increase ROM size to 48KiB
+  - Added 2:1 AHB lite mux on LSU and SB buses to allow debug access to
+    peripherals
+- Timing Optimizations
+  - Remove PSEL loopback path in APB slave
+  - Remove unnecessary Mailbox SRAM ECC writeback path
+- Validation enhancements
+  - SOC_IFC/Mailbox randomized regressions via UVM testbench
+  - SOC Interface Register validation via directed + random tests
+  - Coverage reporting and analysis for all interfaces, registers, FSM
+  - Automated GitHub action using OpenOCD for interactive JTAG debugging
+  - SHA Formal Verification
+
+### Bug Fixes ###
+[CLK GATING] Fatal error should wake up clks<br>
+[CLK GATING] JTAG accesses need to wake up clocks<br>
+[DOE] add zeroize to clear all internal regs<br>
+[DOE] DOE IV reg needs hwclr input<br>
+[DOE] doe_fsm incr_dest_sel logic can be removed since FE now only takes up 12 dwords<br>
+[DOE] doe_fsm write_offset increments to 0xC<br>
+[DOE] Simplify kv_write dest_valid hardcoded value in doe_fsm<br>
+[ECC] ECC input register bound check<br>
+[ECC] ECC output register bound check<br>
+[ECC] ECC Public key validation check<br>
+[ECC] mismatch of final reduction in Mont. mult in the case of prime<= p_internal<br>
+[ECC] mismatch of modular addition result in the case of p<= a+b < 2^384<br>
+[ECC] remove FW read access to kv/privkey reg<br>
+[ECC} error trigger when pcr_sign ctrl input is set in keygen/verifying mode<br>
+[KV] Debug Mode and Scan Mode switch doesn't flush locked registers<br>
+[KV] Debug mode should flush KV even if core is asleep<br>
+[KV] Dest_valid and last_dword should check lock_use to clear along with lock_wr<br>
+[KV] KV may still contain secrets during scan mode<br>
+[KV] kv_reg.rdl still has 6 bits for dest_valid while we have 5 valid clients<br>
+[KV] KV->SHA ->FW read path and KV->HMAC->FW read path should NOT exist in the design<br>
+[KV] last dword of secret values stays in KV/crypto interface<br>
+[KV] Suppress writes to an entry altogether when it's being cleared<br>
+[MBOX] ECC error decode may detect error on mbox_sram when a write is in progress<br>
+[MBOX] First resp read data is zero after handling a command with DLEN > MBOX SIZE<br>
+[MBOX] HWCLR triggered by force-unlock has lower precedence than SW writes<br>
+[MBOX] Mailbox data length limiting reads is calculated incorrectly<br>
+[MBOX] Mailbox does not flag protocol error for attempted writes to DLEN<br>
+[MBOX] mailbox returns non-zero data in an overread case<br>
+[MBOX] New RAS feature to detect protocol violation incorrectly decodes certain reg accesses as errors<br>
+[MBOX] SOC can read mbox_dataout with stale data<br>
+[MBOX] Writes beyond the mailbox size overwrite the last data dword in mailbox memory<br>
+[MBOX] Writes to (a) unaligned addresses (b) size < AHB_DATA_WIDTH may corrupt memory<br>
+[MBOX] error_cmd_fail_sts.hwset is continuously set when mailbox protocol error occurs<br>
+[PCR] Extend PCR Nonce from 32-bit to 256-bit to protect replay attack<br>
+[PCR] PCR dword mismatch<br>
+[PCR] Update the reset of the 'lock' PCR control to the core reset domain (so that a FW update reset or warm reset can also unlock the PCR)<br>
+[PCR] zeroize doesn't take effect if is set with pcr at the same cycle<br>
+[SHA ACCEL] SoC requester can use mailbox mode<br>
+[SOC_IFC] Arbiter lets direct request dv through at the same time as soc ifc mailbox request causing deadlock<br>
+[SOC_IFC] Breakpoint is unreachable<br>
+[SOC_IFC] Fuse Registers can never be written using non-default values programmed in FUSE_VALID_PAUSER<br>
+[SOC_IFC] Generic Input Wires toggle (any bit) should trigger notification interrupt to uC<br>
+[SOC_IFC] INTERNAL_HW_ERROR_FATAL_MASK and INTERNAL_HW_ERROR_NON_FATAL_MASK allow writes to (and non-zero reads from) reserved fields.<br>
+[SOC_IFC] Mailbox ECC errors detected during SHA Accel direct accesses are not detected/corrected<br>
+[SOC_IFC] mbox_execute can be cleared by SOC at any point after acquiring lock<br>
+[SOC_IFC] uC can't write to CPTRA_FW_ERROR regs (Github issue #64)<br>
+[SOC_IFC] WDT may not correctly detect when uC services the timer expiration interrupt<br>
+[WDT] CPTRA_WDT_STATUS reg should be FW writeable so it can clear the flags<br>
+[WDT] First stage interrupt output should be "error_intr" instead of "notif_intr"<br>
+[WDT] WDT registers need to be on ungated clk<br>
+[AHB] AHB 2:1 Mux hangs with back to back transactions after a stall<br>
+[RST] scan_mode should not corrupt resets<br>
+[TOP] EL2 Mem interface is not instantiated with a modport at all levels
+
+## Previous Releases ##
+
+### Rev 0p8 ###
+
+#### DISCALIMER: This is NOT A BUG-FREE MODEL YET. This is a 0p8 release model. Please see testplan document in docs folder to know the status of validation. ####
+##### This model is released mainly for interface, floorplan planning purposes for consumers. #####
+##### Rev 0p8 release date: 03-31-2023 #####
 
 - Caliptra IP Specification: see docs/ folder
 - Caliptra Integration Specification: see docs/ folder
@@ -59,13 +159,6 @@ _*Last Update: 2023/08/25*_
     - UVMF for multiple DUT blocks and SOC interface
     - DV complete for first cut of the boot & reset flows, Fuses, SOC registers, Crypto blocks, Key vault, PCR Vault, PCR extend, PCR signing, Mailbox
 
-## Pending for RTL 1p0: ##
-- Timers, integrated-TRNG integration w/ Caliptra, Error domain logic
-- Lots of bug fixes :-)
-- Data Vault, TRNG REQ protocol, SHA384 acceleration, More mailbox val, PCR val, cross product flows
-
-## Previous Releases ##
-
 ### Rev Pre0p8: ###
 #### DISCLAIMER: This is NOT A BUG-FREE MODEL. This is a pre-0p8 development model that will be sync’d every week. ####
 #### This model is released mainly for interface, floorplan planning purposes for consumers. ####

src/caliptra_prim/rtl/caliptra_prim_assert_sec_cm.svh

@@ -45,21 +45,4 @@
   `CALIPTRA_ASSERT_PRIM_ONEHOT_ERROR_TRIGGER_ALERT(NAME_, \
     REG_TOP_HIER_.u_caliptra_prim_reg_we_check.u_caliptra_prim_onehot_check, ALERT_, GATE_, MAX_CYCLES_)
 
-// macros for security countermeasures that will trigger other errors
-`define CALIPTRA_ASSERT_PRIM_FSM_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_ = 0, MAX_CYCLES_ = 2, CLK_ = clk_i, RST_ = !rst_ni) \
-  `CALIPTRA_ASSERT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_, MAX_CYCLES_, unused_err_o, CLK_, RST_)
-
-`define CALIPTRA_ASSERT_PRIM_COUNT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_ = 0, MAX_CYCLES_ = 2, CLK_ = clk_i, RST_ = !rst_ni) \
-  `CALIPTRA_ASSERT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_, MAX_CYCLES_, err_o, CLK_, RST_)
-
-`define CALIPTRA_ASSERT_PRIM_DOUBLE_LFSR_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_ = 0, MAX_CYCLES_ = 2, CLK_ = clk_i, RST_ = !rst_ni) \
-  `CALIPTRA_ASSERT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_, MAX_CYCLES_, err_o, CLK_, RST_)
-
-`define CALIPTRA_ASSERT_PRIM_ONEHOT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_ = 0, MAX_CYCLES_ = `_CALIPTRA_SEC_CM_ALERT_MAX_CYC, CLK_ = clk_i, RST_ = !rst_ni) \
-  `CALIPTRA_ASSERT_ERROR_TRIGGER_ERR(NAME_, PRIM_HIER_, ERR_, GATE_, MAX_CYCLES_, err_o, CLK_, RST_)
-
-`define CALIPTRA_ASSERT_PRIM_REG_WE_ONEHOT_ERROR_TRIGGER_ERR(NAME_, REG_TOP_HIER_, ERR_, GATE_ = 0, MAX_CYCLES_ = `_CALIPTRA_SEC_CM_ALERT_MAX_CYC, CLK_ = clk_i, RST_ = !rst_ni) \
-  `CALIPTRA_ASSERT_PRIM_ONEHOT_ERROR_TRIGGER_ERR(NAME_, \
-    REG_TOP_HIER_.u_caliptra_prim_reg_we_check.u_caliptra_prim_onehot_check, ERR_, GATE_, MAX_CYCLES_, CLK_, RST_)
-
 `endif // PRIM_ASSERT_SEC_CM_SVH

src/csrng/rtl/csrng_reg_top.sv

@@ -2059,10 +2059,6 @@ module csrng_reg_top #(
       addr_hit[16]: begin
         reg_rdata_next[7:0] = main_sm_state_qs;
       end
-
-      default: begin
-        reg_rdata_next = '1;
-      end
     endcase
   end
 

src/entropy_src/rtl/entropy_src_reg_top.sv

@@ -3892,10 +3892,6 @@ module entropy_src_reg_top #(
       addr_hit[56]: begin
         reg_rdata_next[8:0] = main_sm_state_qs;
       end
-
-      default: begin
-        reg_rdata_next = '1;
-      end
     endcase
   end
 

src/sha512/formal/model/PriniTestBench/sc_main.cpp

@@ -0,0 +1,23 @@
+#include "systemc.h"
+#include "../Interfaces/Interfaces.h"
+#include "../sha512.h"
+#include "tb.h"
+
+
+int sc_main(int argc, char **argv) {
+  Blocking<SHA_Args> in_channel("in_channel");
+  MasterSlave<sc_biguint<512>> out_channel("out_channel");
+
+  testbench tb("tb");
+  tb.in_testdata(in_channel);
+  tb.out_testdata(out_channel);
+
+  SHA512 dut("dut");
+  dut.SHA_Input(in_channel);
+  dut.out(out_channel);
+
+
+
+  sc_start();
+  return 0;
+}

src/sha512/formal/model/PriniTestBench/tb.cpp

@@ -0,0 +1,33 @@
+using namespace std;
+#include <array>
+#include "systemc.h"
+#include "../common/Interfaces.h" 
+#include "sha512.h"
+#include "tb.h"
+
+int main() {
+    // Instantiate the DUT
+    // Instantiate the TB
+    SHA512 dut("dut");
+    testbench tb("tb");
+
+    // Channels & connections
+    Blocking<SHA_Args> SHA_in("SHA_in");
+    MasterSlave<sc_biguint<512>> hash("hash");
+
+    dut.SHA_Input(SHA_in);
+    tb.in_testdata(SHA_in);
+    dut.out(hash);
+    tb.out_testdata(hash);
+
+    // Start the simulation
+    sc_start();
+    return 0;
+};
+
+
+
+
+
+
+

src/sha512/formal/model/PriniTestBench/tb.h

@@ -0,0 +1,93 @@
+#ifndef TB_H
+#define TB_H
+
+
+#include "systemc.h"
+#include "../Interfaces/Interfaces.h"
+#include <fstream>
+#include <string>
+#include "../sha512.h"
+
+SC_MODULE(testbench) {
+public:
+  SC_CTOR(testbench) {
+   // read_test_vectors(file_path);
+    SC_THREAD(tests)
+  }
+
+  blocking_out <SHA_Args> in_testdata;
+  slave_in<sc_biguint<512>> out_testdata;
+
+private:
+  void tests() {
+
+    wait(0, SC_PS);
+
+    sc_biguint<512> test_result;
+    SHA_Args test_input;
+    sc_biguint<104000> MSG_raw; 
+    sc_biguint<104000> MSG_padded; 
+    sc_uint<32>  MSG_Length;
+    sc_biguint<512> expected_result;
+    int num = 1;
+    int zero_pad_len, MSG_chnks,i; 
+    bool success = false;
+    std::string line;
+    std::ifstream myfile;
+
+    myfile.open ("./testvectors/512_long_msg.txt");
+
+    while (myfile)
+    {
+      myfile >> MSG_Length;
+      myfile >> std::hex >> MSG_raw;
+      myfile >> expected_result;
+
+      zero_pad_len = (896 - MSG_Length - 1) % 1024;
+      MSG_chnks = static_cast<int> ((MSG_Length + 1 + 128 +  zero_pad_len) / 1024); 
+      MSG_padded = static_cast<sc_biguint<104000>> (static_cast<sc_biguint<104000>> (MSG_raw << (1 + 128 +  zero_pad_len)) + (static_cast<sc_biguint<104000>> (8) << ((125 + zero_pad_len))) + static_cast<sc_biguint<104000>> (MSG_Length));      
+
+      test_input.SHA_Mode = 512;
+      test_input.init = 1;
+      test_input.next = 0;
+
+      //To Do: use   assert ( parsed.hasError == false ) instead
+      for (i=0; i <MSG_chnks; i++) {   
+
+        test_input.in = static_cast<sc_biguint<1024>>(MSG_padded >> (1024*(MSG_chnks-1)));
+        if (i>0)
+          test_input.next = 1;
+        in_testdata->write(test_input);  
+        MSG_padded = static_cast<sc_biguint<104000>> (MSG_padded << 1024);
+        test_input.init = 0;
+        success = false;
+        while(!success)
+        {
+          wait(0, SC_PS);
+          out_testdata->slave_read(test_result, success);
+        }
+
+      };
+
+      if (test_result != expected_result){ 
+        std::cout << "Test " << num++ << " Failed!" << std::endl;
+        std::cout << std::hex << "Output:   " << test_result << std::endl;
+        std::cout << std::hex << "Expected: " << expected_result << std::endl;
+        //sc_stop();
+      } 
+      else {
+          std::cout << "Test " << num++ << " Passed!" << std::endl;
+      }
+
+
+    }
+
+    myfile.close();
+    sc_stop();
+
+  }
+};
+
+
+#endif
+