Incomplete ITRNG health test documentation #1688
Comments
|
Health test thresholds are set here but I don't know how they were chosen. @korran do you know? The health tests are are done by the IP are briefly described here. It looks like we support 2 health checks (the two that are supported by the OpenTitan IP we use):
The documentation for that IP lists two other checks ("Bucket and Markov tests"), but I don't see anything in ROM that configures them. Is anyone else on the thread able to confirm that these are not enabled? |
|
It looks like Kor has also created this PR with some guidance chipsalliance/caliptra-rtl#569. Does this cover what you're looking for? |
|
Kor's PR covers this to an extent. We also need to specify -
|
|
@howardtr for the above questions |
|
Pinging @howardtr |
The ROM is setting threshold_scope=TRUE, which IIUC is equivalent to serializing the 4-bit values to a 1-bit stream and running the tests on that. Would need to write tests that stick one of the channels to confirm this understanding, and I don't have time to do that now. To do this properly we probably need to allow vendors to configure THRESHOLD_SCOPE and RNG_BIT_ENABLE depending on the nature of their noise source. |
Are you sure? The threshold_scope docs indicate otherwise: |
Yes, looking at the RTL : https://github.com/chipsalliance/caliptra-rtl/blob/main/src/entropy_src/rtl/entropy_src_repcnt_ht.sv. Also, threshold_scope doesn't apply to RCT. It applies only to APT and Markov tests as per the doc. |
Current spec does not document which ITRNG health tests are enabled by Caliptra ROM in version and how are relevant thresholds calculated and passed from SOC integrator. It is important to document these because any inconsistencies would make Caliptra unusable due to ROM dependencies.
The text was updated successfully, but these errors were encountered: