-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EDN D2S Review AIs #10262
Comments
which mubi signals did you guys have in mind? If it's the lc sync ones those are already covered. Good point on adding the note for the security notes, but I think for the FIPS stuff, I'm pretty sure we determined LONG ago all the masking modules can live without it. And OTBN already has split random bus (with the implication that the high quality ones must be FIPS). |
Oh so for the MUBI item above I just wanted to double check whether the If they do, @mwbranstad could use a combinational version (no sync flop) of As it looks right now, I believe opentitan/hw/ip/prim/rtl/prim_lc_sync.sv Lines 60 to 64 in 88db0fb
But opentitan/hw/ip/prim/rtl/prim_mubi4_sync.sv Lines 118 to 121 in 88db0fb
Should we align this? |
i actually purposefully left We can make a reasonable argument that all mubi should fall into this category, but I was a bit concerned it would become too many and should be dealt with on a case by case basis. |
Yeah that is a good point and the occurences within CSRNG probably fall into this category as you mentioned above. That being said, I think there may still be value in using |
definitely agree. I actually thought that's what we were using them for. I
think that's the reason you had the `Async` options on them right? So we
can choose to skip the synchronizers and just deploy a buffer.
…On Fri, Jan 21, 2022 at 7:05 PM Michael Schaffner ***@***.***> wrote:
Yeah that is a good point and the occurences within CSRNG probably fall
into this category as you mentioned above.
That being said, I think there may still be value in using prim_mubi*_sync
to create multiple copies if there are multiple endpoints, in order to
ensure these all use separate decoders. WDYT?
—
Reply to this email directly, view it on GitHub
<#10262 (comment)>,
or unsubscribe
<https:/notifications/unsubscribe-auth/AAH2RSVSY3TFLXJYRNNKB6DUXINGDANCNFSM5MQTXLWQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
Indeed, that is the reason. @mwbranstad, this means that you can go ahead with the solution we had discussed in the meeting today that uses the |
Thanks @msfschaffner and @tjaychen for precise clarification on this point. |
@cdgori chris, can you confirm the last two checklist items, then check them off? |
I added the missing countermeasure and aligned the entire spreadsheet with the HJSON, so those 2 tasks are complete. I can't edit your comment to check the boxes though (?) |
@msfschaffner all the boxes are checked now. Should we close this issue, or are there some additional steps to do before that happens in the security review flow? |
Approval of this PR will close all related review issues and signify that entropy_src, csrng, and edn blocks have completed D2S checkpoints. Closes lowRISC#10095. Closes lowRISC#10096. Closes lowRISC#10262. Signed-off-by: Mark Branstad <[email protected]>
@mwbranstad same comment as on #10096 (comment), number 3). Also, some of the links above seem to be broken. |
Fixed broken links. |
Thanks for fixing them @mwbranstad. Just noting here that it seems interesting to see several mentions of #10132 which does not touch any of the EDN files... did you perchance paste the wrong reference? |
yes, the links were indeed wrong, and have now been corrected. |
Thanks for correcting them. |
Approval of this PR will close all related review issues and signify that entropy_src, csrng, and edn blocks have completed D2S checkpoints. Closes lowRISC#10095. Closes lowRISC#10096. Closes lowRISC#10262. Signed-off-by: Mark Branstad <[email protected]>
Approval of this PR will close all related review issues and signify that entropy_src, csrng, and edn blocks have completed D2S checkpoints. Closes lowRISC#10095. Closes lowRISC#10096. Closes lowRISC#10262. Signed-off-by: Mark Branstad <[email protected]> Signed-off-by: Michael Schaffner <[email protected]>
Approval of this PR will close all related review issues and signify that entropy_src, csrng, and edn blocks have completed D2S checkpoints. Closes #10095. Closes #10096. Closes #10262. Signed-off-by: Mark Branstad <[email protected]> Signed-off-by: Michael Schaffner <[email protected]>
Approval of this PR will close all related review issues and signify that entropy_src, csrng, and edn blocks have completed D2S checkpoints. Closes lowRISC#10095. Closes lowRISC#10096. Closes lowRISC#10262. Signed-off-by: Mark Branstad <[email protected]> Signed-off-by: Michael Schaffner <[email protected]>
The text was updated successfully, but these errors were encountered: