-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[csrng] Add a lock CSR for en_csrng_sw_app_read #21141
Comments
@moidx: This is an open because when we have to restart CSRNG, we need to decide if we have to run a KAT based on internal state. |
@moidx: Split per CSRNG instance |
By @vogelpi: Doesn't seem to be super important to me. Given the other work left, incl. OTBN, I suggest moving this to M4 or Backlog. We'll discuss on Monday with @johannheyszl and may move to Backlog then. In the state DB you can also read the number of reseeds, which is useful debug / performance information. |
@vogelpi and I discussed this:
|
I've discussed this again today with @johannheyszl and we both believe we need to implement that for security reasons. The change isn't huge and I have a clear idea of how to do that. I am thus now raising priority. |
Previously, the design featured a single read enable switch plus an OTP fuse controlling read access for all three CTR_DRBG instances. This is non-ideal as firmware may want to perform known-answer testing of individual instances after enabling and then lock down instances individually. This commit thus adds a per-instance internal state read enable on top of the previously implemented mechanisms. After enabling, the internal state of all instances can be read and firmware can disable read access on a per-instance basis. Once disabled, read access remains disabled until the module is disabled. This resolves lowRISC#21141. Signed-off-by: Pirmin Vogel <[email protected]>
A PR to implement this as follows can be found here: #23539 What the PR adds:
|
Alternatively, the lock could easily be made to persist until the next reset. We may also want to consider splitting the OTP fuse for internal state access and the genbits read. Without the latter, the SW context cannot be used at all. My suggestion would be to simply not factor the OTP fuse into the genbits read access. I.e., the SW context would always be usable when the SW_APP_ENABLE field in https://opentitan.org/book/hw/ip/csrng/doc/registers.html#ctrl is set. What do you think @johannheyszl @moidx ? |
Previously, the design featured a single read enable switch plus an OTP fuse controlling read access for all three CTR_DRBG instances. This is non-ideal as firmware may want to perform known-answer testing of individual instances after enabling and then lock down instances individually. This commit thus adds a per-instance internal state read enable on top of the previously implemented mechanisms. After enabling, the internal state of all instances can be read and firmware can disable read access on a per-instance basis. Once firmware is done with the known-answer testing, it can lock the per-instance internal state read enable settings until the next reset. This resolves lowRISC#21141. Signed-off-by: Pirmin Vogel <[email protected]>
We've discussed in the triage meeting that it would be better to allow locking the read enable setting until the next reset e.g. in ROM_EXT. I've now modified the linked PR accordingly. |
The OTP setting is left untouched though. The understanding is that for KATs, the internal read access is always required and that this is needed always. |
Previously, the design featured a single read enable switch plus an OTP fuse controlling read access for all three CTR_DRBG instances. This is non-ideal as firmware may want to perform known-answer testing of individual instances after enabling and then lock down instances individually. This commit thus adds a per-instance internal state read enable on top of the previously implemented mechanisms. After enabling, the internal state of all instances can be read and firmware can disable read access on a per-instance basis. Once firmware is done with the known-answer testing, it can lock the per-instance internal state read enable settings until the next reset. This resolves lowRISC#21141. Signed-off-by: Pirmin Vogel <[email protected]>
Description
The
en_csrng_sw_app_read
OTP switch right now gates access to reading the internal state of all 3 CSRNG instances (SW, EDN0, EDN1) but also reading the genbits register for the SW instance, i.e., it is essential to allow using the SW instance.Because cryptolib needs to be able to access the SW instance the switch always needs to enabled, meaning reading the internal state seems always possible which is bad. We should decouple reading the internal state and the genbits register.
Since reading the internal state is required for certification evaluation, we should convert the setting to a CSR that can be locked at runtime.
See also lowRISC/opentitan-integrated#436.
The text was updated successfully, but these errors were encountered: