Merge branch 'lowRISC:master' into vt_checkins

.github/workflows/ci.yml

@@ -0,0 +1,22 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+name: CI
+on:
+  pull_request:
+
+jobs:
+  airgapped_build:
+    name: Airgapped build
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Bitstream cache requires all commits.
+      - name: Install system dependencies
+        run: grep '^[^#]' apt-requirements.txt | xargs sudo apt install -y
+      - name: Prepare airgapped environment
+        run: ./util/prep-bazel-airgapped-build.sh
+      - name: Build in the airgapped environment
+        run: ./ci/scripts/test-airgapped-build.sh

COMMITTERS

@@ -11,6 +11,7 @@ Committer list:
 * Miles Dai (milesdai)
 * Jon Flatley (jon-flatley)
 * Chris Frantz (cfrantz)
+* Gary Guo (nbdd0121)
 * Jes Klinke (jesultra)
 * Andreas Kurth (andreaskurth)
 * Adrian Lees (alees24)
@@ -21,6 +22,7 @@ Committer list:
 * Hugo McNally (HU90m)
 * Felix Miller (felixmiller)
 * Michael Munday (mundaym)
+* Pascal Nasahl (nasahlpa)
 * Miguel Osorio (moidx)
 * Jade Philipoom (jadephilipoom)
 * Amaury Pouly (pamaury)

WORKSPACE

@@ -149,6 +149,10 @@ sphincsplus_repos()
 load("//rules:bitstreams.bzl", "bitstreams_repo")
 bitstreams_repo(name = "bitstreams")
 
+# CBOR reader & writer from open-dice
+load("//third_party/open-dice:repos.bzl", "open_dice_repos")
+open_dice_repos()
+
 # Setup for linking in externally managed test and provisioning customizations
 # for both secure/non-secure manufacturer domains.
 load("//rules:hooks_setup.bzl", "hooks_setup", "provisioning_exts_setup", "secure_hooks_setup")

azure-pipelines.yml

@@ -131,6 +131,7 @@ jobs:
   steps:
   - template: ci/checkout-template.yml
   - template: ci/install-package-dependencies.yml
+  - bash: util/prep-bazel-airgapped-build.sh
   - bash: ci/scripts/test-airgapped-build.sh
 
 - job: slow_lints

ci/scripts/test-airgapped-build.sh

@@ -5,8 +5,11 @@
 
 set -ex
 
-# Prefetch bazel airgapped dependencies.
-util/prep-bazel-airgapped-build.sh -f
+# Prefetch bazel airgapped dependencies if not already done.
+if [ ! -d bazel-airgapped ]; then
+  echo "Airgapped environment not found, preparing..." >&2
+  util/prep-bazel-airgapped-build.sh -f
+fi
 
 # Remove the airgapped network namespace.
 remove_airgapped_netns() {

doc/getting_started/setup_fpga.md

@@ -240,8 +240,8 @@ On your CW340 base board (the red board):
     1. UART1 RX/TX (OpenTitan pins IOA0/1): JP3 & JP4
     1. JTAG TAP select straps (OpenTitan pins IOC5/8): JP11 & JP12
 1. Connect the following blue socket-to-socket jumpers in the middle of the board to `HD` (for "HyperDebug").
-    1. SPI Device: connect JP23 to JP25
-    1. JTAG: connect JP13 to JP15
+    1. SPI Device: connect J23 to J25
+    1. JTAG: connect J12 to J13
 
 ##### Connecting HyperDebug to the CW340 Base Board
 
@@ -251,7 +251,6 @@ On your CW340 base board (the red board):
 1. Ensure the HyperDebug jumper JP4 is set to select `1.8V`.
 1. Connect the HyperDebug board to the ST Zio connectors in the bottom left of the board.
 1. Connect the PC USB-C cable back to your HyperDebug board.
-1. Connect the PC USB-C cable back to your HyperDebug board.
 1. Power on the CW340 by setting the *Control Power* switch in the top left corner, *SW7*, to the left towards the barrel jack.
 
 ### Detecting the PC Connections to the Board(s)

hw/ip/prim/rtl/prim_count.sv

@@ -292,10 +292,14 @@ module prim_count
           $past(clr_i || set_i || (commit_i && (incr_en_i || decr_en_i))),
           clk_i, err_d || fpv_err_present || !rst_ni)
 
-  // Check that count errors are reported properly in err_d
-  `ASSERT(CntErrReported_A, ((cnt_q[1] + cnt_q[0]) != {Width{1'b1}}) == err_d)
+  // Check that count errors are reported properly in err_o
+  //
+  // This is essentially a "|=> implication", but is structured in a way to avoid generating a cover
+  // property for the left hand side if PrimCountFpv is not defined (because we won't have a way to
+  // inject an error if not)
+  `ASSERT(CntErrReported_A, ##1 $past((cnt_q[1] + cnt_q[0]) != {Width{1'b1}}) == err_o)
  `ifdef PrimCountFpv
-  `COVER(CntErr_C, err_d)
+  `COVER(CntErr_C, err_o)
  `endif
 
   // This logic that will be assign to one, when user adds macro

hw/ip/prim/rtl/prim_fifo_sync.sv

@@ -148,7 +148,7 @@ module prim_fifo_sync #(
   // Known Assertions //
   //////////////////////
 
-  `ASSERT(DataKnown_A, rvalid_o |-> !$isunknown(rdata_o))
+  `ASSERT_KNOWN_IF(DataKnown_A, rdata_o, rvalid_o)
   `ASSERT_KNOWN(DepthKnown_A, depth_o)
   `ASSERT_KNOWN(RvalidKnown_A, rvalid_o)
   `ASSERT_KNOWN(WreadyKnown_A, wready_o)

hw/ip/rv_dm/dv/cov/rv_dm_cov_excl.el

@@ -43,6 +43,12 @@ Transition StFlush->StActive "76->289"
 Transition StFlush->StError "76->186"
 Transition StOutstanding->StFlush "231->76"
 
+// The code being waived here is from tlul_rsp_intg_gen.sv and gets run if the EnableRspIntgGen
+// or EnableDataIntgGen parameters are zero. They aren't, so we need to waive this line coverage.
+INSTANCE: tb.dut.u_reg_regs.u_reg_if.u_rsp_intg_gen
+Block 1 "461445014" "assign rsp_intg = tl_i.d_user.rsp_intg;"
+Block 2 "2643129081" "assign data_intg = tl_i.d_user.data_intg;"
+
 // The following exclusions were generated by UNR.
 //
 //==================================================

sw/device/tests/penetrationtests/firmware/BUILD

@@ -20,9 +20,11 @@ FIRMWARE_DEPS_FPGA = [
     "//sw/device/tests/penetrationtests/firmware/fi:rng_fi",
     "//sw/device/tests/penetrationtests/firmware/fi:rom_fi",
     "//sw/device/tests/penetrationtests/firmware/sca:aes_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:edn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:hmac_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:ibex_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:kmac_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:otbn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:prng_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:sha3_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:trigger_sca",
@@ -62,9 +64,11 @@ FIRMWARE_DEPS_FI = [
 
 FIRMWARE_DEPS_SCA = [
     "//sw/device/tests/penetrationtests/firmware/sca:aes_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:edn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:hmac_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:ibex_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:kmac_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:otbn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:prng_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:sha3_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:trigger_sca",

sw/device/tests/penetrationtests/firmware/fi/BUILD

@@ -22,7 +22,7 @@ cc_library(
         "//sw/device/lib/testing/test_framework:ujson_ottf",
         "//sw/device/lib/ujson",
         "//sw/device/sca/lib:sca",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:crypto_fi_commands",
     ],
 )
@@ -52,7 +52,7 @@ cc_library(
         "//sw/device/sca/lib:sca",
         "//sw/device/silicon_creator/lib/drivers:retention_sram",
         "//sw/device/silicon_creator/manuf/lib:otp_fields",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:ibex_fi_commands",
     ],
 )
@@ -71,7 +71,7 @@ cc_library(
         "//sw/device/lib/testing/test_framework:ujson_ottf",
         "//sw/device/lib/ujson",
         "//sw/device/sca/lib:sca",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:lc_ctrl_fi_commands",
     ],
 )
@@ -99,7 +99,7 @@ cc_library(
         "//sw/device/tests/penetrationtests/firmware/fi/otbn:otbn_char_unrolled_reg_op_loop",
         "//sw/device/tests/penetrationtests/firmware/fi/otbn:otbn_key_sideload",
         "//sw/device/tests/penetrationtests/firmware/fi/otbn:otbn_load_integrity",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:otbn_fi_commands",
     ],
 )
@@ -124,7 +124,7 @@ cc_library(
         "//sw/device/lib/testing/test_framework:ujson_ottf",
         "//sw/device/lib/ujson",
         "//sw/device/sca/lib:sca",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:rng_fi_commands",
     ],
 )
@@ -142,7 +142,7 @@ cc_library(
         "//sw/device/lib/testing/test_framework:ujson_ottf",
         "//sw/device/lib/ujson",
         "//sw/device/sca/lib:sca",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:otp_fi_commands",
     ],
 )
@@ -162,7 +162,7 @@ cc_library(
         "//sw/device/lib/testing/test_framework:ujson_ottf",
         "//sw/device/lib/ujson",
         "//sw/device/sca/lib:sca",
-        "//sw/device/tests/penetrationtests/firmware/lib:sca_lib",
+        "//sw/device/tests/penetrationtests/firmware/lib:pentest_lib",
         "//sw/device/tests/penetrationtests/json:rom_fi_commands",
     ],
 )

sw/device/tests/penetrationtests/firmware/fi/crypto_fi.c

@@ -17,7 +17,7 @@
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
 #include "sw/device/lib/ujson/ujson.h"
 #include "sw/device/sca/lib/sca.h"
-#include "sw/device/tests/penetrationtests/firmware/lib/sca_lib.h"
+#include "sw/device/tests/penetrationtests/firmware/lib/pentest_lib.h"
 #include "sw/device/tests/penetrationtests/json/crypto_fi_commands.h"
 
 #include "aes_regs.h"
@@ -156,7 +156,7 @@ status_t handle_crypto_fi_aes(ujson_t *uj) {
   crypto_fi_aes_mode_t uj_data;
   TRY(ujson_deserialize_crypto_fi_aes_mode_t(uj, &uj_data));
   // Clear registered alerts in alert handler.
-  sca_registered_alerts_t reg_alerts = sca_get_triggered_alerts();
+  sca_registered_alerts_t reg_alerts = pentest_get_triggered_alerts();
 
   // Write the key into the AES block. Set and unset the trigger when
   // key_trigger is true.
@@ -214,7 +214,7 @@ status_t handle_crypto_fi_aes(ujson_t *uj) {
   }
 
   // Get registered alerts from alert handler.
-  reg_alerts = sca_get_triggered_alerts();
+  reg_alerts = pentest_get_triggered_alerts();
 
   // Read ERR_STATUS register.
   dif_rv_core_ibex_error_status_t codes;
@@ -236,10 +236,10 @@ status_t handle_crypto_fi_init(ujson_t *uj) {
                kScaPeripheralEdn | kScaPeripheralCsrng | kScaPeripheralEntropy);
   // Configure the alert handler. Alerts triggered by IP blocks are captured
   // and reported to the test.
-  sca_configure_alert_handler();
+  pentest_configure_alert_handler();
 
   // Disable the instruction cache and dummy instructions for FI attacks.
-  sca_configure_cpu();
+  pentest_configure_cpu();
 
   // Init the AES block.
   TRY(dif_aes_init(mmio_region_from_addr(TOP_EARLGREY_AES_BASE_ADDR), &aes));
@@ -279,7 +279,7 @@ status_t handle_crypto_fi_init(ujson_t *uj) {
 
   // Read device ID and return to host.
   penetrationtest_device_id_t uj_output;
-  TRY(sca_read_device_id(uj_output.device_id));
+  TRY(pentest_read_device_id(uj_output.device_id));
   RESP_OK(ujson_serialize_penetrationtest_device_id_t, uj, &uj_output);
 
   return OK_STATUS();
@@ -290,7 +290,7 @@ status_t handle_crypto_fi_kmac(ujson_t *uj) {
   crypto_fi_kmac_mode_t uj_data;
   TRY(ujson_deserialize_crypto_fi_kmac_mode_t(uj, &uj_data));
   // Clear registered alerts in alert handler.
-  sca_registered_alerts_t reg_alerts = sca_get_triggered_alerts();
+  sca_registered_alerts_t reg_alerts = pentest_get_triggered_alerts();
 
   // Configure and write key to the KMAC block. Set and unset the trigger when
   // key_trigger is true.
@@ -348,7 +348,7 @@ status_t handle_crypto_fi_kmac(ujson_t *uj) {
                        /*capacity=*/NULL));
 
   // Get registered alerts from alert handler.
-  reg_alerts = sca_get_triggered_alerts();
+  reg_alerts = pentest_get_triggered_alerts();
 
   TRY(dif_kmac_end(&kmac, &kmac_operation_state));
 
@@ -371,7 +371,7 @@ status_t handle_crypto_fi_kmac_state(ujson_t *uj) {
   crypto_fi_kmac_mode_t uj_data;
   TRY(ujson_deserialize_crypto_fi_kmac_mode_t(uj, &uj_data));
   // Clear registered alerts in alert handler.
-  sca_registered_alerts_t reg_alerts = sca_get_triggered_alerts();
+  sca_registered_alerts_t reg_alerts = pentest_get_triggered_alerts();
 
   // Configure and write key to the KMAC block.
   dif_kmac_operation_state_t kmac_operation_state;
@@ -396,7 +396,7 @@ status_t handle_crypto_fi_kmac_state(ujson_t *uj) {
   sca_set_trigger_low();
 
   // Get registered alerts from alert handler.
-  reg_alerts = sca_get_triggered_alerts();
+  reg_alerts = pentest_get_triggered_alerts();
 
   // Read ERR_STATUS register.
   dif_rv_core_ibex_error_status_t codes;
@@ -426,7 +426,7 @@ status_t handle_crypto_fi_kmac_state(ujson_t *uj) {
 
 status_t handle_crypto_fi_shadow_reg_access(ujson_t *uj) {
   // Clear registered alerts in alert handler.
-  sca_registered_alerts_t reg_alerts = sca_get_triggered_alerts();
+  sca_registered_alerts_t reg_alerts = pentest_get_triggered_alerts();
 
   crypto_fi_test_result_mult_t uj_output;
 
@@ -459,7 +459,7 @@ status_t handle_crypto_fi_shadow_reg_access(ujson_t *uj) {
   sca_set_trigger_low();
 
   // Get registered alerts from alert handler.
-  reg_alerts = sca_get_triggered_alerts();
+  reg_alerts = pentest_get_triggered_alerts();
 
   // Read ERR_STATUS register.
   dif_rv_core_ibex_error_status_t codes;
@@ -482,7 +482,7 @@ status_t handle_crypto_fi_shadow_reg_access(ujson_t *uj) {
 
 status_t handle_crypto_fi_shadow_reg_read(ujson_t *uj) {
   // Clear registered alerts in alert handler.
-  sca_registered_alerts_t reg_alerts = sca_get_triggered_alerts();
+  sca_registered_alerts_t reg_alerts = pentest_get_triggered_alerts();
 
   crypto_fi_test_result_mult_t uj_output;
 
@@ -538,7 +538,7 @@ status_t handle_crypto_fi_shadow_reg_read(ujson_t *uj) {
   sca_set_trigger_low();
 
   // Get registered alerts from alert handler.
-  reg_alerts = sca_get_triggered_alerts();
+  reg_alerts = pentest_get_triggered_alerts();
 
   // Read ERR_STATUS register.
   dif_rv_core_ibex_error_status_t codes;