Software APIs
pentest_lib.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/tests/penetrationtests/firmware/lib/pentest_lib.h"
6 
7 #include "hw/ip/aes/model/aes.h"
8 #include "sw/device/lib/arch/device.h"
9 #include "sw/device/lib/base/abs_mmio.h"
10 #include "sw/device/lib/base/bitfield.h"
11 #include "sw/device/lib/base/csr.h"
12 #include "sw/device/lib/base/macros.h"
13 #include "sw/device/lib/base/mmio.h"
14 #include "sw/device/lib/base/status.h"
15 #include "sw/device/lib/dif/dif_alert_handler.h"
16 #include "sw/device/lib/dif/dif_clkmgr.h"
17 #include "sw/device/lib/dif/dif_csrng.h"
18 #include "sw/device/lib/dif/dif_csrng_shared.h"
19 #include "sw/device/lib/dif/dif_gpio.h"
20 #include "sw/device/lib/dif/dif_lc_ctrl.h"
21 #include "sw/device/lib/dif/dif_pinmux.h"
22 #include "sw/device/lib/dif/dif_rstmgr.h"
23 #include "sw/device/lib/dif/dif_rv_core_ibex.h"
24 #include "sw/device/lib/dif/dif_rv_plic.h"
25 #include "sw/device/lib/dif/dif_rv_timer.h"
26 #include "sw/device/lib/dif/dif_sensor_ctrl.h"
27 #include "sw/device/lib/dif/dif_sram_ctrl.h"
28 #include "sw/device/lib/dif/dif_uart.h"
29 #include "sw/device/lib/runtime/hart.h"
30 #include "sw/device/lib/runtime/irq.h"
31 #include "sw/device/lib/runtime/print.h"
32 #include "sw/device/lib/testing/pinmux_testutils.h"
33 #include "sw/device/lib/testing/rstmgr_testutils.h"
34 #include "sw/device/lib/testing/rv_plic_testutils.h"
35 #include "sw/device/lib/testing/test_framework/check.h"
36 #include "sw/device/lib/testing/test_framework/ottf_isrs.h"
37 #include "sw/device/lib/testing/test_framework/ottf_main.h"
38 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
39 #include "sw/device/lib/ujson/ujson.h"
40 
41 #include "clkmgr_regs.h" // Generated
42 #include "csrng_regs.h" // Generated
43 #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
44 #include "sensor_ctrl_regs.h" // Generated.
45 #include "sram_ctrl_regs.h" // Generated
46 
47 #if !OT_IS_ENGLISH_BREAKFAST
48 #include "sw/device/lib/crypto/drivers/otbn.h"
49 #include "sw/device/lib/dif/dif_csrng.h"
50 #include "sw/device/lib/dif/dif_edn.h"
51 #include "sw/device/lib/dif/dif_entropy_src.h"
52 #include "sw/device/lib/testing/alert_handler_testutils.h"
53 #include "sw/device/lib/testing/entropy_testutils.h"
54 
55 #include "edn_regs.h" // Generated
56 #endif
57 
58 /**
59  * Bitfield for the trigger source.
60  *
61  * Bits 10 and 11 are used to select the trigger source. See chiplevel.sv.tpl
62  * for details.
63  */
64 static const bitfield_field32_t kTriggerSourceBitfield = {
65  .index = 10,
66  .mask = 0x3,
67 };
68 
69 enum {
70  /**
71  * Bit index of the hardware trigger gate signal for gating the hardware
72  * trigger from software.
73  *
74  * See chiplevel.sv.tpl for details.
75  */
76  kTriggerHwGateBitIndex = 9,
77  /**
78  * Bit index of the software trigger signal.
79  *
80  * See chiplevel.sv.tpl for details.
81  */
82  kTriggerSwBitIndex = 8,
83  /**
84  * RV timer settings.
85  */
86  kRvTimerComparator = 0,
87  kRvTimerHart = kTopEarlgreyPlicTargetIbex0,
88 };
89 
90 // By default, we use the precise, hardware-gated capture trigger.
91 static unsigned int trigger_bit_index = kTriggerHwGateBitIndex;
92 
93 static dif_gpio_t gpio;
94 static dif_pinmux_t pinmux;
95 static dif_rv_timer_t timer;
96 static dif_sensor_ctrl_t sensor_ctrl;
97 static dif_uart_t uart0;
98 static dif_uart_t uart1;
99 
100 #if !OT_IS_ENGLISH_BREAKFAST
101 static dif_alert_handler_t alert_handler;
102 static dif_csrng_t csrng;
103 static dif_edn_t edn0;
104 static dif_edn_t edn1;
105 static dif_lc_ctrl_t lc;
106 static dif_rv_plic_t plic;
107 static dif_rstmgr_t rstmgr;
108 #endif
109 
110 status_t pentest_configure_entropy_source_max_reseed_interval(void) {
111 #if !OT_IS_ENGLISH_BREAKFAST
112  const dif_csrng_t csrng = {
113  .base_addr = mmio_region_from_addr(TOP_EARLGREY_CSRNG_BASE_ADDR)};
114  const dif_edn_t edn0 = {
115  .base_addr = mmio_region_from_addr(TOP_EARLGREY_EDN0_BASE_ADDR)};
116  const dif_edn_t edn1 = {
117  .base_addr = mmio_region_from_addr(TOP_EARLGREY_EDN1_BASE_ADDR)};
118 
119  TRY(entropy_testutils_stop_all());
120 
121  // Re-enable entropy src and csrng.
122  TRY(entropy_testutils_entropy_src_init());
123  TRY(dif_csrng_configure(&csrng));
124 
125  // Re-enable EDN0 in auto mode.
126  TRY(dif_edn_set_auto_mode(
127  &edn0,
128  (dif_edn_auto_params_t){
129  // EDN0 provides lower-quality entropy. Let one generate command
130  // return 8
131  // blocks, and reseed every 32 generates.
132  .instantiate_cmd =
133  {
134  .cmd = csrng_cmd_header_build(kCsrngAppCmdInstantiate,
135  kDifCsrngEntropySrcToggleEnable,
136  /*cmd_len=*/0,
137  /*generate_len=*/0),
138  .seed_material =
139  {
140  .len = 0,
141  },
142  },
143  .reseed_cmd =
144  {
145  .cmd = csrng_cmd_header_build(
146  kCsrngAppCmdReseed, kDifCsrngEntropySrcToggleEnable,
147  /*cmd_len=*/0, /*generate_len=*/0),
148  .seed_material =
149  {
150  .len = 0,
151  },
152  },
153  .generate_cmd =
154  {
155  // Generate 8 128-bit blocks.
156  .cmd = csrng_cmd_header_build(kCsrngAppCmdGenerate,
157  kDifCsrngEntropySrcToggleEnable,
158  /*cmd_len=*/0,
159  /*generate_len=*/8),
160  .seed_material =
161  {
162  .len = 0,
163  },
164  },
165  // Reseed every 0xffffffff generates.
166  .reseed_interval = 0xffffffff,
167  }));
168 
169  // Re-enable EDN1 in auto mode.
170  TRY(dif_edn_set_auto_mode(
171  &edn1,
172  (dif_edn_auto_params_t){
173  // EDN1 provides highest-quality entropy. Let one generate command
174  // return 1 block, and reseed after every generate.
175  .instantiate_cmd =
176  {
177  .cmd = csrng_cmd_header_build(kCsrngAppCmdInstantiate,
178  kDifCsrngEntropySrcToggleEnable,
179  /*cmd_len=*/0,
180  /*generate_len=*/0),
181  .seed_material =
182  {
183  .len = 0,
184  },
185  },
186  .reseed_cmd =
187  {
188  .cmd = csrng_cmd_header_build(
189  kCsrngAppCmdReseed, kDifCsrngEntropySrcToggleEnable,
190  /*cmd_len=*/0, /*generate_len=*/0),
191  .seed_material =
192  {
193  .len = 0,
194  },
195  },
196  .generate_cmd =
197  {
198  // Generate 1 128-bit block.
199  .cmd = csrng_cmd_header_build(kCsrngAppCmdGenerate,
200  kDifCsrngEntropySrcToggleEnable,
201  /*cmd_len=*/0,
202  /*generate_len=*/1),
203  .seed_material =
204  {
205  .len = 0,
206  },
207  },
208  // Reseed after every 0xffffffff generates.
209  .reseed_interval = 0xffffffff,
210  }));
211 #endif
212  return OK_STATUS();
213 }
214 
215 pentest_sensor_alerts_t pentest_get_sensor_alerts(void) {
216  pentest_sensor_alerts_t registered;
217  memset(registered.alerts, 0, sizeof(registered.alerts));
218  CHECK_DIF_OK(
219  dif_sensor_ctrl_get_fatal_events(&sensor_ctrl, &registered.alerts[0]));
220  CHECK_DIF_OK(
221  dif_sensor_ctrl_get_recov_events(&sensor_ctrl, &registered.alerts[1]));
222  return registered;
223 }
224 
225 void pentest_clear_sensor_recov_alerts(void) {
226  for (size_t it = 0; it < SENSOR_CTRL_PARAM_NUM_ALERT_EVENTS; it++) {
227  CHECK_DIF_OK(dif_sensor_ctrl_clear_recov_event(&sensor_ctrl, it));
228  }
229 }
230 
231 pentest_registered_alerts_t pentest_get_triggered_alerts(void) {
232  pentest_registered_alerts_t registered;
233  memset(registered.alerts, 0, sizeof(registered.alerts));
234 
235 #if !OT_IS_ENGLISH_BREAKFAST
236  bool is_cause;
237  // Loop over all alert_cause regs
238  for (size_t alert = 0; alert < ALERT_HANDLER_PARAM_N_ALERTS; alert++) {
239  CHECK_DIF_OK(
240  dif_alert_handler_alert_is_cause(&alert_handler, alert, &is_cause));
241  if (is_cause) {
242  if (alert < 32) {
243  registered.alerts[0] |= (1 << alert);
244  } else if (alert < 64) {
245  registered.alerts[1] |= (1 << (alert - 32));
246  } else {
247  registered.alerts[2] |= (1 << (alert - 64));
248  }
249  }
250  }
251 
252  // Loop over all alert_cause regs.
253  for (dif_alert_handler_alert_t i = 0; i < ALERT_HANDLER_PARAM_N_ALERTS; i++) {
254  CHECK_DIF_OK(dif_alert_handler_alert_acknowledge(&alert_handler, i));
255  }
256 #endif
257 
258  return registered;
259 }
260 
261 void pentest_configure_alert_handler(void) {
262 #if !OT_IS_ENGLISH_BREAKFAST
263  irq_global_ctrl(true);
264  irq_external_ctrl(true);
265 
266  mmio_region_t base_addr =
267  mmio_region_from_addr(TOP_EARLGREY_RV_PLIC_BASE_ADDR);
268  CHECK_DIF_OK(dif_rv_plic_init(base_addr, &plic));
269 
270  base_addr = mmio_region_from_addr(TOP_EARLGREY_ALERT_HANDLER_BASE_ADDR);
271  CHECK_DIF_OK(dif_alert_handler_init(base_addr, &alert_handler));
272 
273  dif_alert_handler_alert_t alerts[ALERT_HANDLER_PARAM_N_ALERTS];
274  dif_alert_handler_class_t alert_classes[ALERT_HANDLER_PARAM_N_ALERTS];
275 
276  // Enable all incoming alerts and configure them to classa.
277  for (dif_alert_handler_alert_t i = 0; i < ALERT_HANDLER_PARAM_N_ALERTS; ++i) {
278  alerts[i] = i;
279  alert_classes[i] = kDifAlertHandlerClassA;
280  }
281 
282  dif_alert_handler_escalation_phase_t esc_phases[] = {
283  {.phase = kDifAlertHandlerClassStatePhase0,
284  .signal = 0,
285  .duration_cycles = 2000}};
286 
287  dif_alert_handler_class_config_t class_config = {
288  .auto_lock_accumulation_counter = kDifToggleDisabled,
289  .accumulator_threshold = 0,
290  .irq_deadline_cycles = 10000,
291  .escalation_phases = esc_phases,
292  .escalation_phases_len = ARRAYSIZE(esc_phases),
293  .crashdump_escalation_phase = kDifAlertHandlerClassStatePhase0,
294  };
295 
296  dif_alert_handler_class_config_t class_configs[] = {class_config};
297 
298  dif_alert_handler_class_t classes[] = {kDifAlertHandlerClassA};
299  dif_alert_handler_config_t config = {
300  .alerts = alerts,
301  .alert_classes = alert_classes,
302  .alerts_len = ARRAYSIZE(alerts),
303  .classes = classes,
304  .class_configs = class_configs,
305  .classes_len = ARRAYSIZE(class_configs),
306  .ping_timeout = 256,
307  };
308 
309  CHECK_STATUS_OK(alert_handler_testutils_configure_all(&alert_handler, config,
310  kDifToggleEnabled));
311  // Enables alert handler irq.
312  CHECK_DIF_OK(dif_alert_handler_irq_set_enabled(
313  &alert_handler, kDifAlertHandlerIrqClassa, kDifToggleEnabled));
314 #endif
315 }
316 
317 status_t pentest_read_device_id(uint32_t device_id[]) {
318 #if !OT_IS_ENGLISH_BREAKFAST
319  mmio_region_t lc_reg =
320  mmio_region_from_addr(TOP_EARLGREY_LC_CTRL_REGS_BASE_ADDR);
321  CHECK_DIF_OK(dif_lc_ctrl_init(lc_reg, &lc));
322 
323  dif_lc_ctrl_device_id_t lc_device_id;
324  CHECK_DIF_OK(dif_lc_ctrl_get_device_id(&lc, &lc_device_id));
325  memcpy(device_id, lc_device_id.data, 8 * sizeof(uint32_t));
326 #else
327  memset(device_id, 0, 8 * sizeof(uint32_t));
328 #endif
329 
330  return OK_STATUS();
331 }
332 
333 status_t pentest_configure_cpu(
334  bool disable_icache, bool disable_dummy_instr, bool enable_jittery_clock,
335  bool enable_sram_readback, bool *clock_jitter_locked, bool *clock_jitter_en,
336  bool *sram_main_readback_locked, bool *sram_ret_readback_locked,
337  bool *sram_main_readback_en, bool *sram_ret_readback_en) {
338  uint32_t cpuctrl_csr;
339  // Get current config.
340  CSR_READ(CSR_REG_CPUCTRL, &cpuctrl_csr);
341  // Disable the iCache.
342  if (disable_icache) {
343  cpuctrl_csr = bitfield_field32_write(
344  cpuctrl_csr, (bitfield_field32_t){.mask = 0x1, .index = 0}, 0);
345  }
346 
347  // Disable dummy instructions.
348  if (disable_dummy_instr) {
349  cpuctrl_csr = bitfield_field32_write(
350  cpuctrl_csr, (bitfield_field32_t){.mask = 0x1, .index = 2}, 0);
351  }
352 
353  // Write back config.
354  CSR_WRITE(CSR_REG_CPUCTRL, cpuctrl_csr);
355 
356  // Enable or disable the jittery clock.
357  dif_clkmgr_t clkmgr;
358  TRY(dif_clkmgr_init(mmio_region_from_addr(TOP_EARLGREY_CLKMGR_AON_BASE_ADDR),
359  &clkmgr));
360 
361  TRY(dif_clkmgr_jitter_enable_is_locked(&clkmgr, clock_jitter_locked));
362  dif_toggle_t clock_jitter_state;
363  TRY(dif_clkmgr_jitter_get_enabled(&clkmgr, &clock_jitter_state));
364 
365  if (!*clock_jitter_locked) {
366  if (enable_jittery_clock) {
367  TRY(dif_clkmgr_jitter_set_enabled(&clkmgr, kDifToggleEnabled));
368  } else {
369  mmio_region_write32(clkmgr.base_addr, CLKMGR_JITTER_ENABLE_REG_OFFSET,
370  kMultiBitBool4False);
371  }
372  TRY(dif_clkmgr_jitter_get_enabled(&clkmgr, &clock_jitter_state));
373  }
374 
375  *clock_jitter_en = (clock_jitter_state == kDifToggleDisabled) ? false : true;
376 
377  // Enable or disable SRAM main and ret readback feature.
378  dif_sram_ctrl_t sram_ctrl_ret;
379  dif_sram_ctrl_t sram_ctrl_main;
380  TRY(dif_sram_ctrl_init(
381  mmio_region_from_addr(TOP_EARLGREY_SRAM_CTRL_RET_AON_REGS_BASE_ADDR),
382  &sram_ctrl_ret));
383  TRY(dif_sram_ctrl_init(
384  mmio_region_from_addr(TOP_EARLGREY_SRAM_CTRL_MAIN_REGS_BASE_ADDR),
385  &sram_ctrl_main));
386 
387  dif_result_t ret_locked;
388  dif_result_t main_locked;
389  if (enable_sram_readback) {
390  ret_locked = dif_sram_ctrl_readback_set(&sram_ctrl_ret, kDifToggleEnabled);
391  main_locked =
392  dif_sram_ctrl_readback_set(&sram_ctrl_main, kDifToggleEnabled);
393  } else {
394  ret_locked = dif_sram_ctrl_readback_set(&sram_ctrl_ret, kDifToggleDisabled);
395  main_locked =
396  dif_sram_ctrl_readback_set(&sram_ctrl_main, kDifToggleDisabled);
397  }
398 
399  uint32_t ret_status =
400  abs_mmio_read32(TOP_EARLGREY_SRAM_CTRL_RET_AON_REGS_BASE_ADDR +
401  SRAM_CTRL_READBACK_REG_OFFSET);
402  uint32_t main_status =
403  abs_mmio_read32(TOP_EARLGREY_SRAM_CTRL_MAIN_REGS_BASE_ADDR +
404  SRAM_CTRL_READBACK_REG_OFFSET);
405 
406  // Report the configuration.
407  *sram_main_readback_locked = (main_locked == kDifLocked) ? true : false;
408  *sram_ret_readback_locked = (ret_locked == kDifLocked) ? true : false;
409 
410  *sram_ret_readback_en = (ret_status == kMultiBitBool4True) ? true : false;
411  *sram_main_readback_en = (main_status == kMultiBitBool4True) ? true : false;
412 
413  return OK_STATUS();
414 }
415 
416 /**
417  * Initializes the UART peripheral.
418  */
419 static void pentest_init_uart(void) {
420  CHECK(kUartBaudrate <= UINT32_MAX, "kUartBaudrate must fit in uint32_t");
421  CHECK(kClockFreqPeripheralHz <= UINT32_MAX,
422  "kClockFreqPeripheralHz must fit in uint32_t");
423  const dif_uart_config_t uart_config = {
424  .baudrate = (uint32_t)kUartBaudrate,
425  .clk_freq_hz = (uint32_t)kClockFreqPeripheralHz,
426  .parity_enable = kDifToggleDisabled,
427  .parity = kDifUartParityEven,
428  .tx_enable = kDifToggleEnabled,
429  .rx_enable = kDifToggleEnabled,
430  };
431 
432  OT_DISCARD(dif_uart_init(mmio_region_from_addr(TOP_EARLGREY_UART0_BASE_ADDR),
433  &uart0));
434  OT_DISCARD(dif_uart_configure(&uart0, uart_config));
435  base_uart_stdout(&uart0);
436 
437 #if !OT_IS_ENGLISH_BREAKFAST
438  OT_DISCARD(dif_uart_init(mmio_region_from_addr(TOP_EARLGREY_UART1_BASE_ADDR),
439  &uart1));
440  OT_DISCARD(dif_uart_configure(&uart1, uart_config));
441 #endif
442 }
443 
444 /**
445  * Initializes the GPIO peripheral.
446  *
447  * @param trigger Trigger source.
448  */
449 static void pentest_init_gpio(pentest_trigger_source_t trigger) {
450  OT_DISCARD(
451  dif_gpio_init(mmio_region_from_addr(TOP_EARLGREY_GPIO_BASE_ADDR), &gpio));
452 
453  uint32_t select_mask =
454  bitfield_field32_write(0, kTriggerSourceBitfield, UINT32_MAX);
455  uint32_t enable_mask = bitfield_bit32_write(0, kTriggerHwGateBitIndex, true);
456  enable_mask = bitfield_bit32_write(enable_mask, kTriggerSwBitIndex, true);
457 
458  // Configure the pinmux to enable the GPIOs.
459  for (size_t i = 0; i < 32; ++i) {
460  if ((select_mask | enable_mask) & (1u << i)) {
461  dif_pinmux_index_t mio = kTopEarlgreyPinmuxInselIoa0 + i;
462  dif_pinmux_index_t periph_io =
463  kTopEarlgreyPinmuxPeripheralInGpioGpio0 + i;
464  OT_DISCARD(dif_pinmux_input_select(&pinmux, periph_io, mio));
465 
466  mio = kTopEarlgreyPinmuxMioOutIoa0 + i;
467  periph_io = kTopEarlgreyPinmuxOutselGpioGpio0 + i;
468  OT_DISCARD(dif_pinmux_output_select(&pinmux, mio, periph_io));
469  }
470  }
471 
472  OT_DISCARD(dif_gpio_output_set_enabled_all(&gpio, select_mask | enable_mask));
473 
474  OT_DISCARD(dif_gpio_write_masked(
475  &gpio, select_mask,
476  bitfield_field32_write(0, kTriggerSourceBitfield, trigger)));
477 }
478 
479 /**
480  * Initializes the timer peripheral.
481  */
482 static void pentest_init_timer(void) {
483  OT_DISCARD(dif_rv_timer_init(
484  mmio_region_from_addr(TOP_EARLGREY_RV_TIMER_BASE_ADDR), &timer));
485  OT_DISCARD(dif_rv_timer_reset(&timer));
486  dif_rv_timer_tick_params_t tick_params;
487  OT_DISCARD(dif_rv_timer_approximate_tick_params(
488  kClockFreqPeripheralHz, kClockFreqCpuHz, &tick_params));
489  OT_DISCARD(dif_rv_timer_set_tick_params(&timer, kRvTimerHart, tick_params));
490  OT_DISCARD(dif_rv_timer_irq_set_enabled(
491  &timer, kDifRvTimerIrqTimerExpiredHart0Timer0, kDifToggleEnabled));
492  irq_timer_ctrl(true);
493  irq_global_ctrl(true);
494 }
495 
496 /**
497  * Initializes the CSRNG handle.
498  */
499 static void pentest_init_csrng(void) {
500 #if !OT_IS_ENGLISH_BREAKFAST
501  OT_DISCARD(dif_csrng_init(mmio_region_from_addr(TOP_EARLGREY_CSRNG_BASE_ADDR),
502  &csrng));
503  OT_DISCARD(dif_csrng_init(mmio_region_from_addr(TOP_EARLGREY_CSRNG_BASE_ADDR),
504  &csrng));
505 #endif
506 }
507 
508 static void pentest_init_sensor_ctrl(void) {
509 #if !OT_IS_ENGLISH_BREAKFAST
510  CHECK_DIF_OK(dif_sensor_ctrl_init(
511  mmio_region_from_addr(TOP_EARLGREY_SENSOR_CTRL_AON_BASE_ADDR),
512  &sensor_ctrl));
513 #endif
514 }
515 
516 /**
517  * Initializes the EDN handle.
518  */
519 static void pentest_init_edn(void) {
520 #if !OT_IS_ENGLISH_BREAKFAST
521  OT_DISCARD(
522  dif_edn_init(mmio_region_from_addr(TOP_EARLGREY_EDN0_BASE_ADDR), &edn0));
523 
524  OT_DISCARD(
525  dif_edn_init(mmio_region_from_addr(TOP_EARLGREY_EDN1_BASE_ADDR), &edn1));
526 #endif
527 }
528 
529 /**
530  * Override default Timer ISR.
531  *
532  * Disables the counter and clears pending interrupts.
533  */
534 void ottf_timer_isr(uint32_t *exc_info) {
535  // Return values of below functions are ignored to improve capture
536  // performance.
537  OT_DISCARD(dif_rv_timer_counter_set_enabled(&timer, kRvTimerHart,
538  kDifToggleDisabled));
539  OT_DISCARD(dif_rv_timer_irq_acknowledge(
540  &timer, kDifRvTimerIrqTimerExpiredHart0Timer0));
541 }
542 
543 /**
544  * Disables the given peripherals to reduce noise during SCA.
545  *
546  * Care must be taken when disabling the entropy complex if a peripheral that
547  * depends on it will be used in SCA. E.g., We can disable the entropy complex
548  * when analyzing AES only because AES features a parameter to skip PRNG
549  * reseeding for SCA experiments. Without this parameter, AES would simply get
550  * stalled with a disabled entropy complex.
551  *
552  * @param disable Set of peripherals to disable.
553  */
554 void sca_disable_peripherals(pentest_peripherals_t disable) {
555 #if !OT_IS_ENGLISH_BREAKFAST
556  if (disable & kPentestPeripheralEdn) {
557  OT_DISCARD(dif_edn_stop(&edn0));
558  OT_DISCARD(dif_edn_stop(&edn1));
559  }
560  if (disable & kPentestPeripheralCsrng) {
561  OT_DISCARD(dif_csrng_stop(&csrng));
562  }
563  if (disable & kPentestPeripheralEntropy) {
564  dif_entropy_src_t entropy;
565  OT_DISCARD(dif_entropy_src_init(
566  mmio_region_from_addr(TOP_EARLGREY_ENTROPY_SRC_BASE_ADDR), &entropy));
567  OT_DISCARD(dif_entropy_src_set_enabled(&entropy, kDifToggleDisabled));
568  }
569 #endif
570 
571  // Disable HMAC, KMAC, OTBN and USB clocks through CLKMGR DIF.
572  dif_clkmgr_t clkmgr;
573  OT_DISCARD(dif_clkmgr_init(
574  mmio_region_from_addr(TOP_EARLGREY_CLKMGR_AON_BASE_ADDR), &clkmgr));
575 
576  if (disable & kPentestPeripheralAes) {
577  OT_DISCARD(dif_clkmgr_hintable_clock_set_hint(
578  &clkmgr, CLKMGR_CLK_HINTS_CLK_MAIN_AES_HINT_BIT, kDifToggleDisabled));
579  }
580 #if !OT_IS_ENGLISH_BREAKFAST
581  if (disable & kPentestPeripheralHmac) {
582  OT_DISCARD(dif_clkmgr_hintable_clock_set_hint(
583  &clkmgr, CLKMGR_CLK_HINTS_CLK_MAIN_HMAC_HINT_BIT, kDifToggleDisabled));
584  }
585 #endif
586  if (disable & kPentestPeripheralIoDiv4) {
587  OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
588  &clkmgr, CLKMGR_CLK_ENABLES_CLK_IO_DIV4_PERI_EN_BIT,
589  kDifToggleDisabled));
590  }
591  if (disable & kPentestPeripheralIoDiv2) {
592  OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
593  &clkmgr, CLKMGR_CLK_ENABLES_CLK_IO_DIV2_PERI_EN_BIT,
594  kDifToggleDisabled));
595  }
596  if (disable & kPentestPeripheralUsb) {
597  OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
598  &clkmgr, CLKMGR_CLK_ENABLES_CLK_USB_PERI_EN_BIT, kDifToggleDisabled));
599  }
600  if (disable & kPentestPeripheralIo) {
601  OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
602  &clkmgr, CLKMGR_CLK_ENABLES_CLK_IO_PERI_EN_BIT, kDifToggleDisabled));
603  }
604 
605 #if !OT_IS_ENGLISH_BREAKFAST
606  if (disable & kPentestPeripheralKmac) {
607  OT_DISCARD(dif_clkmgr_hintable_clock_set_hint(
608  &clkmgr, CLKMGR_CLK_HINTS_CLK_MAIN_KMAC_HINT_BIT, kDifToggleDisabled));
609  }
610  if (disable & kPentestPeripheralOtbn) {
611  OT_DISCARD(dif_clkmgr_hintable_clock_set_hint(
612  &clkmgr, CLKMGR_CLK_HINTS_CLK_MAIN_OTBN_HINT_BIT, kDifToggleDisabled));
613  }
614 #endif
615 }
616 
617 void pentest_init(pentest_trigger_source_t trigger,
618  pentest_peripherals_t enable) {
619  OT_DISCARD(dif_pinmux_init(
620  mmio_region_from_addr(TOP_EARLGREY_PINMUX_AON_BASE_ADDR), &pinmux));
621  pinmux_testutils_init(&pinmux);
622  pentest_init_uart();
623  pentest_init_gpio(trigger);
624  pentest_init_timer();
625  pentest_init_csrng();
626  pentest_init_edn();
627  pentest_init_sensor_ctrl();
628  sca_disable_peripherals(~enable);
629 
630  // Configure reset manager and enable alert crash dump capture.
631  OT_DISCARD(dif_rstmgr_init(
632  mmio_region_from_addr(TOP_EARLGREY_RSTMGR_AON_BASE_ADDR), &rstmgr));
633  CHECK_DIF_OK(dif_rstmgr_alert_info_set_enabled(&rstmgr, kDifToggleEnabled));
634 
635  // Enable all sensor control AST alerts.
636  for (uint32_t k = 0; k < SENSOR_CTRL_PARAM_NUM_ALERT_EVENTS; k++) {
637  dif_result_t res =
638  dif_sensor_ctrl_set_alert_en(&sensor_ctrl, k, kDifToggleEnabled);
639  if (res != kDifOk) {
640  LOG_INFO("Enabling alert %d in sensor control did not work", k);
641  }
642  }
643 }
644 
645 const dif_uart_t *pentest_get_uart(void) { return &uart1; }
646 
647 void pentest_select_trigger_type(pentest_trigger_type_t trigger_type) {
648  if (trigger_type == kPentestTriggerTypeHwGated) {
649  trigger_bit_index = kTriggerHwGateBitIndex;
650  } else if (trigger_type == kPentestTriggerTypeSw) {
651  trigger_bit_index = kTriggerSwBitIndex;
652  }
653 }
654 
655 void pentest_set_trigger_high(void) {
656  OT_DISCARD(dif_gpio_write(&gpio, trigger_bit_index, true));
657 }
658 
659 void pentest_set_trigger_low(void) {
660  OT_DISCARD(dif_gpio_write(&gpio, trigger_bit_index, false));
661 }
662 
663 void pentest_call_and_sleep(sca_callee callee, uint32_t sleep_cycles,
664  bool sw_trigger, bool otbn) {
665  // Disable the IO_DIV4_PERI clock to reduce noise during the actual capture.
666  // This also disables the UART(s) and GPIO modules required for
667  // communication with the scope. Therefore, it has to be re-enabled after
668  // the capture.
669  dif_clkmgr_t clkmgr;
670  OT_DISCARD(dif_clkmgr_init(
671  mmio_region_from_addr(TOP_EARLGREY_CLKMGR_AON_BASE_ADDR), &clkmgr));
672 
673  // Start timer to wake Ibex after the callee is done.
674  uint64_t current_time;
675  // Return values of below functions are ignored to improve capture
676  // performance.
677  OT_DISCARD(dif_rv_timer_counter_read(&timer, kRvTimerHart, &current_time));
678  OT_DISCARD(dif_rv_timer_arm(&timer, kRvTimerHart, kRvTimerComparator,
679  current_time + sleep_cycles));
680  OT_DISCARD(dif_rv_timer_counter_set_enabled(&timer, kRvTimerHart,
681  kDifToggleEnabled));
682 
683  if (sw_trigger) {
684  pentest_set_trigger_high();
685  }
686 
687  callee();
688 
689  wait_for_interrupt();
690 
691 #if !OT_IS_ENGLISH_BREAKFAST
692  if (otbn) {
693  otbn_busy_wait_for_done();
694  }
695 #endif
696 
697  if (sw_trigger) {
698  pentest_set_trigger_low();
699  }
700 
701  // Re-enable IO_DIV4_PERI clock to resume communication with the scope.
702  OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
703  &clkmgr, CLKMGR_CLK_ENABLES_CLK_IO_DIV4_PERI_EN_BIT, kDifToggleEnabled));
704 }
705 
706 static uint32_t sca_lfsr_state_masking = 0xdeadbeef;
707 static uint32_t sca_lfsr_state_order = 0x99999999;
708 
709 void pentest_seed_lfsr(uint32_t seed, pentest_lfsr_context_t context) {
710  if (context == kPentestLfsrMasking) {
711  sca_lfsr_state_masking = seed;
712  }
713  if (context == kPentestLfsrOrder) {
714  sca_lfsr_state_order = seed;
715  }
716 }
717 
718 uint32_t pentest_next_lfsr(uint16_t num_steps, pentest_lfsr_context_t context) {
719  uint32_t sca_lfsr_state;
720  if (context == kPentestLfsrMasking) {
721  sca_lfsr_state = sca_lfsr_state_masking;
722  }
723  if (context == kPentestLfsrOrder) {
724  sca_lfsr_state = sca_lfsr_state_order;
725  }
726  const uint32_t lfsr_out = sca_lfsr_state;
727  for (size_t i = 0; i < num_steps; ++i) {
728  bool lfsr_bit = sca_lfsr_state & 0x00000001;
729  sca_lfsr_state = sca_lfsr_state >> 1;
730  if (lfsr_bit) {
731  sca_lfsr_state ^= 0x80000057;
732  }
733  }
734  if (context == kPentestLfsrMasking) {
735  sca_lfsr_state_masking = sca_lfsr_state;
736  }
737  if (context == kPentestLfsrOrder) {
738  sca_lfsr_state_order = sca_lfsr_state;
739  }
740  return lfsr_out;
741 }
742 
743 uint32_t pentest_linear_layer(uint32_t input) {
744  uint32_t output =
745  // output[7:0]
746  (((input >> 0) & 0x1) << 7) | (((input >> 6) & 0x1) << 6) |
747  (((input >> 11) & 0x1) << 5) | (((input >> 14) & 0x1) << 4) |
748  (((input >> 1) & 0x1) << 3) | (((input >> 7) & 0x1) << 2) |
749  (((input >> 10) & 0x1) << 1) | (((input >> 13) & 0x1) << 0) |
750  // output[15:8]
751  (((input >> 2) & 0x1) << 15) | (((input >> 4) & 0x1) << 14) |
752  (((input >> 9) & 0x1) << 13) | (((input >> 12) & 0x1) << 12) |
753  (((input >> 3) & 0x1) << 11) | (((input >> 5) & 0x1) << 10) |
754  (((input >> 8) & 0x1) << 9) | (((input >> 15) & 0x1) << 8) |
755  // output[23:16]
756  (((input >> 16) & 0x1) << 23) | (((input >> 22) & 0x1) << 22) |
757  (((input >> 27) & 0x1) << 21) | (((input >> 30) & 0x1) << 20) |
758  (((input >> 17) & 0x1) << 19) | (((input >> 23) & 0x1) << 18) |
759  (((input >> 26) & 0x1) << 17) | (((input >> 29) & 0x1) << 16) |
760  // output[31:24]
761  (((input >> 18) & 0x1) << 31) | (((input >> 20) & 0x1) << 30) |
762  (((input >> 25) & 0x1) << 29) | (((input >> 28) & 0x1) << 28) |
763  (((input >> 19) & 0x1) << 27) | (((input >> 21) & 0x1) << 26) |
764  (((input >> 24) & 0x1) << 25) | (((input >> 31) & 0x1) << 24);
765 
766  return output;
767 }
768 
769 uint32_t pentest_non_linear_layer(uint32_t input) {
770  uint32_t output;
771  if (input != 0) {
772  // Perform the AES S-Box look ups bytewise.
773  output = (uint32_t)(sbox[(input >> 24) & 0xFF] << 24) |
774  (uint32_t)(sbox[(input >> 16) & 0xFF] << 16) |
775  (uint32_t)(sbox[(input >> 8) & 0xFF] << 8) | sbox[input & 0xFF];
776  } else {
777  output = input;
778  }
779 
780  return output;
781 }
782 
783 status_t pentest_read_rstmgr_alert_info(ujson_t *uj) {
784  // Init the reset manager.
785  TRY(dif_rstmgr_init(mmio_region_from_addr(TOP_EARLGREY_RSTMGR_AON_BASE_ADDR),
786  &rstmgr));
787 
788  // Read the reset reason from the reset manager.
789  dif_rstmgr_reset_info_bitfield_t rst_info;
790  rst_info = rstmgr_testutils_reason_get();
791  rstmgr_testutils_reason_clear();
792 
793  // Read the alert dump information.
794  dif_rstmgr_alert_info_dump_segment_t dump[DIF_RSTMGR_ALERT_INFO_MAX_SIZE];
795  size_t seg_size;
796  alert_handler_testutils_info_t actual_info;
797  TRY(dif_rstmgr_alert_info_dump_read(
798  &rstmgr, dump, DIF_RSTMGR_ALERT_INFO_MAX_SIZE, &seg_size));
799  TRY(alert_handler_testutils_info_parse(dump, (int)seg_size, &actual_info));
800 
801  // Transmit to host.
802  penetrationtest_alert_dump_t uj_output;
803  uj_output.rst_reason = rst_info;
804 
805  // Clear the array.
806  memset(uj_output.alert_cause, 0, sizeof(uj_output.alert_cause));
807  memset(uj_output.class_accum_cnt, 0, sizeof(uj_output.class_accum_cnt));
808  memset(uj_output.class_esc_cnt, 0, sizeof(uj_output.class_esc_cnt));
809  memset(uj_output.class_esc_state, 0, sizeof(uj_output.class_esc_state));
810 
811  // Copy the crash dump.
812  memcpy(uj_output.alert_cause, actual_info.alert_cause,
813  sizeof(uj_output.alert_cause));
814  uj_output.loc_alert_cause = actual_info.loc_alert_cause;
815  memcpy(uj_output.class_accum_cnt, actual_info.class_accum_cnt,
816  sizeof(uj_output.class_accum_cnt));
817  memcpy(uj_output.class_esc_cnt, actual_info.class_esc_cnt,
818  sizeof(uj_output.class_esc_cnt));
819  memcpy(uj_output.class_esc_state, actual_info.class_esc_state,
820  sizeof(uj_output.class_esc_state));
821 
822  return RESP_OK(ujson_serialize_penetrationtest_alert_dump_t, uj, &uj_output);
823 }
Return to OpenTitan Documentation