Software APIs
rnd.c
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#include "sw/device/silicon_creator/lib/drivers/rnd.h"
6
7#include "hw/top/dt/entropy_src.h"
8#include "hw/top/dt/rv_core_ibex.h"
11#include "sw/device/lib/base/crc32.h"
15#include "sw/device/silicon_creator/lib/drivers/otp.h"
16
17#include "hw/top/entropy_src_regs.h"
18#include "hw/top/otp_ctrl_regs.h"
19#include "hw/top/rv_core_ibex_regs.h"
20
21enum {
22 // This covers the health threshold registers which are contiguous. The alert
23 // threshold register is not included here.
24 kNumHealthRegisters = 9,
25};
26
27static inline uint32_t entropy_src_base(void) {
28 return dt_entropy_src_primary_reg_block(kDtEntropySrc);
29}
30
31static inline uint32_t ibex_base(void) {
32 return dt_rv_core_ibex_primary_reg_block(kDtRvCoreIbex);
33}
34
35// Check the number of health registers covered by this driver.
36static_assert(kNumHealthRegisters ==
37 (ENTROPY_SRC_EXTHT_LO_THRESHOLD_REG_OFFSET -
38 ENTROPY_SRC_REPCNT_THRESHOLD_REG_OFFSET) /
39 sizeof(uint32_t) +
40 1,
41 "Unexpected entropy_src health register count.");
42
43// Ensure the relative offsets of OTP versus entropy_src registers are
44// equivalent. This is imporant as rom_start.S uses a copy function to
45// copy the values from OTP into the entropy_src.
46#define ASSERT_REG_OFFSET(otp_offset_, entropy_src_offset_) \
47 static_assert( \
48 ((otp_offset_) - \
49 OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET) == \
50 ((entropy_src_offset_) - ENTROPY_SRC_REPCNT_THRESHOLD_REG_OFFSET), \
51 "OTP configuration offset does not match the expected entropy_src " \
52 "register offset")
53
54ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET,
55 ENTROPY_SRC_REPCNT_THRESHOLD_REG_OFFSET);
56ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS_OFFSET,
57 ENTROPY_SRC_REPCNTS_THRESHOLD_REG_OFFSET);
58ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS_OFFSET,
59 ENTROPY_SRC_ADAPTP_HI_THRESHOLD_REG_OFFSET);
60ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS_OFFSET,
61 ENTROPY_SRC_ADAPTP_LO_THRESHOLD_REG_OFFSET);
62ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS_OFFSET,
63 ENTROPY_SRC_BUCKET_THRESHOLD_REG_OFFSET);
64ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS_OFFSET,
65 ENTROPY_SRC_MARKOV_HI_THRESHOLD_REG_OFFSET);
66ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS_OFFSET,
67 ENTROPY_SRC_MARKOV_LO_THRESHOLD_REG_OFFSET);
68ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS_OFFSET,
69 ENTROPY_SRC_EXTHT_HI_THRESHOLD_REG_OFFSET);
70ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS_OFFSET,
71 ENTROPY_SRC_EXTHT_LO_THRESHOLD_REG_OFFSET);
72
73/**
74 * Calculates CRC32 over the entropy_src health test and alert thresholds.
75 */
76static uint32_t health_config_crc32(void) {
77 uint32_t ctx;
78 crc32_init(&ctx);
79
80 // Health test thresholds, whose offsets are statically checked.
81 uint32_t offset = ENTROPY_SRC_REPCNT_THRESHOLD_REG_OFFSET;
82 for (size_t i = 0; i < kNumHealthRegisters; ++i, offset += sizeof(uint32_t)) {
83 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() + offset));
84 }
85 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() +
86 ENTROPY_SRC_ALERT_THRESHOLD_REG_OFFSET));
87 return crc32_finish(&ctx);
88}
89
90rom_error_t rnd_health_config_check(lifecycle_state_t lc_state,
91 hardened_bool_t boot_mode) {
92 if (otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) !=
94 return kErrorOk;
95 }
96
97 uint32_t crc32 = health_config_crc32();
98 rom_error_t res = crc32;
99
100 if (launder32(lc_state) == kLcStateTest) {
101 res ^= crc32 ^ kErrorOk;
102 HARDENED_CHECK_EQ(res, kErrorOk);
103 HARDENED_CHECK_EQ(lc_state, kLcStateTest);
104 return res;
105 }
106
107 uint32_t config_digest_offset =
108 OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_FIPS_CONFIG_DIGEST_OFFSET;
109 if (boot_mode == kHardenedBoolTrue) {
110 config_digest_offset =
111 OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_BOOT_CONFIG_DIGEST_OFFSET;
112 }
113 res ^= otp_read32(config_digest_offset);
114 if (launder32(res) != kErrorOk) {
115 return kErrorRndBadCrc32;
116 }
117
118 HARDENED_CHECK_EQ(res, kErrorOk);
119 return res;
120}
121
122uint32_t rnd_uint32(void) {
124 otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) ==
126 // When bit-0 is clear an EDN request for new data for RND_DATA is
127 // pending.
128 while (!(abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_STATUS_REG_OFFSET) &
129 1)) {
130 }
131 }
132 uint32_t mcycle;
133 CSR_READ(CSR_REG_MCYCLE, &mcycle);
134 return mcycle +
135 abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_DATA_REG_OFFSET);
136}
137
138// Provides the source of randomness for `hardened_memshred` (see
139// `hardened_memory.h`). Declare as weak in case the cryptolib driver is also
140// included.
142uint32_t hardened_memshred_random_word(void) { return rnd_uint32(); }
143
144// Provides the source of randomness for `random_order` (see `random_order.h`).
145// Declare as weak in case the cryptolib driver is also included.
147uint32_t random_order_random_word(void) { return rnd_uint32(); }