Software APIs
rnd.c
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#include "sw/device/silicon_creator/lib/drivers/rnd.h"
6
7#include "hw/top/dt/entropy_src.h"
8#include "hw/top/dt/rv_core_ibex.h"
9#include "sw/device/lib/arch/boot_stage.h"
10#include "sw/device/lib/base/abs_mmio.h"
11#include "sw/device/lib/base/crc32.h"
12#include "sw/device/lib/base/csr.h"
13#include "sw/device/lib/base/hardened.h"
14#include "sw/device/lib/base/macros.h"
15#include "sw/device/silicon_creator/lib/drivers/otp.h"
16
17#include "hw/top/entropy_src_regs.h"
18#include "hw/top/otp_ctrl_regs.h"
19#include "hw/top/rv_core_ibex_regs.h"
20
21enum {
22 // This covers the health threshold registers which are contiguous. The alert
23 // threshold register is not included here.
24 kNumHealthRegisters = 9,
25};
26
27static inline uint32_t entropy_src_base(void) {
28 return dt_entropy_src_primary_reg_block(kDtEntropySrc);
29}
30
31static inline uint32_t ibex_base(void) {
32 return dt_rv_core_ibex_primary_reg_block(kDtRvCoreIbex);
33}
34
35// Check the number of health registers covered by this driver.
36static_assert(kNumHealthRegisters ==
37 (ENTROPY_SRC_EXTHT_LO_THRESHOLDS_REG_OFFSET -
38 ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET) /
39 sizeof(uint32_t) +
40 1,
41 "Unexpected entropy_src health register count.");
42
43// Ensure the relative offsets of OTP versus entropy_src registers are
44// equivalent. This is imporant as rom_start.S uses a copy function to
45// copy the values from OTP into the entropy_src.
46#define ASSERT_REG_OFFSET(otp_offset_, entropy_src_offset_) \
47 static_assert( \
48 ((otp_offset_)-OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET) == \
49 ((entropy_src_offset_)-ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET), \
50 "OTP configuration offset does not match the expected entropy_src " \
51 "register offset")
52
53ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS_OFFSET,
54 ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET);
55ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS_OFFSET,
56 ENTROPY_SRC_REPCNTS_THRESHOLDS_REG_OFFSET);
57ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS_OFFSET,
58 ENTROPY_SRC_ADAPTP_HI_THRESHOLDS_REG_OFFSET);
59ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS_OFFSET,
60 ENTROPY_SRC_ADAPTP_LO_THRESHOLDS_REG_OFFSET);
61ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS_OFFSET,
62 ENTROPY_SRC_BUCKET_THRESHOLDS_REG_OFFSET);
63ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS_OFFSET,
64 ENTROPY_SRC_MARKOV_HI_THRESHOLDS_REG_OFFSET);
65ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS_OFFSET,
66 ENTROPY_SRC_MARKOV_LO_THRESHOLDS_REG_OFFSET);
67ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS_OFFSET,
68 ENTROPY_SRC_EXTHT_HI_THRESHOLDS_REG_OFFSET);
69ASSERT_REG_OFFSET(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS_OFFSET,
70 ENTROPY_SRC_EXTHT_LO_THRESHOLDS_REG_OFFSET);
71
72/**
73 * Calculates CRC32 over the entropy_src health test and alert thresholds.
74 */
75static uint32_t health_config_crc32(void) {
76 uint32_t ctx;
77 crc32_init(&ctx);
78
79 // Health test thresholds, whose offsets are statically checked.
80 uint32_t offset = ENTROPY_SRC_REPCNT_THRESHOLDS_REG_OFFSET;
81 for (size_t i = 0; i < kNumHealthRegisters; ++i, offset += sizeof(uint32_t)) {
82 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() + offset));
83 }
84 crc32_add32(&ctx, abs_mmio_read32(entropy_src_base() +
85 ENTROPY_SRC_ALERT_THRESHOLD_REG_OFFSET));
86 return crc32_finish(&ctx);
87}
88
89rom_error_t rnd_health_config_check(lifecycle_state_t lc_state) {
90 if (otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) !=
91 kHardenedBoolTrue) {
92 return kErrorOk;
93 }
94
95 uint32_t crc32 = health_config_crc32();
96 rom_error_t res = crc32;
97
98 if (launder32(lc_state) == kLcStateTest) {
99 res ^= crc32 ^ kErrorOk;
100 HARDENED_CHECK_EQ(res, kErrorOk);
101 HARDENED_CHECK_EQ(lc_state, kLcStateTest);
102 return res;
103 }
104
105 res ^=
106 otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST_OFFSET);
107 if (launder32(res) != kErrorOk) {
108 return kErrorRndBadCrc32;
109 }
110
111 HARDENED_CHECK_EQ(res, kErrorOk);
112 return res;
113}
114
115uint32_t rnd_uint32(void) {
116 if (kBootStage == kBootStageOwner ||
117 otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_RNG_EN_OFFSET) ==
118 kHardenedBoolTrue) {
119 // When bit-0 is clear an EDN request for new data for RND_DATA is
120 // pending.
121 while (!(abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_STATUS_REG_OFFSET) &
122 1)) {
123 }
124 }
125 uint32_t mcycle;
126 CSR_READ(CSR_REG_MCYCLE, &mcycle);
127 return mcycle +
128 abs_mmio_read32(ibex_base() + RV_CORE_IBEX_RND_DATA_REG_OFFSET);
129}
130
131// Provides the source of randomness for `hardened_memshred` (see
132// `hardened_memory.h`). Declare as weak in case the cryptolib driver is also
133// included.
134OT_WEAK
135uint32_t hardened_memshred_random_word(void) { return rnd_uint32(); }
136
137// Provides the source of randomness for `random_order` (see `random_order.h`).
138// Declare as weak in case the cryptolib driver is also included.
139OT_WEAK
140uint32_t random_order_random_word(void) { return rnd_uint32(); }