Skip to content

[csrng/rtl] Remove final three prim_fifo_sync from data path #28611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
+496 −1,052
Open

[csrng/rtl] Remove final three prim_fifo_sync from data path #28611

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b2b3304
[csrng/csrng_core] Rework the state db arbitration
glaserf Oct 15, 2025
c9a5677
[csrng/rtl] Remove the bencack FIFO from ctr_drbg_upd
glaserf Oct 6, 2025
612d248
[csrng/rtl] Remove the rcstage FIFO from ctr_drbg_cmd
glaserf Oct 10, 2025
205519d
[csrng/rtl] Remove the keyvrc FIFO from ctr_drbg_cmd
glaserf Oct 15, 2025
433a5d9
[csrng/rtl] Remove the genreq FIFO from ctr_drbg_gen
glaserf Oct 16, 2025
a399665
[csrng/rtl] Use enum data type for cmd field in core data types
glaserf Oct 19, 2025
8a66608
[csrng/rtl] Remove the rcstage FIFO from ctr_drbg_gen
glaserf Oct 20, 2025
9d84eca
[csrng/dv] Add a crosspoint for generate command
glaserf Oct 27, 2025
93747ff
[csrng/rtl] Remove the genbits FIFO from ctr_drbg_gen
glaserf Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 15 additions & 57 deletions hw/ip/csrng/data/csrng.hjson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,9 @@
{ name: "MAIN_SM.FSM.SPARSE"
desc: "The CSRNG main state machine uses a sparse state encoding."
}
{ name: "UPDRSP.FSM.SPARSE"
desc: "The CSRNG update response state machine uses a sparse state encoding."
}
{ name: "UPDATE.FSM.SPARSE"
desc: "The CSRNG update state machine uses a sparse state encoding."
}
Expand All @@ -188,13 +191,13 @@
desc: "The CSRNG block output state machine uses a sparse state encoding."
}
{ name: "GEN_CMD.CTR.REDUN"
desc: "The generate command uses a counter that is protected by a second counter that counts in the opposite direction."
desc: "The generate command uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "DRBG_UPD.CTR.REDUN"
desc: "The ctr_drbg update algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
desc: "The ctr_drbg update algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "DRBG_GEN.CTR.REDUN"
desc: "The ctr_drbg generate algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
desc: "The ctr_drbg generate algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "CTRL.MUBI"
desc: "Multi-bit field used for selection control."
Expand Down Expand Up @@ -728,33 +731,6 @@
This bit will stay set until the next reset.
'''
}
{ bits: "3",
name: "SFIFO_RCSTAGE_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
rcstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "4",
name: "SFIFO_KEYVRC_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
keyvrc FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "7",
name: "SFIFO_BENCACK_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
bencack FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "9",
name: "SFIFO_FINAL_ERR",
desc: '''
Expand All @@ -773,24 +749,6 @@
This bit will stay set until the next reset.
'''
}
{ bits: "11",
name: "SFIFO_GRCSTAGE_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
grcstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "12",
name: "SFIFO_GGENREQ_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
ggenreq FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "13",
name: "SFIFO_GADSTAGE_ERR",
desc: '''
Expand All @@ -800,15 +758,6 @@
This bit will stay set until the next reset.
'''
}
{ bits: "14",
name: "SFIFO_GGENBITS_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
ggenbits FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "15",
name: "SFIFO_CMDID_ERR",
desc: '''
Expand Down Expand Up @@ -882,6 +831,15 @@
This bit will stay set until the next reset.
'''
}
{ bits: "27",
name: "DRBG_CMD_SM_ERR",
desc: '''
This bit will be set when the state machine in the ctr_drbg_cmd unit has entered
an illegal state.
This error will signal a fatal alert, and also an interrupt, if enabled.
This bit will stay set until the next reset.
'''
}
{ bits: "28",
name: "FIFO_WRITE_ERR",
desc: '''
Expand Down
11 changes: 11 additions & 0 deletions hw/ip/csrng/data/csrng_sec_cm_testplan.hjson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,17 @@
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_updrsp_fsm_sparse
desc: '''
Verify the countermeasure(s) UPDRSP.FSM.SPARSE.
The csrng_intr and csrng_err tests verify that if the FSM state is forced to an illegal state encoding 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
'''
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_update_fsm_sparse
desc: '''
Expand Down
1 change: 1 addition & 0 deletions hw/ip/csrng/doc/interfaces.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Referring to the [Comportable guideline for peripheral device functionality](htt
| CSRNG.CONFIG.MUBI | Registers have multi-bit encoded fields. |
| CSRNG.INTERSIG.MUBI | OTP signal used to enable software access to registers. |
| CSRNG.MAIN_SM.FSM.SPARSE | The CSRNG main state machine uses a sparse state encoding. |
| CSRNG.UPDRSP.FSM.SPARSE | The CSRNG update response state machine uses a sparse state encoding. |
| CSRNG.UPDATE.FSM.SPARSE | The CSRNG update state machine uses a sparse state encoding. |
| CSRNG.BLK_ENC.FSM.SPARSE | The CSRNG block encrypt state machine uses a sparse state encoding. |
| CSRNG.OUTBLK.FSM.SPARSE | The CSRNG block output state machine uses a sparse state encoding. |
Expand Down
60 changes: 12 additions & 48 deletions hw/ip/csrng/doc/registers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -555,12 +555,12 @@ Writing a zero resets this status bit.
Hardware detection of error conditions status register
- Offset: `0x54`
- Reset default: `0x0`
- Reset mask: `0x77f0fe9b`
- Reset mask: `0x7ff0a603`

### Fields

```wavejson
{"reg": [{"name": "SFIFO_CMD_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GENBITS_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}, {"name": "SFIFO_RCSTAGE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_KEYVRC_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 2}, {"name": "SFIFO_BENCACK_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}, {"name": "SFIFO_FINAL_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GBENCACK_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GRCSTAGE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GGENREQ_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GADSTAGE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GGENBITS_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_CMDID_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 4}, {"name": "CMD_STAGE_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "MAIN_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_GEN_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_UPDBE_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_UPDOB_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "AES_CIPHER_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "CMD_GEN_CNT_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}, {"name": "FIFO_WRITE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FIFO_READ_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FIFO_STATE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}], "config": {"lanes": 1, "fontsize": 10, "vspace": 200}}
{"reg": [{"name": "SFIFO_CMD_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GENBITS_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 7}, {"name": "SFIFO_FINAL_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SFIFO_GBENCACK_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 2}, {"name": "SFIFO_GADSTAGE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}, {"name": "SFIFO_CMDID_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 4}, {"name": "CMD_STAGE_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "MAIN_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_GEN_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_UPDBE_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_UPDOB_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "AES_CIPHER_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "CMD_GEN_CNT_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "DRBG_CMD_SM_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FIFO_WRITE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FIFO_READ_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FIFO_STATE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 1}], "config": {"lanes": 1, "fontsize": 10, "vspace": 200}}
```

| Bits | Type | Reset | Name |
Expand All @@ -569,7 +569,7 @@ Hardware detection of error conditions status register
| 30 | ro | 0x0 | [FIFO_STATE_ERR](#err_code--fifo_state_err) |
| 29 | ro | 0x0 | [FIFO_READ_ERR](#err_code--fifo_read_err) |
| 28 | ro | 0x0 | [FIFO_WRITE_ERR](#err_code--fifo_write_err) |
| 27 | | | Reserved |
| 27 | ro | 0x0 | [DRBG_CMD_SM_ERR](#err_code--drbg_cmd_sm_err) |
| 26 | ro | 0x0 | [CMD_GEN_CNT_ERR](#err_code--cmd_gen_cnt_err) |
| 25 | ro | 0x0 | [AES_CIPHER_SM_ERR](#err_code--aes_cipher_sm_err) |
| 24 | ro | 0x0 | [DRBG_UPDOB_SM_ERR](#err_code--drbg_updob_sm_err) |
Expand All @@ -579,18 +579,12 @@ Hardware detection of error conditions status register
| 20 | ro | 0x0 | [CMD_STAGE_SM_ERR](#err_code--cmd_stage_sm_err) |
| 19:16 | | | Reserved |
| 15 | ro | 0x0 | [SFIFO_CMDID_ERR](#err_code--sfifo_cmdid_err) |
| 14 | ro | 0x0 | [SFIFO_GGENBITS_ERR](#err_code--sfifo_ggenbits_err) |
| 14 | | | Reserved |
| 13 | ro | 0x0 | [SFIFO_GADSTAGE_ERR](#err_code--sfifo_gadstage_err) |
| 12 | ro | 0x0 | [SFIFO_GGENREQ_ERR](#err_code--sfifo_ggenreq_err) |
| 11 | ro | 0x0 | [SFIFO_GRCSTAGE_ERR](#err_code--sfifo_grcstage_err) |
| 12:11 | | | Reserved |
| 10 | ro | 0x0 | [SFIFO_GBENCACK_ERR](#err_code--sfifo_gbencack_err) |
| 9 | ro | 0x0 | [SFIFO_FINAL_ERR](#err_code--sfifo_final_err) |
| 8 | | | Reserved |
| 7 | ro | 0x0 | [SFIFO_BENCACK_ERR](#err_code--sfifo_bencack_err) |
| 6:5 | | | Reserved |
| 4 | ro | 0x0 | [SFIFO_KEYVRC_ERR](#err_code--sfifo_keyvrc_err) |
| 3 | ro | 0x0 | [SFIFO_RCSTAGE_ERR](#err_code--sfifo_rcstage_err) |
| 2 | | | Reserved |
| 8:2 | | | Reserved |
| 1 | ro | 0x0 | [SFIFO_GENBITS_ERR](#err_code--sfifo_genbits_err) |
| 0 | ro | 0x0 | [SFIFO_CMD_ERR](#err_code--sfifo_cmd_err) |

Expand All @@ -612,6 +606,12 @@ this register) are asserted as a result of an error pulse generated from
any full FIFO that has been received a write pulse.
This bit will stay set until the next reset.

### ERR_CODE . DRBG_CMD_SM_ERR
This bit will be set when the state machine in the ctr_drbg_cmd unit has entered
an illegal state.
This error will signal a fatal alert, and also an interrupt, if enabled.
This bit will stay set until the next reset.

### ERR_CODE . CMD_GEN_CNT_ERR
This bit will be set to one when a mismatch in any of the hardened counters
has been detected.
Expand Down Expand Up @@ -661,30 +661,12 @@ cmdid FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GGENBITS_ERR
This bit will be set to one when an error has been detected for the
ggenbits FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GADSTAGE_ERR
This bit will be set to one when an error has been detected for the
gadstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GGENREQ_ERR
This bit will be set to one when an error has been detected for the
ggenreq FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GRCSTAGE_ERR
This bit will be set to one when an error has been detected for the
grcstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GBENCACK_ERR
This bit will be set to one when an error has been detected for the
gbencack FIFO. The type of error is reflected in the type status
Expand All @@ -697,24 +679,6 @@ final FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_BENCACK_ERR
This bit will be set to one when an error has been detected for the
bencack FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_KEYVRC_ERR
This bit will be set to one when an error has been detected for the
keyvrc FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_RCSTAGE_ERR
This bit will be set to one when an error has been detected for the
rcstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.

### ERR_CODE . SFIFO_GENBITS_ERR
This bit will be set to one when an error has been detected for the
command stage genbits FIFO. The type of error is reflected in the type status
Expand Down
24 changes: 17 additions & 7 deletions hw/ip/csrng/dv/cov/csrng_cov_if.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,15 +243,15 @@ interface csrng_cov_if (
// If ERR_CODE register has SFIFO related field set, it also needs to set at least one
// FIFO_*_ERR field.
illegal_bins illegal = !binsof(cp_err_codes) intersect { CMD_STAGE_SM_ERR, MAIN_SM_ERR,
DRBG_GEN_SM_ERR, DRBG_UPDBE_SM_ERR,
DRBG_UPDOB_SM_ERR, AES_CIPHER_SM_ERR,
CMD_GEN_CNT_ERR } &&
binsof(cp_fifo_err_type) intersect { 0 };
DRBG_CMD_SM_ERR, DRBG_GEN_SM_ERR,
DRBG_UPDBE_SM_ERR, DRBG_UPDOB_SM_ERR,
AES_CIPHER_SM_ERR, CMD_GEN_CNT_ERR }
&& binsof(cp_fifo_err_type) intersect { 0 };

ignore_bins ignore = binsof(cp_err_codes) intersect { CMD_STAGE_SM_ERR, MAIN_SM_ERR,
DRBG_GEN_SM_ERR, DRBG_UPDBE_SM_ERR,
DRBG_UPDOB_SM_ERR, AES_CIPHER_SM_ERR,
CMD_GEN_CNT_ERR };
DRBG_CMD_SM_ERR, DRBG_GEN_SM_ERR,
DRBG_UPDBE_SM_ERR, DRBG_UPDOB_SM_ERR,
AES_CIPHER_SM_ERR, CMD_GEN_CNT_ERR };
}

cp_csrng_aes_fsm_err: coverpoint
Expand Down Expand Up @@ -365,6 +365,16 @@ interface csrng_cov_if (
ignore_bins invalid = binsof(cp_acmd) intersect { INV, GENB, GENU };
}

clen_glen_cross: cross cp_acmd, cp_clen, cp_glen {
Copy link
Contributor

@vogelpi vogelpi Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this!

Copy link
Contributor

@vogelpi vogelpi Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two suggestions:

  1. Explain a comment why this cross matters for the microarchitecture.
  2. Add one more bin each for clen (0 or non-zero) and glen (one block ore more than one block). I believe we want to make sure all relevant cases are hit.

bins gen_glen_clen = binsof(cp_acmd) intersect { GEN } &&
binsof(cp_clen) intersect { [1:$] } &&
binsof(cp_glen) intersect { [2:$] };
// We are only interested in Generate commands in this crosspoint (and glen has no meaning
// for all other commands)
ignore_bins ignore_other_cmds = binsof(cp_acmd) intersect
{ INS, UNI, UPD, RES, INV, GENB, GENU };
}

flags_clen_acmd_cross: cross cp_acmd, cp_flags, cp_clen {
// Use only Entropy Source seed
bins ins_only_entropy_src_seed = binsof(cp_flags) intersect { MuBi4False } &&
Expand Down
Loading
Loading