Earlgrey-PROD.M2
andreaskurth
released this
08 Apr 09:48
·
3245 commits
to master
since this release
Overview
The Earlgrey-PROD.M2 milestone stabilizes the feature set and architecture of Earlgrey and its IP blocks for the production tapeout. After this milestone, the focus shifts to the completion of security hardening and design verification. All hardware IP blocks have been signed off at least at the D2 and V1 development stages. IP blocks that have not had major changes since Earlgrey-ES tapeout have been signed off at D2S (or even D3) and V2S.
Major changes since Earlgrey-ES tapeout include:
- Architectural optimizations to reduce area (overview in #22025).
- Removal of the S&P layer from data scrambling of ROM and SRAMs (overview in #20788).
- Support for late debug enablement on DEV lifecycle devices (overview in #20829).
- Replacement of LFSR-based PRNGs by Bivium stream cipher primitives for masking countermeasures in AES and KMAC (overview in #19091).
- Interrupts from multiple HW IP blocks were changed from event type to status type to improve the programming model (overview in #15378).
- HMAC: Enabling SW context switching via save & restore (#21307) and additional digest modes (SHA-2 256/384/512) and key lengths (256/384/512/1024-bit) (#21604).
- I2C, SPI Device, and USBDEV: Multiple improvements and fixes to improve the programming model and increase standard compliance (details for each block below).
- SPI Device: Removal of generic mode to permit optimizations of the other modes (#20856).
Detailed Changelog
Earlgrey Top-Level Design
- The volatile raw unlock feature was disabled (#21372).
- The CC pins were changed to 5V-tolerant pad cells (#21695).
- The DFT strap pins were changed from IOC3 and IOC4 to IOR5 and IOR7, respectively (#21727).
FPGA Emulation
- Earlgrey was brought up on the CW340 (#19295).
- The base clock frequency on the CW310 was increased to 24 MHz (#19368).
ROM
- The retention SRAM was rearranged (#21587).
- The 64k ROM_EXT code size restriction was removed (#21831).
- ECDSA P256 support was added to the manifest (#21833).
- As part of moving root keys to OTP, the ROM key types were refactored (#21901), a module to load keys from OTP was added (#21902), and SPX+ keys were moved to OTP (#22066).
- The number of RSA keys was reduced to three to save ROM space (#22058).
- A naming bug in manifest extension getters was fixed (#22061).
adc_ctrl
- An issue related to sampling during low-power states was fixed, so that adc_ctrl does not accidentally get stuck in normal-power sampling mode while the chip remains in deep sleep (#21829).
- A FSM state observability CSR was added for debugging purposes (#21829)
- An interrupt with wakeup capability was added so that transitions from low power to normal power can be detected. This is mainly intended for debugging purposes (#21829).
- The single collated IRQ (which adc_ctrl generates from multiple internal sources) was converted from edge-based to level, so that SW doesn’t have to clear multiple IRQ status bits when handling an interrupt (#21872).
aes
- The implementation of the PRNG was changed from multiple LFSRs to the Bivium stream cipher to prevent brute-forcing attacks on the PRNG state (#19091).
aon_timer
- The size of the wakeup counter was increased to 64 bits (#21746).
clkmgr
- Clock buffers on all root clocks feeding into clkmgr was inserted to facilitate the hookup of on-chip clock controllers (OCC) (#21100).
csrng
edn
- The SW_CMD_STS CSR was reworked to fix and improve edn’s SW API (#20873).
- Microarchitectural optimizations to reduce area without functional impact (#21142).
- Not all recoverable alerts were sent to alert_handler, which was fixed (#21187).
- The handling of backpressure and status response from csrng was fixed, for which a new recoverable alert source (CSRNG_ACK_ERR status bit) and a new HW_CMD_STS CSR were added (#21142, #21280).
entropy_src
- The FIPS bit exposed to HW and SW was changed to SW-configurable (#21369).
- The 1-to-4 esbit packer was moved to after the health tests to streamline the hardware-based health testing in single-channel mode (#21626).The handling of backpressure in the internal pipeline and to the noise source was fixed (#21685 and #21799).
- The CSRNG AES halt request interface was fixed to reduce power spikes (#21787).
- Microarchitectural optimizations to reduce area without functional impact (#22041).
flash_ctrl
- The DIS CSR was changed from RW0C to RW1S (#20042).
- The microarchitecture was changed to share the scrambling module among flash banks (#22045, #22091, #22276).
- Four interrupts (prog_empty, prog_lvl, rd_full, rv_lvl) were changed to status type (#21226).
hmac
- Saving & restoring of the context (preliminary digest and message length), which allows SW to switch between different parallel message streams, was added (#21307).
- SHA-2 384 and SHA-2 512 were added (previously only SHA-2 256 was supported), along with integrating the SHA-2 multi-mode primitive into the HMAC (#21107), and the key length was made configurable between 128 bit, 256 bit, 384 bit, 512 bit, and 1024 bit (#21604).
- CSRs: The KEY CSR was extended to 32 32-bit registers, DIGEST CSR was extended to 16 32-bit registers, and the MSG_FIFO depth was extended to 1024 items (#21604). DIGEST_SIZE and KEY_LENGTH fields were added to the CFG CSR (#21604). HASH_STOP and HASH_CONTINUE fields were added to the CMD CSR (#21307).
- The fifo_empty interrupt was changed to status type (#21809).
i2c
- The READ field of the FDATA CSR was renamed to READB to prevent namespace collisions in DV code (#19721).
- The fmt_threshold and rx_threshold interrupts were changed to status type (#21621).
- Threshold interrupts were added for the target FIFOs (acq_threshold and tx_threshold) with status type (#21621).
- The fmt_overflow and tx_overflow interrupts were removed because they were not useful (#21621).
- The threshold configuration and level indicator CSR fields were extended to support up to 256-entry deep FIFOs (#21621).
- The fall time of SCL and SDA, tf, had been counted twice in the calculation of the clock pulse time, which was fixed (#21765).
- The depth of the ACQ FIFO was increased to 268 entries, so that the HW can absorb a max-length SMBus Block Write without SW intervention (#21789).
- Prediction of target clock stretching was added to the host-mode FSM, in order to align throughput with the timing parameters (#21813).
- A TXRST_ON_COND bit, through which SW can instruct the HW to automatically reset the TX FIFO if it observes a Stop or Repeated Start condition in target mode, was added to the TARGET_FIFO_CONFIG CSR (#21827).
- A TARGET_TIMEOUT_CTRL CSR, through which SW can limit the time for which the HW stretches SCL in target mode, was added (#21857). When HW reaches this timeout, it will NACK the byte and return to the idle state.
- The host FSM was changed to halt and stretch SCL upon receiving a NACK and only proceed once SW has acknowledged the resulting interrupt or a timeout expires, which SW can configure in the newly added HOST_NACK_HANDLER_TIMEOUT CSR and HOST_DISABLED_NACK_TIMEOUT bit in the STATUS CSR (#22049).
- The controller FSM was changed to reject a Start or Stop condition if SCL changes too soon after an SDA transition, in order to fix possible misbehavior when the hold time for SDA is 0 (#22106).
- The width of the TARGET_NACK_COUNT CSR was reduced from 32 to 8 bits because it had been overly wide (#22107).
- The storage microarchitecture of the FIFOs was changed from flip-flops to a single single-port SRAM (#22216) with 464 entries (#22232) to reduce area.
keymgr
- The valid signal for creator root key shares was split, so that each share now has its own valid signal (#20924).
kmac
- Issues around EDN timeouts were fixed (#19248).
- The masking of the Keccak core was improved and the PRNG was changed from an LFSR-based implementation to the Bivium stream cipher to prevent brute-forcing attacks on the PRNG state (#21624 and #22021).
- The fifo_empty interrupt was changed to status type (#21657).
lc_ctrl
- A CDC bug in lc_ctrl’s kmac interface was fixed (#19202).
- Transitions to the SCRAP lifecycle state are now allowed even if the maximum number of lifecycle transitions is reached (#21213).
- RMA acknowledge signals were changed from a daisy chain through multiple modules to one directly-connected signal per module (#21267).
- Diversification values were uniquified so that each of the TEST_UNLOCKED, DEV, and RMA lifecycle states now has a unique random netlist constant (#21372).
otbn
- Interpretation of the lc_rma_req and lc_escalate_en signals was fixed, to ensure that values other an On are interpreted as Off for non-escalation LC signals (#19628, #21272).
- The S&P layer was removed from data scrambling of the instruction and the data memory (#20855).
- Loop control was changed so that commit doesn’t factor into prefetch (#20957).
- Logic driving state_reset was simplified to ease timing (#20957).
- Instruction memory fetch logic for branches was reworked, primarily for X propagation reasons (#20957).
- Timing on instruction memory requests was improved by preventing errors from factoring into outputs of the instruction memory request (#20957).
- Timing on base register file data outputs was fixed (#20957).
otp_ctrl
- Substantial refactoring of the generation tooling for RTL and DV code without changing the functionality.
- A new OTP item, OWNER_SW_CFG_ROM_EXT_RECOVERY_EN, was added (#19133).
- The OWNER_SW_CFG_ROM_EXT_RECOVERY_EN OTP item was renamed to OWNER_SW_CFG_ROM_EXT_BOOTSTRAP_EN (#19209).
- Digest CSR and CSR read-enable assignments were made parametrizable (#20905).
- Support for SW partitions without a digest was added (#20905).
- Support for disabling integrity on a partition was added (#20905) and filters for ECC errors on them were added (#21256).
- The ERR_CODE CSR was changed to non-compact (#20905).
- Support for multiple HW_CFG partitions was added (#20906).
- An out-of-bounds error in the DAI (which was not hit before) was fixed and Xprop was fixed (#20906).
- Support for creator/owner seeds was added (#20924).
- The secret partition LC lock was made more generic (#20924).
- The offset of SW_CFG_WINDOW was changed from 0x1000 to 0x800 (#21040).
- The DAI registers were made software-lockable (#21059).
- The EN_ENTROPY_SRC_FW_READ and EN_ENTROPY_SRC_FW_OVER OTP fields were removed (#21118).
- A second HW_CFG partition was added and EnCsrngSwAppRead and EnSramIfetch were moved there (#21232).
- Two new SW partitions for ROM keys were added (#21270).
rom_ctrl
- The S&P layer was removed from data scrambling (#20855).
rv_core_ibex
- The SW_FATAL_ERR CSR was changed to RW1S (#20042).
- Encoding of register file addresses was changed to one-hot to improve fault injection resilience (lowRISC/ibex#2117).
- Lockstep enable was changed from a single-bit signal to a four-bit signal to improve fault injection resilience (lowRISC/ibex#2129).
- The S&P layer was removed from data scrambling of the instruction cache (lowRISC/ibex#2130).
rv_dm
- The option to enable debug late (i.e., after certain code has already run without debug access) in the DEV lifecycle was added (#21964).
- Tracking of non-debug-module reset completion was implemented (#22038).
sensor_ctrl
- An enable register for AST alerts (ALERT_EN) was added (#21870).
spi_device
- Generic mode was removed to permit optimizations of the flash and TPM modes (#20856).
- Divide SRAM into egress and ingress sections, with write-only and read-only software access, respectively (#20942).
- A 2-stage pipeline was added to break the combinational path for passthrough (particularly quad output) reads (#20966).
- Address mode synchronization was fixed (#21119).
- Synchronization of status bits was fixed (#21120).
- All timing mode CSRs were removed because spi_device now only supports mode 0 (#21161).
- TPM command handling was fixed, and read and write data were moved to the SRAM, with corresponding changes to the software interface (#21322).
- Separate constraints for TPM and fast passthrough were added (#21595).
- A mechanism to reset the flash read buffer was added (#21701).
spi_host
- The spi_event interrupt was changed to status type (#21278).
- A case of wrong status reported for the TX FIFO was fixed (#21325).
- Toggling of the TX line during Standard-mode RX-only segments was fixed (#22040).
sram_ctrl
- Synchronizers were added on LC/MuBi input signals (#19120).
- The S&P layer was removed from data scrambling (#20855).
- An RW1C status CSR for scrambling key rotation (SCR_KEY_ROTATED) was added (#20866).
sysrst_ctrl
- The IRQ synchronization mechanism was reworked and the IRQ was converted to status type (#21934).
uart
- The watermark interrupts (tx_watermark, rx_watermark) were changed to status type (#21632).
usbdev
- The implementation of the packet buffer was changed from a two-port to a single-port SRAM (#19857).
- The FSM was changed to truncate RX after receiving a PRE PID (#19195).
- Two CSRs (out_data_toggle and in_data_toggle) were added to save and restore IN and OUT data toggles to support resuming communications after deep sleep (#19269).
- Support for separate ‘Available Buffer’ FIFOs for regular OUT DATA packets and SETUP DATA packets being received by the device was added (#21229, #22181).
- The pkt_received, pkt_sent, link_resume, av_out_empty, and rx_full interrupts were changed to status type (#21237, #21607).
- Support for the safe retraction of IN packets was implemented (#21771, #21983).
- The fifo_ctrl CSR was added so that SW can reset the internal FIFO buffers (#21791).
- A bus_not_idle signal from the wakeup module to usbdev was added (#22019).
- Diagnostic and performance counters were added (#22118).