SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Last Update: 2024/07/02
- Caliptra Hardware Specification: Updated with LMS accelerator, ECC radix changes, Key Vault updates
- Caliptra Integration Specification updates to add clarity
- Caliptra README updates to tool versions, simulation instructions
- Update RDL register descriptions for clarity, accuracy in generated reg document
- Verification
- Update zeroize assertions
- Add X check assertions to all register files
- New assertions and firmware tests for LMS accelerator
- Formal Verification #493:
- ECC Montgomery updated to recent changes
- SHA512_masked update to entropy instead of LFSR
- SHA256 LMS extension verified
- Fixes for UVM caliptra_top test scenarios
- Mailbox SRAM initialization
- Assorted fixes for sequence access contention, error-checking, randomization constraints
- Added early mailbox command flow to emulate stash measurement functionality
- Fixes for UVM Key Vault test scenarios
- Update clear_secrets prediction
- RTL
- ECC radix48
- LMS accelerator
- SHA512 masking
- HMAC and HMAC_DRBG enhancements
- Masking for SHA512
- Modifications for clean Lint
- Replace casez with case
- Replace 2-state with 4-state typedefs, parameters, enums
- Replace 'reg' with 'logic' type
- Radix fixes for many signals
- Logical/boolean operator fixes
- Logic reorganization to resolve undriven ICache signals in RV core
- Fixes for redundant logic in RV core
- Logically equivalent code adjustments to resolve potential index-out-of-bounds errors
- Declare synthesizable package functions as automatic
- Declare names for unnamed generate blocks
- Update PeakRDL tool version and regenerate reg files to resolve lint issues
- Update HW_REV_ID bit-map and configure value to 1.1
[RTL] Add connection for JTAG TDO enable signal #415 #425
[ENTROPY_SRC] Entropy source sfifo signal unable to exit reset #503 #506
[PV] Async reset condition missing for nonce_offset_i
#339 #444 #483
[HMAC] Fixed leakage issue in HMAC #325 #429
[KV] Resolve a potential vulnerability in Key Vault usage #528
[JTAG] VeeR JTAG access only with debug unlocked; Caliptra JTAG access with debug unlocked or manufacturing #528
[JTAG] Enable JTAG interface to be used while boot FSM is halted at breakpoint #541
- Caliptra Hardware Specification: Markdown conversion
- Caliptra Integration specification update with synthesis warnings and jtag tck requirement
- Caliptra README updates to clarify test cases and running with VCS
- Makefile updates to support DPI compilation in VCS
- Verification
- Adding ECC, DOE, HMAC_DRBG and SHA512_masked formal Assertion IP
- JTAG with clock gating test cases
- Fixes for UVM caliptra_top test scenarios
- Fixes for UVM Key Vault test scenarios
- Updated synthesis tool from Design Compiler to Fusion Compiler (sanity checks only)
- RTL
- Remove TODO comments on caliptra_top ports
- Remove JTAG IDCODE command from RISC-V processor
[MBOX] Fix ICCM Uncorrectable ECC error driving hw_error_non_fatal bit for LSU reads
- Caliptra IP Specification: see docs/ folder
- Caliptra Integration Specification: see docs/ folder
- Caliptra testplan: see docs/ folder
- Data Vault
- RISC-V Timers
- mtime + mtimecmp implementation
- Watchdog timer configuration by SOC; escalate interrupts to error
- Reliability, Availability, Serviceability Features
- Connectivity for cptra_error_fatal/cptra_error_non_fatal interrupts
- Mailbox protocol violation detection and Error state
- SRAM ECC error detection and reporting for ICCM, DCCM, Mailbox
- Key clearing and system reset on fatal errors
- SOC Interface
- QSPI inout changed to input+output+enable
- FUSE PAUSER config registers and enforcement
- Reset Domain Crossing (RDC) fixes
- Reset-triggered clock gating on cross-domain registers
- Reset timing changes for noncore reset assertion
- Migrate most internal logic to the noncore reset domain
- Migrate APB interface to noncore reset domain
- FIPS compliance updates
- SHA Accelerator LOCK default to Caliptra-owned
- LMS Fuse
- SOC Stepping ID field in HW Revision
- Extended pcr_nonce from 32-bit to 256-bit
- TRNG Data Clear
- RISC-V Core
- Increase ROM size to 48KiB
- Added 2:1 AHB lite mux on LSU and SB buses to allow debug access to peripherals
- Timing Optimizations
- Remove PSEL loopback path in APB slave
- Remove unnecessary Mailbox SRAM ECC writeback path
- Validation enhancements
- SOC_IFC/Mailbox randomized regressions via UVM testbench
- SOC Interface Register validation via directed + random tests
- Coverage reporting and analysis for all interfaces, registers, FSM
- Automated GitHub action using OpenOCD for interactive JTAG debugging
- SHA Formal Verification
[CLK GATING] Fatal error should wake up clks
[CLK GATING] JTAG accesses need to wake up clocks
[DOE] add zeroize to clear all internal regs
[DOE] DOE IV reg needs hwclr input
[DOE] doe_fsm incr_dest_sel logic can be removed since FE now only takes up 12 dwords
[DOE] doe_fsm write_offset increments to 0xC
[DOE] Simplify kv_write dest_valid hardcoded value in doe_fsm
[ECC] ECC input register bound check
[ECC] ECC output register bound check
[ECC] ECC Public key validation check
[ECC] mismatch of final reduction in Mont. mult in the case of prime<= p_internal
[ECC] mismatch of modular addition result in the case of p<= a+b < 2^384
[ECC] remove FW read access to kv/privkey reg
[ECC} error trigger when pcr_sign ctrl input is set in keygen/verifying mode
[KV] Debug Mode and Scan Mode switch doesn't flush locked registers
[KV] Debug mode should flush KV even if core is asleep
[KV] Dest_valid and last_dword should check lock_use to clear along with lock_wr
[KV] KV may still contain secrets during scan mode
[KV] kv_reg.rdl still has 6 bits for dest_valid while we have 5 valid clients
[KV] KV->SHA ->FW read path and KV->HMAC->FW read path should NOT exist in the design
[KV] last dword of secret values stays in KV/crypto interface
[KV] Suppress writes to an entry altogether when it's being cleared
[MBOX] ECC error decode may detect error on mbox_sram when a write is in progress
[MBOX] First resp read data is zero after handling a command with DLEN > MBOX SIZE
[MBOX] HWCLR triggered by force-unlock has lower precedence than SW writes
[MBOX] Mailbox data length limiting reads is calculated incorrectly
[MBOX] Mailbox does not flag protocol error for attempted writes to DLEN
[MBOX] mailbox returns non-zero data in an overread case
[MBOX] New RAS feature to detect protocol violation incorrectly decodes certain reg accesses as errors
[MBOX] SOC can read mbox_dataout with stale data
[MBOX] Writes beyond the mailbox size overwrite the last data dword in mailbox memory
[MBOX] Writes to (a) unaligned addresses (b) size < AHB_DATA_WIDTH may corrupt memory
[MBOX] error_cmd_fail_sts.hwset is continuously set when mailbox protocol error occurs
[PCR] Extend PCR Nonce from 32-bit to 256-bit to protect replay attack
[PCR] PCR dword mismatch
[PCR] Update the reset of the 'lock' PCR control to the core reset domain (so that a FW update reset or warm reset can also unlock the PCR)
[PCR] zeroize doesn't take effect if is set with pcr at the same cycle
[SHA ACCEL] SoC requester can use mailbox mode
[SOC_IFC] Arbiter lets direct request dv through at the same time as soc ifc mailbox request causing deadlock
[SOC_IFC] Breakpoint is unreachable
[SOC_IFC] Fuse Registers can never be written using non-default values programmed in FUSE_VALID_PAUSER
[SOC_IFC] Generic Input Wires toggle (any bit) should trigger notification interrupt to uC
[SOC_IFC] INTERNAL_HW_ERROR_FATAL_MASK and INTERNAL_HW_ERROR_NON_FATAL_MASK allow writes to (and non-zero reads from) reserved fields.
[SOC_IFC] Mailbox ECC errors detected during SHA Accel direct accesses are not detected/corrected
[SOC_IFC] mbox_execute can be cleared by SOC at any point after acquiring lock
[SOC_IFC] uC can't write to CPTRA_FW_ERROR regs (Github issue #64)
[SOC_IFC] WDT may not correctly detect when uC services the timer expiration interrupt
[WDT] CPTRA_WDT_STATUS reg should be FW writeable so it can clear the flags
[WDT] First stage interrupt output should be "error_intr" instead of "notif_intr"
[WDT] WDT registers need to be on ungated clk
[AHB] AHB 2:1 Mux hangs with back to back transactions after a stall
[RST] scan_mode should not corrupt resets
[TOP] EL2 Mem interface is not instantiated with a modport at all levels
DISCALIMER: This is NOT A BUG-FREE MODEL YET. This is a 0p8 release model. Please see testplan document in docs folder to know the status of validation.
- Caliptra IP Specification: see docs/ folder
- Caliptra Integration Specification: see docs/ folder
- Caliptra testplan: see docs/ folder
- CHIPALLIANCE RISC-V Core - https://github.com/chipsalliance/Cores-VeeR-EL2/
- ICCM, DCCM enabled w/ 128KB each; Instruction Cache disabled; fast interrupt redirect enabled
- Cryptos (please see the spec for NIST compliance algorithms followed)
- HMAC384 – Caliptra consortium provided (built based on SHA384 block below)
- ECC384 – Based on secp384, Caliptra consortium provided
- HMAC-DRBG – Caliptra consortium provided (but built using HMAC384 above)
- Key Vault & PCR Vault – Caliptra consortium provided
- SHA384/SHA512 – https://github.com/secworks/sha512
- Deobfuscation block – Built on https://github.com/secworks/aes but NOT ROM/FW accessible
- SHA256 – https://github.com/secworks/sha256
- Side channel attack analysis and solutions where applicable (Plz see Caliptra IP specification for details)
- AHB-lite internal fabric
- Please see spec for decoding details of various blocks
- Key Vault, PCR Vault w/ HW PCR extension & Data Vault
- Interrupts from all peripherals (Cryptos, SOC mailbox, IOs, timers etc.)
- ICCM write locking
- TAP interface
- Idle Clock Gating
- Impactless update reset
- Mailbox SRAM ECC
- Security Assert Flushing in debug unlocked & scan modes
- SOC interface (APB, mailbox, architectural registers, fuse registers, external TRNG REQ, SHA384 acceleration) – Caliptra Consortium provided
- Lint clean to the rules published in the integration spec
- HTML (generated from RDLs) for all registers (internal registers, external facing architectural registers, fuse registers)
- RTL “Frozen” IP interface; Frozen SOC facing registers.
- All changes from hereon forth will require CHIPSALLIACE CALIPTRA WG approval
- WDT, Integrated TRNG, SPI (unused in BMD/passive mode)
- Validation Notes:
- DUT per crypto block and associated checkers
- Nightly regression on crypto blocks on-going
- Smoke tests for all of the above passing including bring up/boot of the caliptra IP (KV testing for ECC & SHA)
- UVMF for multiple DUT blocks and SOC interface
- DV complete for first cut of the boot & reset flows, Fuses, SOC registers, Crypto blocks, Key vault, PCR Vault, PCR extend, PCR signing, Mailbox
DISCLAIMER: This is NOT A BUG-FREE MODEL. This is a pre-0p8 development model that will be sync’d every week.
- Caliptra Hardware Specification: see docs/ folder
- Caliptra Integration Specification: see docs/ folder
- Caliptra testplan: see docs/ folder
- CHIPALLIANCE RISC-V Core - https://github.com/chipsalliance/Cores-VeeR-EL2/
- ICCM, DCCM enabled w/ 128KB each; Instruction Cache disabled; fast interrupt redirect enabled
- Cryptos (please see the spec for NIST compliance algorithms followed)
- HMAC384 – Caliptra consortium provided (built based on SHA384 block below)
- ECC384 – Based on secp384, Caliptra consortium provided
- HMAC-DRBG – Caliptra consortium provided (but built using HMAC384 above)
- Key Vault & PCR Vault – Caliptra consortium provided
- SHA384/SHA512 – https://github.com/secworks/sha512
- Deobfuscation block – Built on https://github.com/secworks/aes but NOT ROM/FW accessible
- SHA256 – https://github.com/secworks/sha256
- Side channel attack analysis and solutions where applicable (Plz see Caliptra IP specification for details)
- AHB-lite internal fabric
- Please see spec for decoding details of various blocks
- Key Vault, PCR Vault w/ HW PCR extension & Data Vault
- Interrupts from all peripherals (Cryptos, SOC mailbox, IOs, timers etc.)
- ICCM write locking
- TAP interface
- Idle Clock Gating
- Impactless update reset
- Mailbox SRAM ECC
- Security Assert Flushing in debug unlocked & scan modes
- SOC interface (APB, mailbox, architectural registers, fuse registers, external TRNG REQ, SHA384 acceleration) – Caliptra Consortium provided
- Lint clean to the rules published in the integration spec
- HTML (generated from RDLs) for all registers (internal registers, external facing architectural registers, fuse registers)
- RTL “Frozen” IP interface; Frozen SOC facing registers.
- All changes from hereon forth will require CHIPSALLIACE CALIPTRA WG approval
- Validation Notes:
- DUT per crypto block and associated checkers
- Nightly regression on crypto blocks on-going
- Smoke tests for all of the above passing including bring up/boot of the caliptra IP (KV testing for ECC & SHA)
- UVMF for multiple DUT blocks and SOC interface
- Add missing printf/ and includes/ directories to src/integration/test_suites which are required to run the tests
- Updated Version.txt and tar.gz
- CHIPALLIANCE RISC-V Core - https://github.com/chipsalliance/Cores-VeeR-EL2
- ICCM, DCCM enabled w/ 128KB each; Instruction Cache disabled; fast interrupt redirect enabled
- Cryptos (please see the spec for NIST compliance algorithms followed)
- HMAC384 – Caliptra consortium provided (built based on SHA384 block below)
- ECC384 – Based on secp384, Caliptra consortium provided
- HMAC-DRBG – Caliptra consortium provided (but built using HMAC384 above)
- Key Vault & PCR Vault – Caliptra consortium provided
- SHA384/SHA512 – https://github.com/secworks/sha512
- Deobfuscation block – Built on https://github.com/secworks/aes but NOT ROM/FW accessible
- SHA256 – https://github.com/secworks/sha256
- Side channel attack analysis and solutions where applicable (Plz see Caliptra IP specification for details)
- AHB-lite internal fabric
- Please see spec for decoding details of various blocks
- Interrupts from all peripherals (Cryptos, SOC mailbox, IOs, timers etc.)
- ICCM locking
- SOC interface (APB, mailbox, architectural registers, fuse registers, TRNG REQ protocol) – Caliptra Consortium provided
- Lint clean up is partially done
- HTML (generated from RDLs) for all registers (internal registers, external facing architectural registers, fuse registers)
- Stable IP interface (pending TRNG interface wires that is a new feature)
- Validation Notes:
- DUT per crypto block and associated checkers
- Nightly regression on crypto blocks on-going
- Smoke tests for all of the above passing including bring up/boot of the caliptra IP (KV testing for ECC & SHA are pending)
- UVMF for multiple DUT blocks and SOC interface
- NOTE: 0p8 release will have stress validation on SOC interface with random resets, clock gating, impactless update crossed with mailbox protocol etc.