` argument to simulation
+
## **Regression Tests** ##
-Only tests from the L0 Regression List should be run.
+### Standalone SystemVerilog Testbench Regression ###
+Only tests from the L0 Regression List should be run.
+The list is defined in the file [L0_regression.yml](https://github.com/chipsalliance/caliptra-rtl/blob/main/src/integration/stimulus/L0_regression.yml)
+
+### UVM Regression ###
+The UVM simulation environment for `caliptra_top` uses a special set of validation firmware to generate stimulus as required for the test plan. This firmware suite is found in `src/integration/test_suites` and includes:
+ - `caliptra_top`: A C-based program that emulates a minimal set of bringup functions similar to the function of the ROM. This C file transitions very early to either a the FMC image or Runtime image based on bringup (reset reason) conditions.
+ - `caliptra_fmc`: A C-based program that emulates the functionality of the First Mutable Code. In this reduced-functionality validation implementation, the FMC code is a simple intermediary that runs from ICCM and serves to boot the Runtime Firmware.
+ - `caliptra_rt`: A C-based program that emulates the functionality of the production Runtime code. This program receives and services interrupts, defines a minimal Non-Maskable Interrupt handler, generates FW resets as needed, processes mailbox commands (generated through the UVM validation test plan), and runs some baseline Watchdog Timer testing.
+
+These three programs are designed to be run within the context of a UVM simulation, and will fail to generate meaningful stimulus in the standalone `caliptra_top_tb` test.
+
## **NOTES** ##
* The internal registers are auto rendered at the [GitHub page](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs)
diff --git a/Release_Notes.md b/Release_Notes.md
index 3dc7c388d..d390c9210 100644
--- a/Release_Notes.md
+++ b/Release_Notes.md
@@ -14,11 +14,11 @@ See the License for the specific language governing permissions and
limitations under the License.*_
# **Release Notes** #
-_*Last Update: 2023/09/13*_
+_*Last Update: 2023/11/02*_
-## Rev 1p0 ##
+## Rev 1p0-rc1 ##
-### Rev 1p0 release date: (pending ROM release for official declaration) ###
+### Rev 1p0-rc1 release date: 2023/11/03 (1p0 version pending ROM release for official declaration) ###
- Caliptra IP Specification: see docs/ folder
- Caliptra Integration Specification: see docs/ folder
- Caliptra testplan: see docs/ folder
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..a7ac201ef
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Caliptra Project Security Incident Response
+
+Please refer to the security policy at [Caliptra security policy](https://github.com/chipsalliance/caliptra/security/policy).
diff --git a/docs/CaliptraHardwareSpecification.md b/docs/CaliptraHardwareSpecification.md
new file mode 100644
index 000000000..55f9068bc
--- /dev/null
+++ b/docs/CaliptraHardwareSpecification.md
@@ -0,0 +1,1536 @@
+
+
+Caliptra Hardware Specification
+
+Version 0.5
+
+
+
+# Scope
+
+This document defines technical specifications for a Caliptra RoT for Measurement (RTM)[1] cryptographic subsystem used in the Open Compute Project (OCP). This document, along with [Caliptra: A Datacenter System on a Chip (SoC) Root of Trust (RoT)](https://chipsalliance.github.io/Caliptra/doc/Caliptra.html), shall comprise the Caliptra technical specification.
+
+# Overview
+
+This document provides definitions and requirements for a Caliptra cryptographic subsystem. The document then relates these definitions to existing technologies, enabling device and platform vendors to better understand those technologies in trusted computing terms.
+
+# Caliptra Core
+
+The following figure shows the Caliptra Core.
+
+*Figure 1: Caliptra Block Diagram*
+
+TODO: add figures
+
+## Boot FSM
+
+The Boot FSM detects that the SoC is bringing Caliptra out of reset. Part of this flow involves signaling to the SoC that Caliptra is awake and ready for fuses. After fuses are populated and the SoC indicates that it is done downloading fuses, Caliptra can wake up the rest of the IP by de-asserting the internal reset.
+
+The following figure shows the initial power-on arc of the Mailbox Boot FSM.
+
+*Figure 2: Mailbox Boot FSM state diagram*
+
+The Boot FSM first waits for the SoC to assert cptra\_pwrgood and de-assert cptra\_rst\_b. In the BOOT\_FUSE state, Caliptra signals to the SoC that it is ready for fuses. After the SoC is done writing fuses, it sets the fuse done register and the FSM advances to BOOT\_DONE.
+
+BOOT\_DONE enables Caliptra reset de-assertion through a two flip-flop synchronizer.
+
+## FW update reset (Impactless FW update)
+
+Runtime FW updates write to fw\_update\_reset register to trigger the FW update reset. When this register is written, only the RISC-V core is reset using cptra\_uc\_fw\_rst\_b pin and all AHB slaves are still active. All registers within the slaves and ICCM/DCCM memories are intact after the reset. Since ICCM is locked during runtime, it must be unlocked after the RISC-V reset is asserted. Reset is deasserted synchronously after a programmable number of cycles (currently set to 5 clocks) and normal boot flow updates the ICCM with the new FW from the mailbox SRAM. Reset de-assertion is done through a two flip-flop synchronizer. The boot flow is modified as shown in the following figure.
+
+*Figure 3: Mailbox Boot FSM state diagram for FW update reset*
+
+After Caliptra comes out of global reset and enters the BOOT\_DONE state, a write to the fw\_update\_reset register triggers the FW update reset flow. In the BOOT\_FWRST state, only the reset to the VeeR core is asserted, ICCM is unlocked and the timer is initialized. After the timer expires, the FSM advances from the BOOT\_WAIT to BOOT\_DONE state where the reset is deasserted.
+
+| Control register | Start address | Description |
+| :------- | :---------- | :--------- |
+| FW_UPDATE_RESET | 0x30030418 | Register to trigger the FW update reset flow. Setting it to 1 starts the Boot FSM. The field auto-clears to 0. |
+| FW_UPDATE_RESET_WAIT_CYCLES | 0x3003041C | Programmable wait time to keep the microcontroller reset asserted. |
+
+## RISC-V core
+
+The RISC-V core is VeeR EL2 from CHIPS Alliance. It is a 32-bit CPU core that contains a 4-stage, scalar, in-order pipeline. The core supports RISC-V’s integer(I), compressed instruction(C), multiplication and division (M), instruction-fetch fence, CSR, and subset of bit manipulation instructions (Z) extensions. A link to the RISC-V VeeR EL2 Programmer’s Reference Manual is provided in the [References](#references) section.
+
+### Configuration
+
+The RISC-V core is highly configurable and has the following settings.
+
+| Parameter | Configuration |
+| :---------------------- | :------------ |
+| Interface | AHB-Lite |
+| DCCM | 128 KiB |
+| ICCM | 128 KiB |
+| I-Cache | Disabled |
+| Reset Vector | 0x00000000 |
+| Fast Interrupt Redirect | Enabled |
+| External Interrupts | 31 |
+
+### Embedded memory export
+
+Internal RISC-V SRAM memory components are exported from the Caliptra subsystem to support adaptation to various fabrication processes. For more information, see the [Caliptra Integration Specification](https://github.com/chipsalliance/caliptra-rtl/blob/main/docs/CaliptraIntegrationSpecification.md).
+
+#### Memory map address regions
+
+The 32-bit address region is subdivided into 16 fixed-sized, contiguous 256 MB regions. The following table describes the address mapping for each of the AHB devices that the RISC-V core interfaces with.
+
+| Subsystem | Address size | Start address | End address |
+| :------------------ | :----------- | :------------ | :---------- |
+| ROM | 48 KiB | 0x0000_0000 | 0x0000_BFFF |
+| Cryptographic | 512 KiB | 0x1000_0000 | 0x1007_FFFF |
+| Peripherals | 32 KiB | 0x2000_0000 | 0x2000_7FFF |
+| SoC IFC | 256 KiB | 0x3000_0000 | 0x3003_FFFF |
+| RISC-V Core ICCM | 128 KiB | 0x4000_0000 | 0x4001_FFFF |
+| RISC-V Core DCCM | 128 KiB | 0x5000_0000 | 0x5001_FFFF |
+| RISC-V MM CSR (PIC) | 256 MiB | 0x6000_0000 | 0x6FFF_FFFF |
+
+##### Cryptographic subsystem
+
+The following table shows the memory map address ranges for each of the IP blocks in the cryptographic subsystem.
+
+| IP/Peripheral | Slave \# | Address size | Start address | End address |
+| :---------------------------------- | :------- | :----------- | :------------ | :---------- |
+| Cryptographic Initialization Engine | 0 | 32 KiB | 0x1000_0000 | 0x1000_7FFF |
+| ECC Secp384 | 1 | 32 KiB | 0x1000_8000 | 0x1000_FFFF |
+| HMAC384 | 2 | 4 KiB | 0x1001_0000 | 0x1001_0FFF |
+| Key Vault | 3 | 8 KiB | 0x1001_8000 | 0x1001_9FFF |
+| PCR Vault | 4 | 8 KiB | 0x1001_A000 | 0x1001_BFFF |
+| Data Vault | 5 | 8 KiB | 0x1001_C000 | 0x1001_DFFF |
+| SHA512 | 6 | 32 KiB | 0x1002_0000 | 0x1002_7FFF |
+| SHA256 | 13 | 32 KiB | 0x1002_8000 | 0x1002_FFFF |
+
+##### Peripherals subsystem
+
+The following table shows the memory map address ranges for each of the IP blocks in the peripherals’ subsystem.
+
+| IP/Peripheral | Slave \# | Address size | Start address | End address |
+| :------------ | :------- | :----------- | :------------ | :---------- |
+| QSPI | 7 | 4 KiB | 0x2000_0000 | 0x2000_0FFF |
+| UART | 8 | 4 KiB | 0x2000_1000 | 0x2000_1FFF |
+| CSRNG | 15 | 4 KiB | 0x2000_2000 | 0x2000_2FFF |
+| ENTROPY SRC | 16 | 4 KiB | 0x2000_3000 | 0x2000_3FFF |
+
+##### SoC interface subsystem
+
+The following table shows the memory map address ranges for each of the IP blocks in the SoC interface subsystem.
+
+| IP/Peripheral | Slave \# | Address size | Start address | End address |
+| :------------------------- | :------- | :----------- | :------------ | :---------- |
+| Mailbox SRAM Direct Access | 10 | 128 KiB | 0x3000_0000 | 0x3001_FFFF |
+| Mailbox CSR | 10 | 4 KiB | 0x3002_0000 | 0x3002_0FFF |
+| SHA512 Accelerator CSR | 10 | 4 KiB | 0x3002_1000 | 0x3002_1FFF |
+| Mailbox | 10 | 64 KiB | 0x3003_0000 | 0x3003_FFFF |
+
+##### RISC-V core local memory blocks
+
+The following table shows the memory map address ranges for each of the local memory blocks that interface with RISC-V core.
+
+| IP/Peripheral | Slave \# | Address size | Start address | End address |
+| :-------------- | :------- | :----------- | :------------ | :---------- |
+| ICCM0 (via DMA) | 12 | 128 KiB | 0x4000_0000 | 0x4001_FFFF |
+| DCCM | 11 | 128 KiB | 0x5000_0000 | 0x5001_FFFF |
+
+#### Interrupts
+
+The VeeR-EL2 processor supports multiple types of interrupts, including non-maskable interrupts (NMI), software interrupts, timer interrupts, external interrupts, and local interrupts. Local interrupts are events not specified by the RISC-V standard, such as auxiliary timers and correctable errors.
+
+Caliptra uses NMI in conjunction with a watchdog timer to support fatal error recovery and system restart. For more information, see the [Watchdog timer](#watchdog-timer) section.
+
+Software and local interrupts are not implemented in the first generation of Caliptra. Standard RISC-V timer interrupts are implemented using the mtime and mtimecmp registers defined in the RISC-V Privileged Architecture Specification. Both mtime and mtimecmp are included in the soc\_ifc register bank, and are accessible by the internal microprocessor to facilitate precise timing tasks. Frequency for the timers is configured by the SoC using the dedicated timer configuration register, which satisfies the requirement prescribed in the RISC-V specification for such a mechanism. These timer registers drive the timer\_int pin into the internal microprocessor.
+
+##### Non-maskable interrupts
+
+ 0p8 describe a register bank that may be used to dynamically configure the NMI reset vector. (i.e., where the PC resets to).
+
+##### External interrupts
+
+Caliptra uses the external interrupt feature to support event notification from all attached peripheral components in the subsystem. The RISC-V processor supports multiple priority levels (ranging from 1-15), which allows firmware to configure interrupt priority per component.
+
+Errors and notifications are allocated as interrupt events for each component, with error interrupts assigned a higher priority and expected to be infrequent.
+
+Notification interrupts are used to alert the processor of normal operation activity, such as completion of requested operations or arrival of SoC requests through the shared interface.
+
+Vector 0 is reserved by the RISC-V processor and may not be used, so vector assignment begins with Vector 1. Bit 0 of the interrupt port to the processor corresponds with Vector 1.
+
+| IP/Peripheral | Interrupt vector | Interrupt priority example
(Increasing, Max 15) |
+| :-------------------------------------------------- | :--------------- | :---------------------------------------------- |
+| Cryptographic Initialization Engine (Errors) | 1 | 8 |
+| Cryptographic Initialization Engine (Notifications) | 2 | 7 |
+| ECC (Errors) | 3 | 8 |
+| ECC (Notifications) | 4 | 7 |
+| HMAC (Errors) | 5 | 8 |
+| HMAC (Notifications) | 6 | 7 |
+| KeyVault (Errors) | 7 | 8 |
+| KeyVault (Notifications) | 8 | 7 |
+| SHA512 (Errors) | 9 | 8 |
+| SHA512 (Notifications) | 10 | 7 |
+| SHA256 (Errors) | 11 | 8 |
+| SHA256 (Notifications) | 12 | 7 |
+| QSPI (Errors) | 13 | 4 |
+| QSPI (Notifications) | 14 | 3 |
+| UART (Errors) | 15 | 4 |
+| UART (Notifications) | 16 | 3 |
+| RESERVED | 17 | 4 |
+| RESERVED | 18 | 3 |
+| Mailbox (Errors) | 19 | 8 |
+| Mailbox (Notifications) | 20 | 7 |
+
+## Watchdog timer
+
+The primary function of Caliptra Watchdog Timer (WDT) is to reset the microcontroller (Caliptra), in the event of a software malfunction, by resetting the device if it has not been cleared in software. It is a two-stage timer, independent of the RISCV core.
+
+### Operation
+
+The WDT consists of two timers. When enabled in cascade mode (done by enabling Timer 1 alone), the WDT increments Timer 1 until the counter rolls over or times out. Typically, the timer is serviced at regular intervals to prevent it from overflowing or rolling over. If Timer 1 has not timed out, Timer 2 is disabled and held at its initial value. However, when Timer 1 does roll over, it triggers an error interrupt to the RISC-V core. In parallel, Timer 2 is enabled and begins counting. If the interrupt is serviced before Timer 2 times out, the timers are reset and continue to operate normally. If Timer 2 times out, it asserts an SoC fatal error and an NMI. The SoC fatal error is also captured in the CPTRA\_HW\_ERROR\_FATAL register, which can be cleared by the SoC by writing a 1. A warm reset is required by the SoC to reset the timers when Timer 2 times out.
+
+The WDT timers can be configured to operate independent of each other. When the enable register for Timer 2 is set, the default configuration of cascaded timers is disabled and both timers count independently of each other. In this case, a timeout on Timer 2 causes an error interrupt to the RISC-V core similar to Timer 1. Disabling Timer 2 configures the timers back into the default cascaded mode.
+
+Each timer has an enable bit, a restart bit, and a 64-bit timeout value register that can be programmed as needed. The restart bit is used to service the timers and restart counting. The timeout period registers can be configured to the desired upper bound of timers.
+
+If the WDT timers are disabled and then re-enabled with a new timeout period, they must be restarted by setting the appropriate control register (restart bit). If the timers are temporarily disabled and re-enabled with the same timeout period, they resume counting and do not restart from 0.
+
+For more details regarding the register interface to control the WDT, see the [register documentation](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.soc_ifc_reg) published in the RTL GitHub repository.
+
+The following figure shows the two timers.
+
+*Figure 4: Caliptra Watchdog Timer*
+
+### Prescale settings
+
+Assuming a clock source of 500 MHz, a timeout value of 32’hFFFF\_FFFF results in a timeout period of ~8.5 seconds. Two 32-bit registers are provided for each timer, allowing a 64-bit timeout period to be programmed for each timer. This accommodates a maximum timeout value of over 1000 years for the same 500 Mhz clock source.
+
+### Microcontroller interface
+
+The Caliptra microcontroller communicates with the mailbox through its internal AHB-Lite fabric.
+
+#### AHB-lite interface
+
+AHB-lite is a subset of the full AHB specification. It is primarily used in single master systems. This interface connects VeeR EL2 Core (LSU master) to the slave devices as shown in Figure 1.
+
+The interface can be customized to support variable address and data widths, and a variable number of slave devices. Each slave device is assigned an address range within the 32-bit address memory map region. The interface includes address decoding logic to route data to the appropriate AHB slave device based on the address specified.
+
+The integration parameters for Caliptra’s AHB-lite interface are shown in the following table.
+
+| Parameter | Value |
+| :------------ | :---- |
+| ADDRESS_WIDTH | 32 |
+| DATA_WIDTH | 64 |
+| NUM_OF_SLAVES | 17 |
+
+Each IP component in the Caliptra system uses a native AHB data width of 32-bits (1 dword). The AHB responder logic in each IP component contains width conversion logic that transforms from the fabric data width of 64-bits to this native 32-bit width. The conversion involves calculating the dword offset (either 0 or 1) relative to the native 64-bit width by evaluating bit [2] of the address line. This information is used to extract the correct 32-bits from the native write data line. If there is a data offset, data is shifted down by 32-bits; otherwise, the upper 32-bits are simply truncated. This new dword-address is passed to the internal register interface along with the dword-sized data. A similar conversion works in reverse to correctly place read data in the response data line from the responder.
+
+As a result of this implementation, 64-bit data transfers are not supported on the Caliptra AHB fabric. Firmware running on the internal microprocessor may only access memory and registers using a 32-bit or smaller request size, as 64-bit transfer requests will be corrupted.
+
+### Cryptographic subsystem
+
+For details, see the [Cryptographic subsystem architecture](#cryptographic-subsystem-architecture) section.
+
+### Peripherals subsystem
+
+Caliptra includes QSPI and UART peripherals that are used to facilitate alternative operating modes and debug. In the first generation, Caliptra includes code to enable QSPI in the RTL, but does not support the BMI profile. Therefore, QSPI must not be enabled. Similarly, the UART interface exists to facilitate firmware debug in an FPGA prototype, but should be disabled in final silicon. SystemVerilog defines used to disable these peripherals are described in the [Caliptra Integration Specification](https://github.com/chipsalliance/caliptra-rtl/blob/main/docs/CaliptraIntegrationSpecification.md). Operation of these peripherals is described in the following sections.
+
+#### QSPI Flash Controller
+
+Caliptra implements a QSPI block that can communicate with 2 QSPI devices. This QSPI block is accessible to FW over the AHB-lite Interface.
+
+The QSPI block is composed of the spi\_host implementation. For information, see the [SPI\_HOST HWIP Technical Specification](https://opentitan.org/book/hw/ip/spi_host/index.html). The core code (see [spi\_host](https://github.com/lowRISC/opentitan/tree/master/hw/ip/spi_host)) is reused but the interface to the module is changed to AHB-lite and the number of chip select lines supported is increased to 2. The design provides support for Standard SPI, Dual SPI, or Quad SPI commands. The following figure shows the QSPI flash controller.
+
+*Figure 5: QSPI flash controller*
+
+#### Operation
+
+Transactions flow through the QSPI block starting with AHB-lite writes to the TXDATA FIFO. Commands are then written and processed by the control FSM, orchestrating transmissions from the TXDATA FIFO and receiving data into the RXDATA FIFO.
+
+The structure of a command depends on the device and the command itself. In the case of a standard SPI device, the host IP always transmits data on qspi\_d\_io[0] and always receives data from the target device on qspi\_d\_io[1]. In Dual or Quad modes, all data lines are bi-directional, thus allowing full bandwidth in transferring data across 4 data lines.
+
+A typical SPI command consists of different segments that are combined as shown in the following example. Each segment can configure the length, speed, and direction. As an example, the following SPI read transaction consists of 2 segments.
+
+*Figure 6: SPI read transaction segments*
+
+| Segment \# | Length (Bytes) | Speed | Direction | TXDATA FIFO | RXDATA FIFO |
+| :--------- | :------------- | :------- | :---------------- | :----------- | :----------------- |
+| 1 | 4 | standard | TX
qspi_d_io\[0\] | \[0\] 0x3 (ReadData)
\[1\] Addr\[23:16\]
\[2\] Addr\[15:8\]
\[3\] Addr\[7:0\] | |
+| 2 | 1 | standard | RX
qspi_d_io\[1\] | | \[0\] Data \[7:0\] |
+
+In this example, the ReadData (0x3) command was written to the TXDATA FIFO, followed by the 3B address. This maps to a total of 4 bytes that are transmitted out across qspi\_d\_io[0] in the first segment. The second segment consists of a read command that receives 1 byte of data from the target device across qspi\_d\_io[1].
+
+QSPI consists of up to four command segments in which the host:
+
+1. Transmits instructions or data at the standard rate
+2. Transmits instructions address or data on 2 or 4 data lines
+3. Holds the bus in a high-impedance state for some number of dummy cycles where neither side transmits
+4. Receives information from the target device at the specified rate (derived from the original command)
+
+The following example shows the QSPI segments.
+
+*Figure 7: QSPI segments*
+
+| Segment \# | Length (Bytes) | Speed | Direction | TXDATA FIFO | RXDATA FIFO |
+| :--------- | :------------- | :------- | :------------------ | :----------- | :---------------- |
+| 1 | 1 | standard | TX
qspi_d_io\[3:0\] | \[0\] 0x6B (ReadDataQuad) | |
+| 2 | 3\* | quad | TX
qspi_d_io\[3:0\] | \[1\] Addr\[23:16\]
\[2\] Addr\[15:8\]
\[3\] Addr\[7:0\] | |
+| 3 | 2 | N/A | None (Dummy) | | |
+| 4 | 1 | quad | RX
qspi_d_io\[3:0\] | | \[0\] Data\[7:0\] |
+
+Note: In the preceding figure, segment 2 doesn’t show bytes 2 and 3 for brevity.
+
+#### Configuration
+
+The CONFIGOPTS multi-register has one entry per CSB line and holds clock configuration and timing settings that are specific to each peripheral. After the CONFIGOPTS multi-register is programmed for each SPI peripheral device, the values can be left unchanged.
+
+The most common differences between target devices are the requirements for a specific SPI clock phase or polarity, CPOL and CPHA. These clock parameters can be set via the CONFIGOPTS.CPOL or CONFIGOPTS.CPHA register fields.
+
+The SPI clock rate depends on the peripheral clock and a 16b clock divider configured by CONFIGOPTS.CLKDIV. The following equation is used to configure the SPI clock period:
+
+
+
+By default, CLKDIV is set to 0, which means that the maximum frequency that can be achieved is at most half the frequency of the peripheral clock (Fsck = Fclk/2).
+
+We can rearrange the equation to solve for the CLKDIV:
+
+
+
+Assuming a 400MHz target peripheral, and a SPI clock target of 100MHz:
+
+CONFIGOPTS.CLKDIV = (400/(2\*100)) -1 = 1
+
+The following figure shows CONFIGOPTS.
+
+*Figure 8: CONFIGOPTS*
+
+#### Signal descriptions
+
+The QSPI block architecture inputs and outputs are described in the following table.
+
+| Name | Input or output | Description |
+| :------------------ | :-------------- | :-------------------------------------------------------- |
+| clk_i | input | All signal timings are related to the rising edge of clk. |
+| rst_ni | input | The reset signal is active LOW and resets the core. |
+| cio_sck_o | output | SPI clock |
+| cio_sck_en_o | output | SPI clock enable |
+| cio_csb_o\[1:0\] | output | Chip select \# (one hot, active low) |
+| cio_csb_en_o\[1:0\] | output | Chip select \# enable (one hot, active low) |
+| cio_csb_sd_o\[3:0\] | output | SPI data output |
+| cio_csb_sd_en_o | output | SPI data output enable |
+| cio_csb_sd_i\[3:0\] | input | SPI data input |
+
+#### SPI\_HOST IP programming guide
+
+The operation of the SPI\_HOST IP proceeds in seven general steps.
+
+To initialize the IP:
+
+1. Program the CONFIGOPTS multi-register with the appropriate timing and polarity settings for each csb line.
+2. Set the desired interrupt parameters.
+3. Enable the IP.
+
+Then for each command:
+
+4. Load the data to be transmitted into the FIFO using the TXDATA memory window.
+5. Specify the target device by programming the CSID.
+6. Specify the structure of the command by writing each segment into the COMMAND register.
+
+ For multi-segment transactions, assert COMMAND.CSAAT for all but the last command segment.
+
+7. For transactions that expect to receive a reply, the data can then be read back from the RXDATA window.
+
+Steps 4-7 are then repeated for each subsequent command.
+
+#### UART
+
+Caliptra implements a UART block that can communicate with a serial device that is accessible to FW over the AHB-lite Interface. This is a configuration that the SoC opts-in by defining CALIPTRA\_INTERNAL\_UART.
+
+The UART block is composed of the uart implementation. For information, see the [UART HWIP Technical Specification](https://opentitan.org/book/hw/ip/uart/). The design provides support for a programmable baud rate. The UART block is shown in the following figure.
+
+*Figure 9: UART block*
+
+#### Operation
+
+Transactions flow through the UART block starting with an AHB-lite write to WDATA, which triggers the transmit module to start a UART TX serial data transfer. The TX module dequeues the byte from the internal FIFO and shifts it out bit by bit at the baud rate. If TX is not enabled, the output is set high and WDATA in the FIFO is queued up.
+
+The following figure shows the transmit data on the serial lane, starting with the START bit, which is indicated by a high to low transition, followed by the 8 bits of data.
+
+*Figure 10: Serial transmission frame*
+
+On the receive side, after the START bit is detected, the data is sampled at the center of each data bit and stored into a FIFO. A user can monitor the FIFO status and read the data out of RDATA.
+
+#### Configuration
+
+The baud rate can be configured using the CTRL.NCO register field. This should be set using the following equation:
+
+
+
+If the desired baud rate is 115,200bps:
+
+
+
+
+
+#### Signal descriptions
+
+The UART block architecture inputs and outputs are described in the following table.
+
+| Name | Input or output | Description |
+| :------- | :-------------- | :-------------------------------------------------------- |
+| clk_i | input | All signal timings are related to the rising edge of clk. |
+| rst_ni | input | The reset signal is active LOW and resets the core. |
+| cio_rx_i | input | Serial receive bit |
+| cio_tx_o | output | Serial transmit bit |
+
+### SoC mailbox
+
+For more information on the mailbox protocol, see [Mailbox](https://github.com/chipsalliance/caliptra-rtl/blob/main/docs/Caliptra_rtl.md#mailbox) in the Caliptra Integration Specification. TODO: Fix this!
+
+The following table describes the mailbox control registers.
+
+| Control register | Start address | Description |
+| :------------------------ | :---------------- | :----------------- |
+| MBOX_LOCK | 0x30020000 | Mailbox lock register for mailbox access. Reading 0 sets the lock. |
+| MBOX_USER | 0x30020004 | Stores the user that locked the mailbox.|
+| MBOX_CMD | 0x30020008 | Command requested for data in mailbox. |
+| MBOX_DLEN | 0x3002000c | Data length for mailbox access. |
+| MBOX_DATAIN | 0x30020010 | Data in register. Writes the next data to mailbox. |
+| MBOX_DATAOUT | 0x30020010 | Data out register. Reads the next data from mailbox.|
+| MBOX_EXECUTE | 0x30020018 | Mailbox execute register indicates to the receiver that the sender is done. |
+| MBOX_STATUS | 0x3002001c | Status of the mailbox command:
CMD_BUSY - 2’b00 – Indicates the requested command is still in progress
DATA_READY - 2’b01 – Indicates the return data is in the mailbox for the requested command
CMD_COMPLETE- 2’b10 – Indicates the successful completion of the requested command
CMD_FAILURE- 2’b11 – Indicates the requested command failed |
+| HW_ERROR_FATAL | 0x30030000 | Indicates fatal hardware error. |
+| HW_ERROR_NON_FATAL | 0x30030004 | Indicates non-fatal hardware error. |
+| FW_ERROR_FATAL | 0x30030008 | Indicates fatal firmware error. |
+| FW_ERROR_NON_FATAL | 0x3003000c | Indicates non-fatal firmware error. |
+| HW_ERROR_ENC | 0x30030010 | Encoded error value for hardware errors. |
+| FW_ERROR_ENC | 0x30030014 | Encoded error value for firmware errors. |
+| BOOT_STATUS | 0x30030018 | Reports the boot status. |
+| FLOW_STATUS | 0x3003001c | Reports the status of the firmware flows. |
+| GENERIC_INPUT_WIRES | 0x30030024 | Generic input wires connected to the SoC interface. |
+| GENERIC_OUTPUT_WIRES | 0x3003002c | Generic output wires connected to the SoC interface. |
+| KEY_MANIFEST_PK_HASH | 0x300302b0 | |
+| KEY_MANIFEST_PK_HASH_MASK | 0x30030370 | |
+| KEY_MANIFEST_SVN | 0x30030374 | |
+| BOOT_LOADER_SVN | 0x30030384 | |
+| RUNTIME_SVN | 0x30030388 | |
+| ANTI_ROLLBACK_DISABLE | 0x3003038c | |
+| IEEE_IDEVID_CERT_CHAIN | 0x30030390 | |
+| FUSE_DONE | 0x300303f0 | |
+
+### Security state
+
+Caliptra uses the MSB of the security state input to determine whether or not Caliptra is in debug mode.
+
+When Caliptra is in debug mode:
+
+* Security state MSB is set to 0.
+
+* Caliptra JTAG is opened for the microcontroller and HW debug.
+
+* Device secrets (UDS, FE, key vault, and obfuscation key) are programmed to debug values.
+
+If a transition to debug mode happens during ROM operation, any values computed from the use of device secrets may not match expected values.
+
+Transitions to debug mode trigger a hardware clear of all device secrets, and also trigger an interrupt to FW to inform of the transition. FW is responsible for initiating another hardware clear of device secrets utilizing the clear secrets register, in case any derivations were in progress and stored after the transition was detected. FW may open the JTAG after all secrets are cleared.
+
+Debug mode values may be set by integrators in the Caliptra configuration files. The default values are shown in the following table.
+
+| Name | Default value |
+| :-------------------------- | :------------ |
+| Obfuscation Key Debug Value | All 0x1 |
+| UDS Debug Value | All 0x1 |
+| Field Entropy Debug Value | All 0x1 |
+| Key Vault Debug Value 0 | All 0xA |
+| Key Vault Debug Value 1 | All 0x5 |
+
+### Clock gating
+
+Caliptra provides a clock gating feature that turns off clocks when the microcontroller is halted. Clock gating is disabled by default, but can be globally enabled via the following register.
+
+| Control register | Start address | Description |
+| :------------------- | :---------------- | :------------------------ |
+| CPTRA_CLK_GATING_EN | 0x300300bc | Register bit to enable or disable the clock gating feature. |
+
+When enabled, halting the microcontroller turns off clocks to all of the cryptographic subsystem, the vaults (keyvault, PCR vault, and data vault), mailbox SRAM, SoC interface, and peripherals subsystem. The Watchdog timer and SoC registers run on the gated RDC clock. The RV core implements its own clock gating mechanism. Halting the core automatically turns off its clock.
+
+There are a total of 4 clocks in Caliptra: ungated clock, gated clock, gated RDC clock, and gated SoC IFC clock. The following table shows the different modules and their designated clocks.
+
+| Module | Clock |
+| :-------------------- | :-------------------------------------- |
+| RV core | Clk |
+| SOC IFC | Clk; clk_cg; rdc_clk_cg; soc_ifc_clk_cg |
+| Crypto subsystem | Clk_cg |
+| Vaults | Clk_cg |
+| Peripherals subsystem | Clk_cg |
+| AHB Lite IF, 2to1 Mux | Clk_cg |
+| TRNG | Clk_cg |
+
+#### Wake up conditions
+
+For details on halting the core and waking up the core from the halt state, see section 5 of the [RISC-V VeeR EL2 Programmer's Reference Manual](https://github.com/chipsalliance/Cores-VeeR-EL2/blob/main/docs/RISC-V_VeeR_EL2_PRM.pdf).
+
+When the RV core wakes up, all clocks are enabled. However, when the core is halted, it is possible to wake up Caliptra clocks through:
+
+* A change in generic\_input\_wires
+
+* Cptra\_fatal\_error assertion
+
+* Entry to debug or scan modes
+
+* JTAG accesses
+
+* APB transactions
+
+Activity on the APB interface only wakes up the SoC IFC clock. All other clocks remain off until any other condition is met or the core exits the halt state.
+
+| Cpu_halt_status | PSEL | Generic input wires
\|\| fatal error
\|\| debug/scan mode
\|\|JTAG access | Expected behavior |
+| :-------------- | :--- | :---------- | :-------------- |
+| 0 | X | X | All gated clocks active |
+| 1 | 0 | 0 | All gated clocks inactive |
+| 1 | 0 | 1 | All gated clocks active (as long as condition is true) |
+| 1 | 1 | 0 | Soc_ifc_clk_cg active (as long as PSEL = 1)
All other clks inactive |
+| 1 | 1 | 1 | Soc_ifc_clk_cg active (as long as condition is true OR PSEL = 1)
All other clks active (as long as condition is true) |
+
+#### Usage
+
+The following applies to the clock gating feature:
+
+* The core should only be halted after all pending vault writes are done and cryptographic operations are complete.
+* While the core is halted, any APB transaction wakes up the SoC interface clock and leaves all other clocks disabled. If the core is still halted when the APB transactions are done, the SoC interface clock is returned to a disabled state. .
+* The RDC clock is similar to an ungated clock and is only disabled when a reset event occurs. This avoids metastability on flops. The RDC clock operates independently of core halt status.
+
+
+#### Timing information
+
+The following figure shows the timing information for clock gating.
+
+*Figure 11: Clock gating timing*
+
+## Integrated TRNG
+
+Caliptra implements a true random number generator (TRNG) block for local use models. Firmware is able to read a random number from the TRNG core by accessing its register block over the AHB-lite interface. This is a configuration that SoC integrators enable by defining CALIPTRA\_INTERNAL\_TRNG.
+
+This TRNG block is a combination of entropy source and CSRNG implementations. For information, see the [ENTROPY\_SRC HWIP Technical Specification](https://opentitan.org/book/hw/ip/entropy_src/index.html) and the [CSRNG HWIP Technical Specification](https://opentitan.org/book/hw/ip/csrng/). The core code (see [entropy source](https://github.com/lowRISC/opentitan/tree/master/hw/ip/entropy_src) and [csrng](https://github.com/lowRISC/opentitan/tree/master/hw/ip/csrng)) is reused from here but the interface to the module is changed to AHB-lite. This design provides an interface to an external physical random noise generator. This is also referred to as a physical true random number generator (PTRNG). The PTRNG external source is a physical true random noise source. A noise source and its relation to an entropy source are defined by [SP 800-90B](https://csrc.nist.gov/publications/detail/sp/800-90b/final).
+
+The block is instantiated based on a design parameter chosen at integration time. This is to provide options for SoC to reuse an existing TRNG to build an optimized SoC design. For the optimized scenarios, SoC needs to follow the TODO: heading link in markdown.
+
+The following figure shows the integrated TRNG block.
+
+*Figure 12: Integrated TRNG block*
+
+The following figure shows the CSRNG block.
+
+*Figure 13: CSRNG block*
+
+The following figure shows the entropy source block.
+
+*Figure 14: Entropy source block*
+
+### Operation
+
+Requests for entropy bits start with [command requests](https://opentitan.org/book/hw/ip/csrng/doc/theory_of_operation.html#general-command-format) over the AHB-lite interface to the csrng [CMD\_REQ](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.csrng_reg.CMD_REQ) register.
+
+The following describes the fields of the command request header:
+
+* Application Command: Selects one of five operations to perform. The commands supported are instantiate, reseed, generate, update, and uninstantiate.
+
+* Command Length: Number of 32-bit words that can optionally be appended to the command. A value of zero will only transfer the command header. A value of 4'hc transfers the header plus an additional twelve 32-bit words of data.
+
+* Command Flag0: flag0 is associated with the current command. Setting this field to True (4’h6) enables flag0 to be enabled. Note that flag0 is used for the instantiate and reseed commands only; for all other commands, the flag0 value is ignored.
+
+* Generate Length: Only defined for the generate command, this field is the total number of cryptographic entropy blocks requested. Each unit represents 128 bits of entropy returned. A value of 8 would return a total of 1024 bits. The maximum size supported is 4096.
+
+First an instantiate command is requested over the SW application interface to initialize an instance in the CSRNG module. Depending on the flag0 and clen fields in the command header, a request to the entropy\_src module over the entropy interface is sent to seed the csrng. This can take a few milliseconds if the seed entropy is not immediately available.
+
+Example instantiation:
+
+acmd = 0x1 (Instantiate)
+
+clen/flag0 = The seed behavior is described in the following table.
+
+glen = Not used
+
+| flag0 | clen | Description |
+| :---- | :--- | :----------------------------------------------------------- |
+| F | 0 | Only entropy source seed is used. |
+| F | 1-12 | Entropy source seed is xor'ed with provided additional data. |
+| T | 0 | Seed of zero is used (no entropy source seed used). |
+| T | 1-12 | Only provided additional data is used as seed. |
+
+Next a generate command is used to request generation of cryptographic entropy bits. The glen field defines how many 128 bit words are to be returned to the application interface. After the generated bits are ready, they can be read out via the GENBITS register. This register must be read out glen \* 4 times for each request made.
+
+Example generate command:
+
+acmd = 0x3 (Generate)
+
+clen = 0
+
+flag0 = false (4’h9)
+
+glen = 4 (4 \*128 = 512b)
+
+This requires 16 reads from GENBITS to read out all of the generated entropy.
+
+### Configuration
+
+The HW application interfaces are not supported. Only the SW application interface should be used for this design.
+
+### Physical true random noise source signal descriptions
+
+These are the top level signals defined in caliptra\_top.
+
+| Name | Input or output | Description |
+| :---------- | :-------------- | :------------ |
+| itrng_data | input | Physical true random noise source data |
+| itrng_valid | input | Valid is asserted high for one cycle when data is valid. The expected valid output rate is about 50KHz. |
+
+The following figure shows the top level signals defined in caliptra\_top.
+
+*Figure 15: caliptra\_top signals*
+
+### Entropy source signal descriptions
+
+The following table provides descriptions of the entropy source signals.
+
+| Name | Input or output | Description |
+| :------------------ | :-------------- | :--------------- |
+| clk_i | input | All signal timings are related to the rising edge of clk. |
+| rst_ni | input | The reset signal is active LOW and resets the core. |
+| entropy_src_rng_req | output | Request from the entropy_src module to the physical true random noise source to start generating data. |
+| entropy_src_rng_rsp | input | Contains the internal TRNG data and a flag indicating the data is valid. Valid is asserted high for one cycle when data is valid. |
+| entropy_src_hw_if_i | input | Downstream block request for entropy bits. |
+| entropy_src_hw_if_o | output | 384 bits of entropy data. Valid when es_ack is asserted high. |
+| cs_aes_halt_i | input | Response from csrng that all requests to AES block are halted. |
+| cs_aes_halt_o | output | Request to csrng to halt requests to the AES block for power leveling purposes. |
+
+The following figure shows the entropy source signals.
+
+*Figure 16: Entropy source signals*
+
+### CSRNG signal descriptions
+
+The following table provides descriptions for the CSRNG signals.
+
+| Name | Input or output | Description |
+| :------------------------- | :-------------- | :---------------------------------------------------------------------------------------------------- |
+| clk_i | input | All signal timings are related to the rising edge of clk. |
+| rst_ni | input | The reset signal is active LOW and resets the core. |
+| otp_en_csrng_sw_app_read_i | input | Enable firmware to access the ctr_drbg internal state and genbits through registers. |
+| lc_hw_debug_en_i | input | Lifecycle that selects which diversification value is used for xoring with the seed from entropy_src. |
+| entropy_src_hw_if_i | input | 384 bits of entropy data. Valid when es_ack is asserted high. |
+| entropy_src_hw_if_o | output | Downstream block request for entropy bits. |
+| cs_aes_halt_i | input | Request from entropy_src to halt requests to the AES block for power leveling purposes. |
+| cs_aes_halt_o | output | Response to entropy_src that all requests to AES block are halted. |
+
+The CSRNG may only be enabled if entropy\_src is enabled. After it is disabled, CSRNG may only be re-enabled after entropy\_src has been disabled and re-enabled.
+
+## External-TRNG REQ HW API
+
+For SoCs that choose to not instantiate Caliptra’s integrated TRNG, Caliptra provides a TRNGREQ HW API.
+
+1. Caliptra asserts TRNG\_REQ wire (FW made the request for a TRNG).
+2. SoC writes the TRNG architectural registers.
+3. SoC writes a done bit in the TRNG architectural registers.
+4. Caliptra desserts TRNG\_REQ.
+
+The reason to have a separate interface from the SoC mailbox is to ensure that this request is not intercepted by any SoC FW agents that communicate with the SoC mailbox. It is required for FIPS compliance that this TRNG HW API is always handled by a SoC HW gasket logic and not handled by SoC ROM/FW code.
+
+## SoC-SHA accelerator HW API
+
+Caliptra provides a SHA accelerator HW API for SoC and Caliptra internal FW to use. It is atomic in nature in that only one of them can use the SHA accelerator HW API at the same time. Details of the SHA accelerator register block may be found in the GitHub repository in [documentation](https://chipsalliance.github.io/caliptra-rtl/main/external-regs/?p=caliptra_top_reg.sha512_acc_csr) generated from the register definition file.
+
+Using the HW API:
+
+* A user of the HW API first locks the accelerator by reading the LOCK register. A read that returns the value 0 indicates that the resource was locked for exclusive use by the requesting user. A write of ‘1 clears the lock.
+* The USER register captures the APB pauser value of the requestor that locked the SHA accelerator. This is the only user that is allowed to control the SHA accelerator by performing APB register writes. Writes by any other agent on the APB interface are dropped.
+* MODE register is written to set the SHA execution mode.
+ * SHA accelerator supports both SHA384 and SHA512 modes of operation.
+ * SHA supports **streaming** mode: SHA is computed on a stream of incoming data to the DATAIN register. The EXECUTE register, when set, indicates to the accelerator that streaming is complete. The accelerator can then publish the result into the DIGEST register. When the VALID bit of the STATUS register is set, then the result in the DIGEST register is valid.
+ * SHA supports **Mailbox** mode: SHA is computed on LENGTH (DLEN) bytes of data stored in the mailbox beginning at START\_ADDRESS. This computation is performed when the EXECUTE register is set by the user. When the operation is completed and the result in the DIGEST register is valid, SHA accelerator sets the VALID bit of the STATUS register.
+ * The SHA computation engine in the SHA accelerator requires big endian data, but the SHA accelerator can accommodate mailbox input data in either the little endian or big endian format. By default, input data is assumed to be little endian and is swizzled to big endian at the byte level prior to computation. For the big endian format, data is loaded into the SHA engine as-is. Users may configure the SHA accelerator to treat data as big endian by setting the ENDIAN\_TOGGLE bit appropriately.
+ * See the register definition for the encodings.
+* SHA engine also provides a ‘zeroize’ function through its CONTROL register to clear any of the SHA internal state. This can be used when the user wants to conceal previous state for debug or security reasons.
+
+## JTAG implementation
+
+For specific debug flows, see the [JTAG/TAP Debug](https://chipsalliance.github.io/Caliptra/doc/Caliptra.html#jtagtap-debug) section in Caliptra: A Datacenter System on a Chip (SoC) Root of Trust (RoT).
+
+The following figure shows the JTAG implementation within the Caliptra boundary. The output of the existing DMI wrapper is used to find the non-Core (Caliptra uncore) aperture to route the JTAG commands.
+
+Caliptra’s JTAG/TAP should be implemented as a TAP EP. JTAG is open if the debug mode is set at the time of Caliptra reset deassertion.
+
+Note: If the debug security state switches to debug mode anytime, the security assets and keys are still flushed even though JTAG is not open.
+
+*Figure 17: JTAG implementation*
+
+# Cryptographic subsystem architecture
+
+The architecture of Caliptra cryptographic subsystem includes the following components:
+
+* Symmetric cryptographic primitives
+ * De-obfuscation engine
+ * SHA512/384 (based on NIST FIPS 180-4 [2])
+ * SHA256 (based on NIST FIPS 180-4 [2])
+ * HMAC384 (based on [NIST FIPS 198-1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf) [5] and [RFC 4868](https://tools.ietf.org/html/rfc4868) [6])
+* Public-key cryptography
+ * NIST Secp384r1 Deterministic Digital Signature Algorithm (based on FIPS-186-4 [11] and RFC 6979 [7])
+* Key vault
+ * Key slots
+ * Key slot management
+
+The high-level architecture of Caliptra cryptographic subsystem is shown in the following figure.
+
+*Figure 18: Caliptra cryptographic subsystem TODO: fix this image*
+
+## SHA512/SHA384
+
+SHA512 is a function of cryptographic hash algorithm SHA-2. The hardware implementation is based on [Secworks/SHA512](https://github.com/secworks/sha512) [1]. This implementation complies with the functionality in NIST FIPS 180-4 [2]. The implementation supports the SHA512 variants SHA-512/224, SHA-512/256, SHA384 and SHA512.
+
+The SHA512 algorithm is described as follows:
+
+* The message is padded by the host and broken into 1024-bit chunks
+* For each chunk:
+ * The message is fed to the SHA512 core
+ * The core should be triggered by the host
+ * The SHA512 core status is changed to ready after hash processing
+* The result digest can be read after feeding all message chunks
+
+### Operation
+
+#### Padding
+
+The message should be padded before feeding to the hash core. The input message is taken, and some padding bits are appended to it to get it to the desired length. The bits that are used for padding are simply ‘0’ bits with a leading ‘1’ (100000…000). The appended length of the message (before pre-processing), in bits, is a 128-bit big-endian integer.
+
+The total size should be equal to 128 bits short of a multiple of 1024 since the goal is to have the formatted message size as a multiple of 1024 bits (N x 1024). The following figure shows the SHA512 input formatting.
+
+*Figure 19: SHA512 input formatting*
+
+#### Hashing
+
+The SHA512 core performs 80 iterative operations to process the hash value of the given message. The algorithm processes each block of 1024 bits from the message using the result from the previous block. For the first block, the initial vectors (IV) are used for starting the chain processing of each 1024-bit block.
+
+### FSM
+
+The SHA512 architecture has the finite-state machine as shown in the following figure.
+
+*Figure 20: SHA512 FSM*
+
+### Signal descriptions
+
+The SHA512 architecture inputs and outputs are described in the following table.
+
+| Name | Inputs and outputs | Description |
+|-----------------|--------------------|---------------------------------------------------------------------------------------------------|
+| clk | input | All signal timings are related to the rising edge of clk. |
+| reset_n | input | The reset signal is active LOW and resets the core. This is the only active LOW signal. |
+| init | input | The core is initialized and processes the first block of message. |
+| next | input | The core processes the rest of the message blocks using the result from the previous blocks. |
+| mode\[1:0\] | input | Indicates the hash type of the function. This can be:
- SHA512/224
- SHA512/256
- SHA384
- SHA512 |
+| zeroize | input | The core clears all internal registers to avoid any SCA information leakage. |
+| block\[1023:0\] | input | The input padded block of message. |
+| ready | output | When HIGH, the signal indicates the core is ready. |
+| digest\[511:0\] | output | The hashed value of the given block. |
+| digest_valid | output | When HIGH, the signal indicates that the result is ready. |
+
+### Address map
+
+The SHA512 address map is shown here: [sha512\_reg — clp Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.sha512_reg)
+
+### Pseudocode
+
+The following pseudocode demonstrates how the SHA512 interface can be implemented.
+
+*Figure 21: SHA512 pseudocode*
+
+### SCA countermeasure
+
+We do not propose any countermeasure to protect the hash functions. Inherently, hash functions do not work like other cryptographic engines. Hash functions target integrity without requiring a secret key. Hence, the attacker can target only messages. Also, the attacker cannot build a CPA or DPA platform on the hash function because the same message ideally gives the same side-channel behavior.
+
+If the attacker works on the multi-message mechanism, the attacker then needs to work with single trace attacks, which are very unlikely in ASIC/FPGA implementations. Also, our hash implementation is a noisy platform. As a result, we do not propose any SCA implementation countermeasure on the hash functions.
+
+### Performance
+
+The SHA512 core performance is reported considering two different architectures: pure hardware architecture, and hardware/software architecture. These are described next.
+
+#### Pure hardware architecture
+
+In this architecture, the SHA512 interface and controller are implemented in hardware. The performance specification of the SHA512 architecture is shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :-------------------- | :------------------ |
+| Data_In transmission | | 0.08 | |
+| Process | 87 | 0.22 | |
+| Data_Out transmission | 16 | 0.04 | |
+| Single block | 136 | 0.34 | 2,941,176 |
+| Double block | 224 | 0.56 | 1,785,714 |
+| 1 KiB message | 840 | 2.10 | 476,190 |
+| 128 KiB message | 17,632 | 44.08 | 22,686 |
+
+#### Hardware/software architecture
+
+In this architecture, the SHA512 interface and controller are implemented in RISC-V core. The performance specification of the SHA512 architecture is shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\]\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :---------------------- | :------------------ |
+| Data_In transmission | 990 | 2.48 | |
+| Process | 139 | 0.35 | |
+| Data_Out transmission | 387 | 0.97 | |
+| Single block | 1,516 | 3.79 | 263,852 |
+| Double block | 2,506 | 6.27 | 159,617 |
+| 1 KiB message | 9,436 | 23.59 | 42,391 |
+| 128 KiB message | 1,015,276 | 2,538.19 | 394 |
+
+#### Pure software architecture
+
+In this architecture, the SHA512 algorithm is implemented fully in software. The implementation is derived from the [OpenSSL](https://www.openssl.org/docs/man3.0/man3/SHA512.html) SHA512 implementation [3]. The performance numbers for this architecture are shown in the following table.
+
+| Data size | Cycle count |
+| :------------ | :-------------- |
+| 1 KiB | 147,002 |
+| 4 KiB | 532,615 |
+| 8 KiB | 1,046,727 |
+| 12 KiB | 1,560,839 |
+| 128 KiB | 16,470,055 |
+
+## SHA256
+
+SHA256 is a function of the SHA-2 cryptographic hash algorithm. The hardware implementation is based on [Secworks/SHA256](https://github.com/secworks/sha256) [1]. The implementation supports the two variants: SHA256/224 and SHA256.
+
+The SHA256 algorithm is described as follows:
+
+* The message is padded by the host and broken into 512-bit chunks
+* For each chunk:
+ * The message is fed to the sha256 core
+ * The core should be triggered by the host
+ * The sha256 core status is changed to ready after hash processing
+* The result digest can be read after feeding all message chunks
+
+
+### Operation
+
+#### Padding
+
+The message should be padded before feeding to the hash core. The input message is taken, and some padding bits are appended to the message to get it to the desired length. The bits that are used for padding are simply ‘0’ bits with a leading ‘1’ (100000…000). The appended length of the message (before pre-processing), in bits, is a 64-bit big-endian integer.
+
+The total size should be equal to 64 bits, short of a multiple of 512 because the goal is to have the formatted message size as a multiple of 512 bits (N x 512).
+
+The following figure shows SHA256 input formatting.
+
+*Figure 22: SHA256 input formatting*
+
+#### Hashing
+
+The SHA256 core performs 64 iterative operations to process the hash value of the given message. The algorithm processes each block of 512 bits from the message using the result from the previous block. For the first block, the initial vectors (IV) are used to start the chain processing of each 512-bit block.
+
+### FSM
+
+The SHA256 architecture has the finite-state machine as shown in the following figure.
+
+*Figure 23: SHA256 FSM*
+
+### Signal descriptions
+
+The SHA256 architecture inputs and outputs are described as follows.
+
+| Name | Input or output | Description |
+| :-------------- | :-------------- | :------------------------------------------------------------------------------------------- |
+| clk | input | All signal timings are related to the rising edge of clk. |
+| reset_n | input | The reset signal is active LOW and resets the core. This is the only active LOW signal. |
+| init | input | The core is initialized and processes the first block of message. |
+| next | input | The core processes the rest of the message blocks using the result from the previous blocks. |
+| mode | input | Indicates the hash type of the function. This can be:
- SHA256/224
- SHA256 |
+| zeroize | input | The core clears all internal registers to avoid any SCA information leakage. |
+| block\[511:0\] | input | The input padded block of message. |
+| ready | output | When HIGH, the signal indicates the core is ready. |
+| digest\[255:0\] | output | The hashed value of the given block. |
+| digest_valid | output | When HIGH, the signal indicates the result is ready. |
+
+### Address map
+
+The SHA256 address map is shown here: [sha256\_reg — clp Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.sha256_reg).
+
+### Pseudocode
+
+The following pseudocode demonstrates how the SHA256 interface can be implemented.
+
+*Figure 24: SHA256 pseudocode*
+
+### SCA countermeasure
+
+We do not propose any countermeasure to protect the hash functions. For more information, see SCA countermeasure in the [SHA512/SHA384](#sha512sha384) section.
+
+### Performance
+
+The SHA256 core performance is reported considering two different architectures: pure hardware architecture, and hardware/software architecture. These are described next.
+
+#### Pure hardware architecture
+
+In this architecture, the SHA256 interface and controller are implemented in hardware. The performance specification of the SHA256 architecture is reported as shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :-------------------- | :------------------ |
+| Data_In transmission | 17 | 0.04 | |
+| Process | 66 | 0.17 | |
+| Data_Out transmission | 8 | 0.02 | |
+| Single block | 91 | 0.23 | 4,395,604 |
+| Double block | 158 | 0.40 | 2,531,646 |
+| 1 KiB message | 1163 | 2.91 | 343,938 |
+
+#### Hardware/software architecture
+
+In this architecture, the SHA256 interface and controller are implemented in RISC-V core. The performance specification of the SHA256 architecture is reported as shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :-------------------- | :------------------ |
+| Data_In transmission | 500 | 1.25 | |
+| Process | 66 | 0.17 | |
+| Data_Out transmission | 195 | 0.49 | |
+| Single block | 761 | 1.90 | 525,624 |
+| Double block | 1355 | 3.39 | 295,203 |
+| 1 KiB message | 8761 | 21.90 | 45,657 |
+
+## HMAC384
+
+Hash-based message authentication code (HMAC) is a cryptographic authentication technique that uses a hash function and a secret key. HMAC involves a cryptographic hash function and a secret cryptographic key. This implementation supports HMAC-SHA-384-192 as specified in [NIST FIPS 198-1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf) [5]. The implementation is compatible with the HMAC-SHA-384-192 authentication and integrity functions defined in [RFC 4868](https://tools.ietf.org/html/rfc4868) [6].
+
+Caliptra HMAC implementation uses SHA384 as the hash function, accepts a 384-bit key, and generates a 384-bit tag.
+
+The implementation also supports PRF-HMAC-SHA-384. The PRF-HMAC-SHA-384 algorithm is identical to HMAC-SHA-384-192, except that variable-length keys are permitted, and the truncation step is not performed.
+
+The HMAC algorithm is described as follows:
+* The key is fed to the HMAC core to be padded
+* The message is broken into 1024-bit chunks by the host
+* For each chunk:
+ * The message is fed to the HMAC core
+ * The HMAC core should be triggered by the host
+ * The HMAC core status is changed to ready after hash processing
+* The result digest can be read after feeding all message chunks
+
+
+### Operation
+
+#### Padding
+
+The message should be padded before feeding to the HMAC core. Internally, the i\_padded key is concatenated with the message. The input message is taken, and some padding bits are appended to the message to get it to the desired length. The bits that are used for padding are simply ‘0’ bits with a leading ‘1’ (100000…000).
+
+The total size should be equal to 128 bits, short of a multiple of 1024 because the goal is to have the formatted message size as a multiple of 1024 bits (N x 1024).
+
+*Figure 25: HMAC input formatting*
+
+The following figures show examples of input formatting for different message lengths.
+
+*Figure 26: Message length of 1023 bits*
+
+When the message is 1023 bits long, padding is given in the next block along with message size.
+
+*Figure 27: 1 bit padding*
+
+When the message size is 895 bits, a padding of ‘1’ is also considered valid, followed by the message size.
+
+*Figure 28: Multi block message*
+
+Messages with a length greater than 1024 bits are broken down into N 1024-bit blocks. The last block contains padding and the size of the message.
+
+
+#### Hashing
+
+The HMAC core performs the sha2-384 function to process the hash value of the given message. The algorithm processes each block of the 1024 bits from the message, using the result from the previous block. This data flow is shown in the following figure.
+
+*Figure 29: HMAC-SHA-384-192 data flow*
+
+### FSM
+
+The HMAC architecture has the finite-state machine as shown in the following figure.
+
+*Figure 30: HMAC FSM*
+
+### Signal descriptions
+
+The HMAC architecture inputs and outputs are described in the following table.
+
+| Name | Input or output | Description |
+| :----------------- | :-------------- | :----------- |
+| clk | input | All signal timings are related to the rising edge of clk. |
+| reset_n | input | The reset signal is active LOW and resets the core. This is the only active LOW signal. |
+| init | input | The core is initialized and processes the key and the first block of the message. |
+| next | input | The core processes the rest of the message blocks using the result from the previous blocks. |
+| zeroize | input | The core clears all internal registers to avoid any SCA information leakage. |
+| key\[383:0\] | input | The input key. |
+| block\[1023:0\] | input | The input padded block of message. |
+| LFSR_seed\[159:0\] | Input | The input to seed PRNG to enable the masking countermeasure for SCA protection. |
+| ready | output | When HIGH, the signal indicates the core is ready. |
+| tag\[383:0\] | output | The HMAC value of the given key or block. For PRF-HMAC-SHA-384, a 384-bit tag is required. For HMAC-SHA-384-192, the host is responsible for reading 192 bits from the MSB. |
+| tag_valid | output | When HIGH, the signal indicates the result is ready. |
+
+### Address map
+
+The HMAC address map is shown here: [hmac\_reg — clp Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.hmac_reg).
+
+### Pseudocode
+
+The following pseudocode demonstrates how the HMAC interface can be implemented.
+
+*Figure 31: HMAC pseudocode*
+
+### SCA countermeasure
+
+In an attack model, an attacker can form hypotheses about the secret key value and compute the corresponding output values by using the Hamming Distance model as an appropriate leakage model. An attacker who has knowledge of the implementation for open-source architecture has an advantage. The attacker can capture the power consumption traces to verify their hypotheses, by partitioning the acquisitions or using Pearson’s correlation coefficient.
+
+To protect the HMAC algorithm from side-channel attacks, a masking countermeasure is applied. This means that random values are added to the intermediate variables during the algorithm’s execution, so that the side-channel signals do not reveal any information about them.
+
+The embedded countermeasures are based on "Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures" by McEvoy et. al. To provide the required random values for masking intermediate values, a lightweight 74-bit LFSR is implemented. Based on “Spin Me Right Round Rotational Symmetry for FPGA-specific AES” by Wegener et. al., LFSR is sufficient for masking statistical randomness.
+
+Each round of SHA512 execution needs 6,432 random bits, while one HMAC operation needs at least 4 rounds of SHA512 operations. However, the proposed architecture requires only 160-bit LFSR seed and provides first-order DPA attack protection at the cost of 10% latency overhead with negligible hardware resource overhead.
+
+### Performance
+
+The HMAC core performance is reported considering two different architectures: pure hardware architecture, and hardware/software architecture. These are described next.
+
+#### Pure hardware architecture
+
+In this architecture, the HMAC interface and controller are implemented in hardware. The performance specification of the HMAC architecture is reported as shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :-------------------- | :------------------ |
+| Data_In transmission | 44 | 0.11 | - |
+| Process | 254 | 0.635 | - |
+| Data_Out transmission | 12 | 0.03 | - |
+| Single block | 310 | 0.775 | 1,290,322 |
+| Double block | 513 | 1.282 | 780,031 |
+| 1 KiB message | 1,731 | 4.327 | 231,107 |
+| 128 KiB message | 207,979 | 519.947 | 1,923 |
+
+#### Hardware/software architecture
+
+In this architecture, the HMAC interface and controller are implemented in RISC-V core. The performance specification of the HMAC architecture is reported as shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[us\] @ 400 MHz | Throughput \[op/s\] |
+| :-------------------- | :------------------ | :-------------------- | :------------------ |
+| Data_In transmission | 1389 | 3.473 | - |
+| Process | 253 | 0.633 | - |
+| Data_Out transmission | 290 | 0.725 | - |
+| Single block | 1932 | 4.83 | 207,039 |
+| Double block | 3166 | 7.915 | 136,342 |
+| 1 KiB message | 10,570 | 26.425 | 37,842 |
+| 128 KiB message | 1,264,314 | 3,160.785 | 316 |
+
+## HMAC_DRBG
+
+Hash-based message authentication code (HMAC) deterministic random bit generator (DRBG) is a cryptographic random bit generator that uses a HMAC function. HMAC_DRBG involves a cryptographic HMAC function and a seed. This architecture is designed as specified in section 10.1.2. of NIST SP 800-90A [12]. For ECC signing operation, the implementation is compatible with section 3.1. of RFC 6979 [7].
+
+Caliptra HMAC_DRBG implementation uses HMAC384 as the HMAC function, accepts a 384-bit seed, and generates a 384-bit random value.
+
+The HMAC algorithm is described as follows:
+
+* The seed is fed to HMAC_DRBG core by the host
+* For each 384-bit random value
+ * The core should be triggered by the host
+ * The HMAC_DRBG core status is changed to ready after HMAC processing
+ * The result digest can be read
+
+
+### Operation
+
+HMAC_DRBG uses a loop of HMAC(K, V) to generate the random bits. In this algorithm, two constant values of K_init and V_init are used as follows:
+
+ 1. Set V_init = 0x01 0x01 0x01 ... 0x01 (V has 384-bit)
+ 2. Set K_init = 0x00 0x00 0x00 ... 0x00 (K has 384-bit)
+ 3. K_tmp = HMAC(K_init, V_init || 0x00 || entropy || nonce)
+ 4. V_tmp = HMAC(K_tmp, V_init)
+ 5. K_new = HMAC(K_tmp, V_tmp || 0x01 || entropy || nonce)
+ 6. V_new = HMAC(K_new, V_tmp)
+ 7. Set T = []
+ 8. T = T || HMAC(K_new, V_new)
+ 9. Return T if T is within the [1,q-1] range, otherwise:
+ 10. K_new = HMAC(K_new, V_new || 0x00)
+ 11. V_new = HMAC(K_new, V_new)
+ 12. Jump to 8
+
+For ECC KeyGen operation, HMAC_DRBG is used to generate privkey as follows:
+
+ Privkey = HMAC_DRBG(seed, nonce)
+
+For ECC SIGNING operation, HMAC_DRBG is used to generate k as follows:
+
+ K = HMAC_DRBG(privkey, hashed_msg)
+
+### Signal descriptions
+
+The HMAC_DRBG architecture inputs and outputs are described in the following table.
+
+| Name | Input or output | Description |
+| :------------------- | :-------------- | :-------------------------------------------------------------------------------------- |
+| clk | input | All signal timings are related to the rising edge of clk. |
+| reset_n | input | The reset signal is active LOW and resets the core. This is the only active LOW signal. |
+| init | input | The core is initialized with the given seed and generates a 384-bit random value. |
+| next | input | The core generates a new 384-bit random value using the result from the previous run. |
+| zeroize | input | The core clears all internal registers to avoid any SCA information leakage. |
+| entropy \[383:0\] | input | The input entropy. |
+| nonce \[383:0\] | input | The input nonce. |
+| LFSR_seed \[147 :0\] | input | The input to seed PRNG to enable masking countermeasure for SCA protection. |
+| ready | output | When HIGH, the signal indicates the core is ready. |
+| drbg \[383:0\] | output | The hmac_drbg value of the given inputs. |
+| valid | output | When HIGH, the signal indicates the result is ready. |
+
+### Address map
+
+The HMAC_DRBG is embedded into ECC architecture, since there is no address map to access it from FW.
+
+### SCA countermeasure
+
+For information, see SCA countermeasure in the [HMAC384](#hmac384) section.
+
+## ECC
+
+The ECC unit includes the ECDSA (Elliptic Curve Digital Signature Algorithm) engine, offering a variant of the cryptographically secure Digital Signature Algorithm (DSA), which uses elliptic curve (ECC). A digital signature is an authentication method in which a public key pair and a digital certificate are used as a signature to verify the identity of a recipient or sender of information.
+
+The hardware implementation supports deterministic ECDSA, 384 Bits (Prime Field), also known as NIST-Secp384r1, described in RFC6979.
+
+Secp384r1 parameters are shown in the following figure.
+
+*Figure 32: Secp384r1 parameters*
+
+### Operation
+
+The ECDSA consists of three operations, shown in the following figure.
+
+*Figure 33: ECDSA operations*
+
+#### KeyGen
+
+In the deterministic key generation, the paired key of (privKey, pubKey) is generated by KeyGen(seed, nonce), taking a deterministic seed and nonce. The KeyGen algorithm is as follows:
+
+* Compute privKey = HMAC_DRBG(seed, nonce) to generate a random integer in the interval [1, n-1] where n is the group order of Secp384 curve.
+* Generate pubKey(x,y) as a point on ECC calculated by pubKey=privKey × G, while G is the generator point over the curve.
+
+
+#### Signing
+
+In the signing algorithm, a signature (r, s) is generated by Sign(privKey, h), taking a privKey and hash of message m, h = hash(m), using a cryptographic hash function, SHA384. The signing algorithm includes:
+
+* Generate a random number k in the range [1..n-1], while k = HMAC\_DRBG(privKey, h)
+* Calculate the random point R = k × G
+* Take r = Rx mod n, where Rx is x coordinate of R=(Rx, Ry)
+* Calculate the signature proof: s = k-1 × (h + r × privKey) mod n
+* Return the signature (r, s), each in the range [1..n-1]
+
+#### Verifying
+
+The signature (r, s) can be verified by Verify(pubKey ,h ,r, s) considering the public key pubKey and hash of message m, h=hash(m) using the same cryptographic hash function SHA384. The output is r’ value of verifying a signature. The ECDSA verify algorithm includes:
+
+* Calculate s1 = s−1 mod n
+* Compute R' = (h × s1) × G + (r × s1) × pubKey
+* Take r’ = R'x mod n, while R'x is x coordinate of R’=(R'x, R'y)
+* Verify the signature by comparing whether r' == r
+
+### Architecture
+
+The ECC top-level architecture is shown in the following figure.
+
+*Figure 34: ECDSA architecture*
+
+### Signal descriptions
+
+The ECDSA architecture inputs and outputs are described in the following table.
+
+
+| Name | Input or output | Description |
+| :------------------------- | :-------------- | :----------- |
+| clk | input | All signal timings are related to the rising edge of clk. |
+| reset_n | input | The reset signal is active LOW and resets the core. This is the only active LOW signal. |
+| ctrl\[1:0\] | input | Indicates the AES type of the function. This can be:
− 0b00: No Operation
− 0b01: KeyGen
− 0b10: Signing
− 0b11: Verifying |
+| zeroize | input | The core clears all internal registers to avoid any SCA information leakage. |
+| seed \[383:0\] | input | The deterministic seed for HMAC_DRBG in the KeyGen operation. |
+| nonce \[383:0\] | input | The deterministic nonce for HMAC_DRBG in the KeyGen operation. |
+| privKey_in\[383:0\] | input | The input private key used in the signing operation. |
+| pubKey_in\[1:0\]\[383:0\] | input | The input public key(x,y) used in the verifying operation. |
+| hashed_msg\[383:0\] | input | The hash of message using SHA384. |
+| ready | output | When HIGH, the signal indicates the core is ready. |
+| privKey_out\[383:0\] | output | The generated private key in the KeyGen operation. |
+| pubKey_out\[1:0\]\[383:0\] | output | The generated public key(x,y) in the KeyGen operation. |
+| r\[383:0\] | output | The signature value of the given priveKey/message. |
+| s\[383:0\] | output | The signature value of the given priveKey/message. |
+| r’\[383:0\] | Output | The signature verification result. |
+| valid | output | When HIGH, the signal indicates the result is ready. |
+
+### Address map
+
+The ECDSA address map is shown here: [ecc\_reg — clp Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.ecc_reg).
+
+### Pseudocode
+
+The following pseudocode blocks demonstrate example implementations for KeyGen, Signing, and Verifying.
+
+#### KeyGen
+
+*Figure 35: KeyGen pseudocode*
+
+#### Signing
+
+*Figure 36: Signing pseudocode*
+
+#### Verifying
+
+*Figure 37: Verifying pseudocode*
+
+### SCA countermeasure
+
+The described ECDSA has three main routines: KeyGen, Signing, and Verifying. Since the Verifying routine requires operation with public values rather than a secret value, our side-channel analysis does not cover this routine. Our evaluation covers the KeyGen and Signing routines where the secret values are processed.
+
+KeyGen consists of HMAC DRBG and scalar multiplication, while Signing first requires a message hashing and then follows the same operations as KeyGen (HMAC DRBG and scalar multiplication). The last step of Signing is generating “S” as the proof of signature. Since HMAC DRBG and hash operations are evaluated separately in our document, this evaluation covers scalar multiplication and modular arithmetic operations.
+
+#### Scalar multiplication
+
+To perform the scalar multiplication, the Montgomery ladder is implemented, which is inherently resistant to timing and single power analysis (SPA) attacks.
+
+Implementation of complete unified addition formula for the scalar multiplication avoids information leakage and enhances architecture from security and mathematical perspectives.
+
+To protect the architecture against horizontal power/electromagnetic (EM) and differential power analysis (DPA) attacks, several countermeasures are embedded in the design [9]. Since these countermeasures require random inputs, HMAC-DRBG is fed by IV to generate these random values.
+
+Since HMAC-DRBG generates random value in a deterministic way, firmware MUST feed different IV to ECC engine for EACH keygen and signing operation.
+
+#### Base point randomization
+
+This countermeasure is achieved using the randomized base point in projective coordinates. Hence, the base point G=(Gx, Gy) in affine coordinates is transformed and randomized to projective coordinates as (X, Y, Z) using a random value as follows:
+
+This approach does not have the performance or area overhead because the architecture is variable-base-point implemented.
+
+#### Scalar blinding
+
+This countermeasure is achieved by randomizing the scalar as follows:
+
+Based on [10], half of the bit size of is required to prevent advanced DPA attacks. Therefore, has 192 bits, and the blinded scalar has 576 bits. Hence, this countermeasure extends the Montgomery ladder iterations due to extended scalar.
+
+This approach is achieved at the cost of 50% more latency on scalar multiplication and adding one lightweight block, including one 32\*32 multiplier and an accumulator.
+
+Note: the length of rand is configurable to have a trade-off between the required protection and performance.
+
+#### Making countermeasures embedded into HMAC\_DRBG
+
+In the first step of the KeyGen operation, the privkey is generated using HMAC\_DRBG by feeding the following two inputs: seed and nonce. To avoid SCA information leakage during this operation, we embed masking countermeasures into the HMAC\_DRBG architecture.
+
+Each round of SHA512 execution needs 6,432 random bits, and one HMAC operation needs at least 4 rounds of SHA512 operations. Furthermore, each HMAC\_DRBG round needs at least 5 rounds of HMAC operations. However, the proposed architecture uses a lightweight LFSR and provides first-order DPA attack protection with negligible latency and hardware resource overhead.
+
+#### ECDSA signing nonce leakage
+
+Generating “S” as the proof of signature at the steps of the signing operation leaks where the hashed message is signed with private key and ephemeral key as follows:
+
+Since the given message is known or the signature part r is known, the attacker can perform a known-plaintext attack. The attacker can sign multiple messages with the same key, or the attacker can observe part of the signature that is generated with multiple messages but the same key.
+
+The evaluation shows that the CPA attack can be performed with a small number of traces, respectively. Thus, an arithmetic masked design for these operations is implemented.
+
+##### Masking signature
+
+This countermeasure is achieved by randomizing the privkey as follows:
+
+Although computation of “S” seems the most vulnerable point in our scheme, the operation does not have a big contribution to overall latency. Hence, masking these operations has low overhead on the cost of the design.
+
+#### Random number generator for SCA countermeasure
+
+The ECC countermeasure requires several random vectors to randomize the intermediate values, as described in the preceding section. HMAC\_DRBG is used to take one random vector of 384-bit (i.e., ECC\_IV register) and to generate the required random vectors for different countermeasures.
+
+The state machine of HMAC\_DRBG utilization is shown in the following figure, including three main states:
+
+1. SCA random generator: Running HMAC\_DRBG with IV and an internal counter to generate the required random vectors.
+2. KEYGEN PRIVKEY: Running HMAC\_DRBG with seed and nonce to generate the privkey in KEYGEN operation.
+3. SIGNING NONCE: Running HMAC\_DRBG based on RFC6979 in SIGNING operation with privkey and hashed\_msg.
+
+*Figure 38: HMAC\_DRBG utilization*
+
+In SCA random generator state:
+
+* This state (in KeyGen operation mode) generates 3 384-bit random vectors for the following: LFSR, base point randomization, and scalar blinding randomization.
+* This state (in signing operation) generates 4 384-bit random vectors for the following: LFSR, base point randomization, scalar blinding, and masking signature randomization.
+* HMAC\_DRBG is initialized with IV and an internal counter. This 64-bit counter enables after reset and zeroization and contains different values depending on when ECC is called.
+* HMAC\_DRBG is enabled by the INIT command. To generate all required vectors, HMAC-DRBG is continued by the NEXT command that increments the built-in counter inside the HMAC-DRBG unit.
+* To initialize the required seed for LFSR, LFSR\_INIT\_SEED is set as a constant by RTL after reset and zeroization. However, this value is updated before enabling HMAC\_DRBG as follows:
+ * In the first execution of HMAC\_DRBG after reset and zeroization, hmac\_lfsr\_seed is equal to LFSR\_INIT\_SEED XORed by internal 64-bit counter.
+ * In the next executions of HMAC\_DRBG, hmac\_lfsr\_seed is equal to HMAC\_DRBG output of the first execution XORed by internal 64-bit counter.
+
+The data flow of the HMAC\_DRBG operation in keygen operation mode is shown in the following figure.
+
+*Figure 39: HMAC\_DRBG data flow*
+
+#### TVLA results
+
+Test vector leakage assessment (TVLA) provides a robust test using a 𝑡-test. This test evaluates the differences between sets of acquisitions to determine if one set of measurement can be distinguished from the other. This technique can detect different types of leakages, providing a clear indication of leakage or lack thereof.
+
+In practice, observing a t-value greater than a specific threshold (mainly 4.5) indicates the presence of leakage. However, in ECC, due to its latency, around 5 million samples are required to be captured. This latency leads to many false positives and the TVLA threshold can be considered a higher value than 4.5. Based on the following figure from “Side-Channel Analysis and Countermeasure Design for Implementation of Curve448 on Cortex-M4” by Bisheh-Niasar et. al., the threshold can be considered equal to 7 in our case.
+
+*Figure 40: TVLA threshold as a function of the number of samples per trace*
+
+##### Keygen TVLA
+
+TODO: provide content for this section
+
+
+##### Signing TVLA
+
+The TVLA results for performing privkey-dependent leakage detection using 20,000 traces is shown in the following figure. Based on this figure, there is no leakage in ECC signing by changing the privkey after 20,000 operations.
+
+*Figure 41: privkey-dependent leakage detection using TVLA for ECC signing after 20,000 traces*
+
+The TVLA results for performing message-dependent leakage detection using 64,000 traces is shown in the following figure. Based on this figure, there is no leakage in ECC signing by changing the message after 64,000 operations.
+
+*Figure 42: Message-dependent leakage detection using TVLA for ECC signing after 64,000 traces*
+
+The point with t-value equal to -40 is mapped to the Montgomery conversion of the message that is a publicly known value (no secret is there). By ignoring those corresponding samples, there are some sparse samples with a t-value greater than 7, as shown in the following table.
+
+| Sample | Duration | Cycle | t-value | Operation |
+| :-------- | :--------- | :-------- | :------ | :---------------------- |
+| 4,746,127 | 214 | 911,381.4 | 11.2 | start of mont_conv(msg) |
+| 4,746,341 | | 911,422.5 | -40 | end of mont_conv(msg) |
+| 4,757,797 | 1 | 913,622.0 | 7.4 | inv_q |
+| 4,768,302 | 1 | 915,639.0 | 7.8 | inv_q |
+| 4,779,610 | 1 | 917,810.1 | -9.1 | inv_q |
+| 4,788,120 | 1 | 919,444.0 | 7.6 | inv_q |
+| 4,813,995 | 1 | 924,412.0 | 7.3 | inv_q |
+| 4,822,693 | 1 | 926,082.1 | 7.5 | inv_q |
+| 4,858,671 | to the end | 932,989.8 | -7.6 | Ended ECC signing |
+
+### Performance
+
+The ECC core performance is reported in the next section.
+
+### Pure hardware architecture
+
+In this architecture, the ECC interface and controller are implemented in hardware. The performance specification of the ECC architecture is reported as shown in the following table.
+
+| Operation | Cycle count \[CCs\] | Time \[ms\] @ 400 MHz | Throughput \[op/s\] |
+| :-------- | :------------------ | :-------------------- | :------------------ |
+| Keygen | 909,648 | 2.274 | 439 |
+| Signing | 932,990 | 2.332 | 428 |
+| Verifying | 1,223,938 | 3.060 | 326 |
+## PCR vault
+
+* Platform Configuration Register (PCR) vault is a register file that stores measurements to be used by the microcontroller.
+* PCR entries are read-only registers of 384 bits each.
+* Control bits allow for entries to be cleared by FW, which sets their values back to 0.
+* A lock bit can be set by FW to prevent the entry from being cleared. The lock bit is sticky and only resets on a powergood cycle.
+
+| PCRV register | Address Offset | Description |
+| :---------------------------------| :------------- | :----------------------------- |
+| PCR Control\[31:0\] | 0x1001a000 | 32 Control registers, 32 bits each |
+| PCR Entry\[31:0\]\[11:0\]\[31:0\] | 0x1001a600 | 32 PCR entries, 384 bits each |
+
+### PCR vault functional block
+
+PCR entries are hash extended using a hash extension function. The hash extension function takes the data currently in the PCR entry specified, concatenates data provided by the FW, and performs a SHA384 function on that data, storing the result back into the same PCR entry.
+
+### PCR hash extend function
+
+FW provides the PCR entry to use as source and destination of the hash extend. HW copies the PCR into the start of the SHA block and locks those dwords from FW access. FW then provides the new data, and runs the SHA function as usual. After initialization, the locked dwords are unlocked.
+
+FW must set a last cycle flag before running the last iteration of the SHA engine. This could be the first “init” cycle, or the Nth “next” cycle. This flag allows HW to copy the final resulting hash output back to the source PCR.
+
+### PCR signing
+
+* PCR signing uses the key in key slot index 7 for PCR signing
+* HW implements a HW function called GEN\_PCR\_HASH
+ * HW reads all the PCRs from all the PCR slots and hash extends them along with the NONCE that Caliptra FW provides
+ * PCR Hash = Hash(PCR[0], …, PCR[31], Nonce)
+* HW also implements a HW function called SIGN\_PCR. This function takes the PCR digest that was generated by the previous routine and signs it using the key in key slot 7, following the same ECC sign flow defined in the [ECC](#ecc) section.
+ * The resulting PCR DIGEST is used only once for signing by the HW. If a new PCR signing is required, GEN\_PCR\_HASH needs to be redone.
+
+## Key vault
+
+Key Vault (KV) is a register file that stores the keys to be used by the microcontroller, but this register file is not observed by the microcontroller. Each cryptographic function has a control register and functional block designed to read from and write to the KV.
+
+| KV register | Description |
+| :------------------------------- | :------------------------------------------------------- |
+| Key Control\[7:0\] | 8 Control registers, 32 bits each |
+| Key Entry\[7:0\]\[15:0\]\[31:0\] | 8 Key entries, 512 bits each
No read or write access |
+
+### Key vault functional block
+
+Keys and measurements are stored in 512b register files. These have no read or write path from the microcontroller. The entries are read through a passive read mux driven by each cryptographic block. Locked entries return zeroes.
+
+Entries in the KV must be cleared via control register, or by de-assertion of pwrgood.
+
+Each entry has a control register that is writable by the microcontroller.
+
+The destination valid field is programmed by FW in the cryptographic block generating the key, and it is passed here at generation time. This field cannot be modified after the key is generated and stored in the KV.
+
+| KV Entry Ctrl Fields | Reset | Description |
+|---------------------------|-------------------|------------------------|
+| Lock wr\[0\] | core_only_rst_b | Setting the lock wr field prevents the entry from being written by the microcontroller. Keys are always locked. After a lock is set, it cannot be reset until cptra_rst_b is de-asserted. |
+| Lock use\[1\] | core_only_rst_b | Setting the lock use field prevents the entry from being used in any cryptographic blocks. After the lock is set, it cannot be reset until cptra_rst_b is de-asserted. |
+| Clear\[2\] | cptra_rst_b | If unlocked, setting the clear bit causes KV to clear the associated entry. The clear bit is reset after entry is cleared. |
+| Copy\[3\] | cptra_rst_b | ENHANCEMENT: Setting the copy bit causes KV to copy the key to the entry written to Copy Dest field. |
+| Copy Dest\[8:4\] | cptra_rst_b | ENHANCEMENT: Destination entry for the copy function. |
+| Dest_valid\[16:9\] | hard_reset_b | KV entry can be used with the associated cryptographic block if the appropriate index is set.
\[0\] - HMAC KEY
\[1\] - HMAC BLOCK
\[2\] - SHA BLOCK
\[2\] - ECC PRIVKEY
\[3\] - ECC SEED
\[7:5\] - RSVD |
+| last_dword\[20:19\] | hard_reset_b | Store the offset of the last valid dword, used to indicate the last cycle for read operations. |
+
+### Key vault cryptographic functional block
+
+A generic block is instantiated in each cryptographic block to enable access to KV.
+
+Each input to a cryptographic engine can have a key vault read block associated with it. The KV read block takes in a keyvault read control register that drives an FSM to copy an entry from the keyvault into the appropriate input register of the cryptographic engine.
+
+Each output generated by a cryptographic engine can have its result copied to a slot in the keyvault. The KV write block takes in a keyvault write control register. This register drives an FSM to copy the result from the cryptographic engine into the appropriate keyvault entry. It also programs a control field for that entry to indicate where that entry can be used.
+
+After programming the key vault read control, FW needs to query the associated key vault read status to confirm that the requested key was copied successfully. After valid is set and the error field reports success, the key is ready to be used.
+
+Similarly, after programming the key vault write control and initiating the cryptographic function that generates the key to be written, FW needs to query the associated key vault write status to confirm that the requested key was generated and written successfully.
+
+The following tables describe read, write, and status values for key vault blocks.
+
+| KV Read Ctrl Reg | Description |
+| :------------------- | :------------------------------------------------------------------------------------------------------------------------------------- |
+| read_en\[0\] | Indicates that the read data is to come from the key vault. Setting this bit to 1 initiates copying of data from the key vault. |
+| read_entry\[5:1\] | Key vault entry to retrieve the read data from the engine. |
+| pcr_hash_extend\[6\] | Requested entry is a PCR. This is used only for the SHA engine to hash extend. It is not functional in any other cryptographic engine. |
+| rsvd\[31:7\] | Reserved field |
+
+| KV Write Ctrl Reg | Description |
+| :------------------------- | :------------------------------------------------------------------------------------------------------------------------------------- |
+| write_en\[0\] | Indicates that the result is to be stored in the key vault. Setting this bit to 1 copies the result to the key vault when it is ready. |
+| write_entry\[5:1\] | Key vault entry to store the result. |
+| hmac_key_dest_valid\[6\] | HMAC KEY is a valid destination. |
+| hmac_block_dest_valid\[7\] | HMAC BLOCK is a valid destination. |
+| sha_block_dest_valid\[8\] | SHA BLOCK is a valid destination. |
+| ecc_pkey_dest_valid\[9\] | ECC PKEY is a valid destination. |
+| ecc_seed_dest_valid\[10\] | ECC SEED is a valid destination. |
+| rsvd\[31:11\] | Reserved field |
+
+| KV Status Reg | Description |
+| :------------ | :---------------------------------------------------------------------------------------------------------------------------------------------- |
+| ready\[0\] | Key vault control is idle and ready for a command. |
+| valid\[1\] | Requested flow is done. |
+| error\[9:2\] | SUCCESS - 0x0 - Key Vault flow was successful
KV_READ_FAIL - 0x1 - Key Vault Read flow failed
KV_WRITE_FAIL - 0x2 - Key Vault Write flow failed |
+
+### De-obfuscation engine
+
+To protect software intellectual property from different attacks and, particularly, for thwarting an array of supply chain threats, code obfuscation is employed. Hence, the de-obfuscation engine is implemented to decrypt the code.
+
+Advanced Encryption Standard (AES) is used as a de-obfuscation function to encrypt and decrypt data [4]. The hardware implementation is based on[ Secworks/aes](https://github.com/secworks/aes) [1]. The implementation supports the two variants: 128- and 256-bit keys with a block/chunk size of 128 bits.
+
+The AES algorithm is described as follows:
+
+* The key is fed to an AES core to compute and initialize the round key
+* The message is broken into 128-bit chunks by the host
+* For each chunk:
+ * The message is fed to the AES core
+ * The AES core and its working mode (enc/dec) are triggered by the host
+ * The AES core status is changed to ready after encryption or decryption processing
+* The result digest can be read before processing the next message chunks
+
+
+### Key vault de-obfuscation block operation
+
+A de-obfuscation engine (DOE) is used in conjunction with AES cryptography to de-obfuscate the UDS and field entropy.
+
+1. The obfuscation key is driven to the AES key. The data to be decrypted (either obfuscated UDS or obfuscated field entropy) is fed into the AES data.
+2. An FSM manually drives the AES engine and writes the decrypted data back to the key vault.
+3. FW programs the DOE with the requested function (UDS or field entropy de-obfuscation), and the destination for the result.
+4. After de-obfuscation is complete, FW can clear out the UDS and field entropy values from any flops until cptra\_pwrgood de-assertion.
+
+The following tables describe DOE register and control fields.
+
+| DOE Register | Address | Description |
+| :----------- | :--------- | :----------------------------------------------------------------------------------------------------------------------------- |
+| IV | 0x10000000 | 128 bit IV for DOE flow. Stored in big-endian representation. |
+| CTRL | 0x10000010 | Controls for DOE flows. |
+| STATUS | 0x10000014 | Valid indicates the command is done and results are stored in keyvault. Ready indicates the core is ready for another command. |
+
+| DOE Ctrl Fields | Reset | Description |
+| :--------------- | :----------- | :------------------------------------------------------------------------------------------------------------------------------------------- |
+| COMMAND\[1:0\] | Cptra_rst_b | 2’b00 Idle
2’b01 Run UDS flow
2’b10 Run FE flow
2’b11 Clear Obf Secrets |
+| DEST\[4:2\] | Cptra_rst_b | Destination register for the result of the de-obfuscation flow. Field entropy writes into DEST and DEST+1
Key entry only, can’t go to PCR . |
+
+### Key vault de-obfuscation flow
+
+1. ROM loads IV into DOE. ROM writes to the DOE control register the destination for the de-obfuscated result and sets the appropriate bit to run UDS and/or the field entropy flow.
+2. DOE state machine takes over and loads the Caliptra obfuscation key into the key register.
+3. Next, either the obfuscated UDS or field entropy are loaded into the block register 4 DWORDS at a time.
+4. Results are written to the KV entry specified in the DEST field of the DOE control register.
+5. State machine resets the appropriate RUN bit when the de-obfuscated key is written to KV. FW can poll this register to know when the flow is complete.
+6. The clear obf secrets command flushes the obfuscation key, the obfuscated UDS, and the field entropy from the internal flops. This should be done by ROM after both de-obfuscation flows are complete.
+
+## Data vault
+
+Data vault is a set of generic scratch pad registers with specific lock functionality and clearable on cold and warm resets.
+
+* 48B scratchpad registers that are lockable but cleared on cold reset (10 registers)
+* 48B scratchpad registers that are lockable but cleared on warm reset (10 registers)
+* 4B scratchpad registers that are lockable but cleared on cold reset (8 registers)
+* 4B scratchpad registers that are lockable but cleared on warm reset (10 registers)
+* 4B scratchpad registers that are cleared on warm reset (8 registers)
+
+## Cryptographic blocks fatal and non-fatal errors
+
+The following table describes cryptographic errors.
+
+| Errors | Error type | Description |
+| :--------- | :----------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| ECC_R_ZERO | HW_ERROR_NON_FATAL | Indicates a non-fatal error in ECC signing if the computed signature R is equal to 0. FW should change the message or privkey to perform a valid signing. |
+
+# Terminology
+
+The following terminology is used in this document.
+
+| Abbreviation | Description |
+| :----------- | :--------------------------------------------- |
+| AES | Advanced Encryption Standard |
+| BMC | Baseboard Management Controller |
+| CA | Certificate Authority |
+| CDI | Composite Device Identifier |
+| CPU | Central Processing Unit |
+| CRL | Certificate Revocation List |
+| CSR | Certificate Signing Request |
+| CSP | Critical Security Parameter |
+| DICE | Device Identifier Composition Engine |
+| DME | Device Manufacturer Endorsement |
+| DPA | Differential Power Analysis |
+| DRBG | Deterministic Random Bit Generator |
+| DWORD | 32-bit (4-byte) data element |
+| ECDSA | Elliptic Curve Digital Signature Algorithm |
+| FMC | FW First Mutable Code |
+| FSM | Finite State Machine |
+| GPU | Graphics Processing Unit |
+| HMAC | Hash-based message authentication code |
+| IDevId | Initial Device Identifier |
+| iRoT | Internal RoT |
+| IV | Initial Vector |
+| KAT | Known Answer Test |
+| KDF | Key Derivation Function |
+| LDevId | Locally Significant Device Identifier |
+| MCTP | Management Component Transport Protocol |
+| NIC | Network Interface Card |
+| NIST | National Institute of Standards and technology |
+| OCP | Open Compute Project |
+| OTP | One-time programmable |
+| PCR | Platform Configuration Register |
+| PKI | Public Key infrastructure |
+| PUF | Physically unclonable function |
+| RNG | Random Number Generator |
+| RoT | Root of Trust |
+| RTI | RoT for Identity |
+| RTM | RoT for Measurement |
+| RTR | RoT for Reporting |
+| SCA | Side-Channel Analysis |
+| SHA | Secure Hash Algorithm |
+| SoC | System on Chip |
+| SPA | Simple Power Analysis |
+| SPDM | Security Protocol and Data Model |
+| SSD | Solid State Drive |
+| TCB | Trusted Computing Base |
+| TCI | TCB Component Identifier |
+| TCG | Trusted Computing Group |
+| TEE | Trusted Execution Environment |
+| TRNG | True Random Number Generator |
+| UECC | Uncorrectable Error Correction Code |
+
+# References
+
+1. J. Strömbergson, "Secworks," \[Online\]. Available at https://github.com/secworks.
+2. NIST, Federal Information Processing Standards Publication (FIPS PUB) 180-4 Secure Hash Standard (SHS).
+3. OpenSSL \[Online\]. Available at https://www.openssl.org/docs/man3.0/man3/SHA512.html.
+4. N. W. Group, RFC 3394, Advanced Encryption Standard (AES) Key Wrap Algorithm, 2002.
+5. NIST, Federal Information Processing Standards Publication (FIPS) 198-1, The Keyed-Hash Message Authentication Code, 2008.
+6. N. W. Group, RFC 4868, Using HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 with IPsec, 2007.
+7. RFC 6979, Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA), 2013.
+8. TCG, Hardware Requirements for a Device Identifier Composition Engine, 2018.
+9. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Ko¸c, C¸ .K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302.
+10. Schindler, W., Wiemers, A.: Efficient side-channel attacks on scalar blinding on elliptic curves with special structure. In: NISTWorkshop on ECC Standards (2015).
+11. National Institute of Standards and Technology, "Digital Signature Standard (DSS)", Federal Information Processing Standards Publication (FIPS PUB) 186-4, July 2013.
+12. NIST SP 800-90A, Rev 1: "Recommendation for Random Number Generation Using Deterministic Random Bit Generators", 2012. |
+13. CHIPS Alliance, “RISC-V VeeR EL2 Programmer’s Reference Manual” \[Online\] Available at https://github.com/chipsalliance/Cores-VeeR-EL2/blob/main/docs/RISC-V_VeeR_EL2_PRM.pdf.
+14. “The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Document Version 20191213”, Editors Andrew Waterman and Krste Asanovi ́c, RISC-V Foundation, December 2019. Available at https://riscv.org/technical/specifications/.
+15. “The RISC-V Instruction Set Manual, Volume II: Privileged Architecture, Document Version 20211203”, Editors Andrew Waterman, Krste Asanovi ́c, and John Hauser, RISC-V International, December 2021. Available at https://riscv.org/technical/specifications/.
+
+[1] _Caliptra.** **Spanish for “root cap” and describes the deepest part of the root_
diff --git a/docs/CaliptraIntegrationSpecification.md b/docs/CaliptraIntegrationSpecification.md
new file mode 100644
index 000000000..e270db4e3
--- /dev/null
+++ b/docs/CaliptraIntegrationSpecification.md
@@ -0,0 +1,898 @@
+
+
+Caliptra Integration Specification
+
+Version 1.0-rc1
+
+
+
+# Scope
+
+This document describes the Caliptra hardware implementation requirements, details, and release notes. This document is intended for a high-level overview of the IP used in Caliptra.
+
+This document is not intended for any micro-architectural design specifications. Detailed information on each of the IP components are shared in individual documents, where applicable.
+
+# Overview
+
+This document contains high level information on the Caliptra hardware design. The details include open-source IP information, configuration settings for open-source IP (if applicable), and IP written specifically for Caliptra.
+
+For more information, see[ Caliptra: A Datacenter System on a Chip (SoC) Root of Trust (RoT)](https://chipsalliance.github.io/Caliptra/doc/Caliptra.html).
+
+## References and related specifications
+
+The blocks described in this document are either obtained from open-source GitHub repositories, developed from scratch, or modification of open-source implementations. Links to relevant documentation and GitHub sources are shared in the following table.
+
+*Table 1: Related specifications*
+
+| IP/Block | GitHub URL | Documentation | Link |
+| :--------- | :--------- | :--------- |:--------- |
+| Cores-VeeR | [GitHub - chipsalliance/Cores-VeeR-EL2](https://github.com/chipsalliance/Cores-VeeR-EL2) | VeeR EL2 Programmer’s Reference Manual | [chipsalliance/Cores-VeeR-EL2 · GitHubPDF](http://cores-swerv-el2/RISC-V_SweRV_EL2_PRM.pdf%20at%20master%20%C2%B7) |
+| AHB Lite Bus | [aignacio/ahb_lite_bus: AHB Bus lite v3.0 (github.com)](https://github.com/aignacio/ahb_lite_bus) | AHB Lite Protocol
[Figure 2: SoC interface block diagram](#soc-interface-definition) | [ahb_lite_bus/docs at master · aignacio/ahb_lite_bus (github.com)](https://github.com/aignacio/ahb_lite_bus/tree/master/docs)
[ahb_lite_bus/diagram_ahb_bus.png at master · aignacio/ahb_lite_bus (github.com)](https://github.com/aignacio/ahb_lite_bus/blob/master/diagram_ahb_bus.png) |
+| SHA 256 | [secworks/sha256: Hardware implementation of the SHA-256 cryptographic hash function (github.com)](https://github.com/secworks/sha256) | | |
+| SHA 512 | | | |
+| SPI Controller | | | |
+
+# Caliptra Core
+
+The following figure shows the Caliptra Core.
+
+*Figure 1: Caliptra block diagram*
+
+
+
+## Boot Media Dependent (passive) vs Boot Media Integrated (active) profile
+
+In the BMD profile, QSPI and I3C IO peripherals are disabled using integration-time defines passed to the hardware, which are also exposed to ROM. Peripheral IOs can be tied off appropriately for the BMD profile at SoC integration time. For more information on the BMD vs. BMI profile differences, see the boot flows in [Caliptra profiles](https://chipsalliance.github.io/Caliptra/doc/Caliptra.html#caliptra-profiles). Only the BMD profile is supported for the first generation release of Caliptra.
+
+# SoC interface definition
+
+The following figure shows the SoC interface definition.
+
+*Figure 2: SoC Interface Block Diagram*
+
+
+
+## Integration parameters
+
+The following table describes integration parameters.
+
+*Table 2: Integration parameters*
+
+| **Parameter name** | **Width** | **Defines file** | **Description** |
+| :--------- | :--------- | :--------- | :--------- |
+| CPTRA_SET_MBOX_PAUSER_INTEG | 5 | soc_ifc_pkg.sv | Each bit hardcodes the valid PAUSER for mailbox at integration time. |
+| CPTRA_MBOX_VALID_PAUSER | \[4:0\]\[31:0\] | soc_ifc_pkg.sv | Each parameter corresponds to a hardcoded valid PAUSER value for mailbox, set at integration time. Must set corresponding bit in the CPTRA_SET_MBOX_PAUSER_INTEG parameter for this valid pauser override to be used. |
+| CPTRA_DEF_MBOX_VALID_PAUSER | 32 | soc_ifc_pkg.sv | Sets the default valid PAUSER for mailbox accesses. This PAUSER is valid when any VALID_PAUSER is unlocked or not set by INTEG parameter. |
+| CPTRA_SET_FUSE_PAUSER_INTEG | 1 | soc_ifc_pkg.sv | Sets the valid PAUSER for fuse accesses at integration time. |
+| CPTRA_FUSE_VALID_PAUSER | 32 | soc_ifc_pkg.sv | Overrides the programmable valid PAUSER for fuse accesses when CPTRA_SET_FUSE_PAUSER_INTEG is set to 1. |
+
+*Table 3: Integration Defines*
+
+| **Defines** | **Defines file** | **Description** |
+| :--------- | :--------- | :--------- |
+| CALIPTRA_APB_ADDR_WIDTH | config_defines.svh | Width of the APB Address field. Default to 32. |
+| CALIPTRA_APB_DATA_WIDTH | config_defines.svh | Width of the APB Data field. Default to 32. |
+| CALIPTRA_APB_USER_WIDTH | config_defines.svh | Width of the APB PAUSER field. |
+| CALIPTRA_INTERNAL_TRNG | config_defines.svh | Defining this enables the internal TRNG source. |
+| CALIPTRA_INTERNAL_UART | config_defines.svh | Defining this enables the internal UART. |
+| CALIPTRA_INTERNAL_QSPI | config_defines.svh | Defining this enables the internal QSPI. |
+
+## Interface
+
+The following tables describe the interface signals.
+
+*Table 4: Clocks and resets*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description|
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| cptra_pwrgood | 1 | Input | Asynchronous Assertion
Synchronous deassertion to clk | Active high power good indicator.
Deassertion hard resets Caliptra. |
+| cptra_rst_b | 1 | Input | Asynchronous Assertion
Synchronous deassertion to clk | Active low asynchronous reset. |
+| clk | 1 | Input | | Convergence and validation done at 400MHz. All other frequencies are up to the user. |
+
+*Table 5: APB Interface*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| PADDR | 32 | Input | Synchronous to clk | Address bus |
+| PPROT | 3 | Input | Synchronous to clk | Protection level |
+| PSEL | 1 | Input | Synchronous to clk | Select line |
+| PENABLE | 1 | Input | Synchronous to clk | Indicates the second and subsequent cycles. |
+| PWRITE | 1 | Input | Synchronous to clk | Indicates transfer is a write when high or a read when low. |
+| PWDATA | 32 | Input | Synchronous to clk | Write data bus |
+| PAUSER | APB_USER_REQ_WIDTH | Input | Synchronous to clk | Sideband signal indicating requestor ID for transfer. |
+| PREADY | 1 | Output | Synchronous to clk | Used to extend an APB transfer by completer. |
+| PRDATA | 32 | Output | Synchronous to clk | Read data bus |
+| PSLVERR | 1 | Output | Synchronous to clk | Transfer error |
+
+*Table 6: QSPI signals*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| qspi_clk_o | 1 | Output | | QSPI clock |
+| qspi_cs_no | 2 | Output | Synchronous to qspi_clk_o | QSPI chip select |
+| qspi_d_i | 4 | Input | Synchronous to qspi_clk_o | QSPI data lanes for receiving data. |
+| qspi_d_o | 4 | Output | Synchronous to qspi_clk_o | QSPI data output lanes for sending opcode and address. |
+| qspi_d_en_o | 4 | Output | Synchronous to qspi_clk_o | QSPI enable pins to control data direction. |
+
+*Table 7: Mailbox notifications*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| ready_for_fuses | 1 | Output | Synchronous to clk | Indicates that Caliptra is ready for fuse programming. |
+| ready_for_fw_push | 1 | Output | Synchronous to clk | Indicates that Caliptra is ready for firmware. |
+| ready_for_runtime | 1 | Output | Synchronous to clk | Indicates that Caliptra firmware is ready for RT flow. |
+| mailbox_data_avail | 1 | Output | Synchronous to clk | Indicates that the mailbox has data for SoC to read (reflects the value of the register). |
+| mailbox_flow_done | 1 | Output | Synchronous to clk | Indicates that the mailbox flow is complete (reflects the value of the register). |
+
+*Table 8: SRAM interface*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| mbox_sram_cs | 1 | Output | Synchronous to clk | Chip select for mbox SRAM |
+| mbox_sram_we | 1 | Output | Synchronous to clk | Write enable for mbox SRAM |
+| mbox_sram_addr | MBOX_ADDR_W | Output | Synchronous to clk | Addr lines for mbox SRAM |
+| mbox_sram_wdata | MBOX_DATA_W | Output | Synchronous to clk | Write data for mbox SRAM |
+| mbox_sram_rdata | MBOX_DATA_W | Input | Synchronous to clk | Read data for mbox SRAM |
+| imem_cs | 1 | Output | Synchronous to clk | Chip select for imem SROM |
+| imem_addr | IMEM_ADDR_WIDTH | Output | Synchronous to clk | Addr lines for imem SROM |
+| imem_rdata | IMEM_DATA_WIDTH | Input | Synchronous to clk | Read data for imem SROM |
+| iccm_clken | ICCM_NUM_BANKS | Input | Synchronous to clk | Per-bank clock enable |
+| iccm_wren_bank | ICCM_NUM_BANKS | Input | Synchronous to clk | Per-bank write enable |
+| iccm_addr_bank | ICCM_NUM_BANKS x (ICCM_BITS-4) | Input | Synchronous to clk | Per-bank address |
+| iccm_bank_wr_data | ICCM_NUM_BANKS x 39 | Input | Synchronous to clk | Per-bank input data |
+| iccm_bank_dout | ICCM_NUM_BANKS x 39 | Output | Synchronous to clk | Per-bank output data |
+| dccm_clken | DCCM_NUM_BANKS | Input | Synchronous to clk | Per-bank clock enable |
+| dccm_wren_bank | DCCM_NUM_BANKS | Input | Synchronous to clk | Per-bank write enable |
+| dccm_addr_bank | DCCM_NUM_BANKS x (DCCM_BITS-4) | Input | Synchronous to clk | Per-bank address |
+| dccm_wr_data_bank | DCCM_NUM_BANKS x DCCM_FDATA_WIDTH | Input | Synchronous to clk | Per-bank input data |
+| dccm_bank_dout | DCCM_NUM_BANKS x DCCM_FDATA_WIDTH | Output | Synchronous to clk | Per-bank output data |
+
+*Table 9: JTAG interface*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| jtag_tck | 1 | input | | |
+| jtag_tms | 1 | input | Synchronous to tck | |
+| jtag_tdi | 1 | input | Synchronous to tck | |
+| jtag_trst_n | 1 | input | Async Deassertion
Assertion Synchronous to tck | |
+| jtag_tdo | 1 | output | Synchronous to tck | |
+
+*Table 10: UART interface*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| uart_tx | 1 | output | | UART transmit pin |
+| uart_rx | 1 | input | | UART receive pin |
+
+*Table 11: Security and miscellaneous*
+
+| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :--------- | :--------- | :--------- | :--------- | :--------- |
+| CPTRA_OBF_KEY | 256 | Input Strap | Asynchronous | Obfuscation key is driven by SoC at integration time. Ideally this occurs just before tape-in and the knowledge of this key must be protected unless PUF is driving this. The key is latched by Caliptra on caliptra powergood deassertion. It is cleared after its use and can only re-latched on a power cycle (powergood deassertion to assertion). |
+| SECURITY_STATE | 3 | Input Strap | Synchronous to clk | Security state that Caliptra should take (for example, manufacturing, secure, unsecure, etc.). The key is latched by Caliptra on cptra_noncore_rst_b deassertion. Any time the state changes to debug mode, all keys, assets, and secrets stored in fuses or key vault are cleared. Cryptography core states are also flushed if they were being used. |
+| scan_mode | 1 | Input Strap | Synchronous to clk | Must be set before entering scan mode. This is a separate signal than the scan chain enable signal that goes into scan cells. This allows Caliptra to flush any assets or secrets present in key vault and flops if the transition is happening from a secure state. |
+| GENERIC_INPUT_WIRES | 64 | Input | Synchronous to clk | Placeholder of input wires for late binding features. These values are reflected into registers that are exposed to firmware. |
+| GENERIC_OUTPUT_WIRES | 64 | Output | Synchronous to clk | Placeholder of output wires for late binding features. Firmware can set the wires appropriately via register writes. |
+| CALIPTRA_ERROR_FATAL | 1 | Output | Synchronous to clk | Indicates a fatal error from Caliptra. |
+| CALIPTRA_ERROR_NON_FATAL | 1 | Output | Synchronous to clk | Indicates a non fatal error from Caliptra. |
+| BootFSM_BrkPoint | 1 | Input Strap | Asynchronous | Stops the BootFSM to allow TAP writes set up behavior. Examples of these behaviors are skipping or running ROM flows, or stepping through BootFSM. |
+| eTRNG_REQ | 1 | Output | Synchronous to clk | External source mode: TRNG_REQ to SoC. SoC writes to TRNG architectural registers with a NIST-compliant entropy.
Internal source mode: TRNG_REQ to SoC. SoC enables external RNG digital bitstream input into iTRNG_DATA/iTRNG_VALID. |
+| iTRNG_DATA | 4 | Input | Synchronous to clk | External source mode: Not used.
Internal source mode only: RNG digital bit stream from SoC, which is sampled when iTRNG_VALID is high. |
+| iTRNG_VALID | 1 | Input | Synchronous to clk | External source mode: Not used.
Internal source mode only: RNG bit valid. This is valid per transaction. TRNG_DATA can be sampled whenever this bit is high. The expected iTRNG_VALID output rate is about 50KHz. |
+
+## Architectural registers and fuses
+
+Control registers and fuses are documented on GitHub.
+
+* External Registers: [caliptra\_top\_reg — caliptra\_top\_reg Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/external-regs/?p=)
+* Internal Registers - [clp — clp Reference (chipsalliance.github.io)](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=)
+
+## Fuses
+
+Fuses are writable only one time and require a cptra\_pwrgood to be recycled to be written again.
+
+After all fuses are written, the fuse done register at the end of the fuse address space must be set to 1 to lock the fuse writes and to proceed with the boot flow.
+
+Although fuse values (and the fuse done register) persist across a warm reset, SoC is still required to perform a write to the fuse done register while in the BOOT\_FUSE state in order to complete the bringup from reset. See 6.1 Boot FSM for further details.
+
+## Interface rules
+
+The following figure shows the reset rules and timing.
+
+*Figure 3: Reset rules and timing diagram*
+
+
+
+Deassertion of cptra\_pwrgood indicates a power cycle that results in returning Caliptra to its default state. All resettable flops are reset.
+
+De-assertion of cptra\_rst\_b indicates a warm reset cycle that resets all but the “sticky” registers (fuses, error logging, etc.).
+
+### APB arbitration
+
+Caliptra is a client on the APB bus, incapable of initiating transfers. If SoCs have multiple APBs or other proprietary-fabric protocols that require any special fabric arbitration, that arbitration is done at SoC level.
+
+### Undefined address accesses
+
+All accesses that are outside of the defined address space of Caliptra are responded to by Caliptra’s SoC interface:
+* All reads to undefined addresses get completions with zero data.
+* All writes to undefined addresses are dropped.
+* All other undefined opcodes are silently dropped.
+* Access to mailbox memory region with invalid PAUSER are dropped.
+* Access to a fuse with invalid PAUSER are dropped.
+* PSLVERR is asserted for any of the above conditions.
+
+All accesses must be 32-bit aligned. Misaligned writes are dropped and reads return 0x0.
+
+### Undefined mailbox usages
+
+A trusted/valid requester that locks the mailbox and never releases the lock will cause the mailbox to be locked indefinitely.
+
+Caliptra firmware internally has the capability to force release the mailbox based on various timers but there is no architectural requirement to use this capability.
+
+### Straps
+
+Straps are signal inputs to Caliptra that are sampled once on reset exit, and the latched value persists throughout the remaining uptime of the system. Straps are sampled on either caliptra pwrgood signal deassertion or cptra\_noncore\_rst\_b deassertion – refer to interface table for list of straps.
+
+### Deobfuscation key
+
+SoC drives the key at the tape-in time of the SoC using an Engineering Change Order (ECO) and must be protected from common knowledge. For a given SoC construction, this can be driven using a PUF too.
+
+The key must follow the security rules defined in the[ Caliptra architectural specification](https://chipsalliance.github.io/Caliptra/doc/Caliptra.html).
+
+SoC must ensure that there are no SCAN cells on the flops that latch this key internally to Caliptra.
+
+## Late binding interface signals
+
+The interface signals GENERIC\_INPUT\_WIRES and GENERIC\_OUTPUT\_WIRES are placeholders on the SoC interface reserved for late binding features. This may include any feature that is required for correct operation of the design in the final integrated SoC and that may not be accommodated through existing interface signaling (such as the mailbox).
+
+While these late binding interface pins are generic in nature until assigned a function, integrators must not define non-standard use cases for these pins. Defining standard use cases ensures that the security posture of Caliptra in the final implementation is not degraded relative to the consortium design intent.
+
+Each wire connects to a register in the SoC Interface register bank through which communication to the internal microprocessor may be facilitated. Each signal is 64 bits in size.
+
+Activity on any bit of the GENERIC\_INPUT\_WIRES triggers a notification interrupt to the microcontroller indicating a bit toggle.
+
+The following table describes the allocation of functionality on GENERIC\_INPUT\_WIRES.
+
+*Table 12: GENERIC\_INPUT\_WIRES function binding*
+
+| Bit | Name | Description |
+| :--------- | :--------- | :--------- |
+| 0 | Zeroization status | Used by SoC to provide zeroization status of fuses. |
+| 63:1 | RESERVED | No allocated function. |
+
+# SoC interface operation
+
+The Caliptra mailbox is the primary communication method between Caliptra and the SoC that Caliptra is integrated into.
+
+The Caliptra mailbox uses an APB interface to communicate with the SoC. The SoC can write to and read from various memory mapped register locations over the APB interface in order to pass information to Caliptra.
+
+Caliptra in turn also uses the mailbox to pass information back to the SoC. The interface does not author any transaction on the APB interface. The interface only signals to the SoC that data is available in the mailbox and it is the responsibility of the SoC to read that data from the mailbox.
+
+## Boot FSM
+
+The Boot FSM detects that the SoC is bringing Caliptra out of reset. Part of this flow involves signaling to the SoC that Caliptra is ready for fuses. After fuses are populated and the SoC indicates that it is done downloading fuses, Caliptra can wake up the rest of the IP by deasserting the internal reset. The following figure shows the boot FSM state.
+
+*Figure 4: Mailbox Boot FSM state diagram*
+
+
+
+The boot FSM first waits for the SoC to assert cptra\_pwrgood and de-assert cptra\_rst\_b. In the BOOT\_FUSE state, Caliptra signals to the SoC that it is ready for fuses. After the SoC is done writing fuses, it sets the fuse done register and the FSM advances to BOOT\_DONE.
+
+BOOT\_DONE enables Caliptra reset deassertion through a two flip-flop synchronizer.
+
+## SoC access mechanism
+
+The SoC communicates with the mailbox through an APB Interface. The SoC acts as the requester with the Caliptra mailbox as the receiver.
+
+The PAUSER bits are used by the SoC to identify which device is accessing the mailbox.
+
+## Mailbox
+
+The Caliptra mailbox is a 128 KiB buffer used for exchanging data between the SoC and the Caliptra microcontroller.
+
+When a mailbox is populated by the SoC, initiation of the operation by writing the execute bit triggers an interrupt to the microcontroller. This interrupt indicates that a command is available in the mailbox. The microcontroller is responsible for reading from and responding to the command.
+
+When a mailbox is populated by the microcontroller, an output wire to the SoC indicates that a command is available in the mailbox. The SoC is responsible for reading from and responding to the command.
+
+Mailboxes are generic data-passing structures with a specific protocol that defines legal operations. This protocol for writing to and reading from the mailbox is enforced in hardware as described in the [Caliptra mailbox errors](#caliptra-mailbox-errors) section. How the command and data are interpreted by the microcontroller and SoC are not enforced in this specification. \
+
+## Sender Protocol
+
+**Sending data to the mailbox:**
+
+1. Requester queries the mailbox by reading the LOCK control register.
+ 1. If LOCK returns 0, LOCK is granted and will be set to 1.
+ 2. If LOCK returns 1, MBOX is locked for another device.
+2. Requester writes the command to the COMMAND register.
+3. Requester writes the data length in bytes to the DLEN register.
+4. Requester writes data packets to the MBOX DATAIN register.
+5. Requester writes to the EXECUTE register.
+6. Requester reads the STATUS register. Status can return:
+ 1. CMD\_BUSY - 2’b00 – Indicates the requested command is still in progress
+ 2. DATA\_READY - 2’b01 – Indicates the return data is in the mailbox for requested command
+ 3. CMD\_COMPLETE- 2’b10 – Indicates the successful completion of the requested command
+ 4. CMD\_FAILURE- 2’b11 – Indicates the requested command failed
+7. Requester reads the response if DATA\_READY was the status.
+8. Requester resets the EXECUTE register to release the lock.
+
+**Notes on behavior:**
+
+Once LOCK is granted, the mailbox is locked until that device has concluded its operation. Caliptra has access to an internal mechanism to terminate a lock early or release the lock if the device does not proceed to use it or to recover from deadlock scenarios. The following figure shows the sender protocol flow.
+
+*Figure 5: Sender protocol flow chart*
+
+
+
+## Receiver Protocol
+
+Upon receiving indication that mailbox has been populated, the appropriate device can read the mailbox. This is indicated by a dedicated wire that is asserted when Caliptra populates the mailbox for SoC consumption.
+
+Caliptra will not initiate any mailbox commands that require a response from the SoC. Caliptra initiated mailbox commands are “broadcast” and available to any user on the SoC. SoC will not be able to write the DLEN or DATAIN register while processing a Caliptra initiated mailbox command.
+
+**Receiving data from the mailbox:**
+1. On mailbox\_data\_avail assertion, the receiver reads the COMMAND register.
+2. Receiver reads the DLEN register.
+3. Receiver reads the CMD register.
+4. Receiver reads the MBOX DATAOUT register.
+ * Continue reading MBOX DATAOUT register until DLEN bytes are read.
+5. If a response is required, the receiver can populate the mailbox with the response by updating the DLEN register and writing to DATAIN with the response. (NOTE: The new DLEN value will not take effect until control is returned to the sender via write to the status register).
+6. Set the mailbox status register appropriately to hand control back to the sender.
+7. The sender will reset the EXECUTE register.
+ * This releases the LOCK on the mailbox.
+
+The following figure shows the receiver protocol flow.
+
+*Figure 6: Receiver protocol flowchart*
+
+
+
+## Mailbox arbitration
+
+From a mailbox protocol perspective, as long as CPTRA\_VALID\_PAUSER registers carry valid requestors, mailbox lock can be obtained by any of those valid requestors but only one of them at any given time. While the mailbox flow is happening, all other requestors will not get a grant.
+
+A request for lock that is denied due to firmware having the lock results in an interrupt to the firmware. Firmware can optionally use this interrupt to release the lock.
+
+There is no fair arbitration scheme between SoC and microcontroller. It is first come, first served. When the mailbox is locked for microcontroller use and SoC has unsuccessfully requested the mailbox (due to mailbox actively being used), the mailbox generates an interrupt to the microcontroller as a notification.
+
+Further, there is no arbitration between various PAUSER attributes. PAUSER attributes exist for security and filtering reasons only.
+
+## MAILBOX PAUSER attribute register
+
+It is strongly recommended that these PAUSER registers are either set at integration time through integration parameters or be programmed by the SoC ROM before any mutable firmware or ROM patches are applied.
+
+### Programmable registers
+
+Caliptra provides 5 programmable registers that SoC can set at boot time to limit access to the mailbox peripheral. The default PAUSER set by the integration parameter CPTRA\_DEF\_MBOX\_VALID\_PAUSER is valid until all programmable registers are consumed. CPTRA\_MBOX\_VALID\_PAUSER registers become valid once the corresponding lock bit CPTRA\_MBOX\_PAUSER\_LOCK is set.
+
+*Table 13: PAUSER register definition*
+
+| Register | Description |
+| :--------- | :--------- |
+| CPTRA_MBOX_VALID_PAUSER\[4:0\]\[31:0\] | 5 registers for programming PAUSER values that are considered valid for accessing the mailbox protocol. Requests with PAUSER attributes that are not in this list will be ignored. |
+| CPTRA_MBOX_PAUSER_LOCK\[4:0\] | 5 registers, bit 0 of each will lock and mark VALID for the corresponding VALID_PAUSER register. |
+
+### Parameter override
+
+Another option for limiting access to the mailbox peripheral are the integration time parameters that override the programmable PAUSER registers. At integration time, the CPTRA\_SET\_MBOX\_PAUSER\_INTEG parameters can be set to 1 which enables the corresponding CPTRA\_MBOX\_VALID\_PAUSER parameters to override the programmable register.
+
+*Table 14: PAUSER Parameter definition*
+
+| Parameter | Description |
+| :--------- | :--------- |
+| CPTRA_SET_MBOX_PAUSER_INTEG\[4:0\] | Setting to 1 enables the corresponding CPTRA_MBOX_VALID_PAUSER parameter. |
+| CPTRA_MBOX_VALID_PAUSER\[4:0\] | Value to override programmable PAUSER register at integration time if corresponding CPTRA_SET_MBOX_PAUSER_INTEG parameter is set to 1. |
+
+## Caliptra mailbox protocol
+
+After the SoC side has written the EXECUTE register, the mailbox sends an interrupt to the microcontroller.
+
+The microcontroller reads the COMMAND and DLEN registers, as well as the data populated in the mailbox.
+
+The microcontroller can signal back to SoC through functional registers, and populate COMMAND, DLEN, and MAILBOX as well.
+
+## Caliptra mailbox errors
+
+Mailbox is responsible for only accepting writes from the device that requested and locked the mailbox.
+
+If the SoC violates this protocol, the mailbox flags a protocol violation and enters an error state. Two protocol violations are detected:
+1. Access without lock: Writes to any mailbox register by SoC or reads from the dataout register, without having first acquired the lock, are a violation.
+ 1. If any agent currently has the lock, accesses by agents other than the one holding the lock are ignored.
+ 2. If no agent currently has the lock, the violation results in a flagged error.
+2. Out of order access: SoC must follow the rules for the sender and receiver protocol that define access ordering and progression for a mailbox command.
+ 1. If, after acquiring the lock, an SoC agent performs any register write (or read from the dataout register) outside of the prescribed ordering, this is a flagged violation.
+ 2. Such access by any SoC agent that does not have the lock is ignored.
+
+After a mailbox protocol violation is flagged, it is reported to the system in several ways:
+* The mailbox FSM enters the ERROR state in response to an out of order access violation, and the new FSM state is readable via the mailbox status register. The LOCK value is preserved on entry to the ERROR state. The access without lock violation does not result in a state change. After entering the ERROR state, the mailbox may only be restored to the IDLE state by:
+ * System reset
+ * Write to the force unlock register by firmware inside Caliptra (via internal bus)
+
+ Either of these mechanisms will also clear the mailbox LOCK.
+* Mailbox protocol violations are reported as fields in the HW ERROR non-fatal register. These events also cause assertion of the cptra\_error\_non\_fatal interrupt signal to SoC. Upon detection, SoC may acknowledge the error by clearing the error field in this register via bus write.
+* Mailbox protocol violations generate an internal interrupt to the Caliptra microcontroller. Caliptra firmware is aware of the protocol violation.
+
+The following table describes APB transactions that cause the Mailbox FSM to enter the ERROR state, given that the register “mbox\_user” contains the value of the APB PAUSER that was used to originally acquire the mailbox lock.
+
+*Table 15: Mailbox protocol error trigger conditions*
+
+| FSM state | SOC HAS LOCK | APB PAUSER eq mbox_user | Error state trigger condition |
+| :--------- | :--------- | :--------- | :--------- |
+| MBOX_RDY_FOR_CMD | 1 | true | Read from mbox_dataout. Write to any register other than mbox_cmd. |
+| MBOX_RDY_FOR_CMD | 1 | false | \- |
+| MBOX_RDY_FOR_CMD | 0 | \- | \- |
+| MBOX_RDY_FOR_DLEN | 1 | true | Read from mbox_dataout. Write to any register other than mbox_dlen. |
+| MBOX_RDY_FOR_DLEN | 1 | false | \- |
+| MBOX_RDY_FOR_DLEN | 0 | \- | \- |
+| MBOX_RDY_FOR_DATA | 1 | true | Read from mbox_dataout. Write to any register other than mbox_datain or mbox_execute. |
+| MBOX_RDY_FOR_DATA | 1 | false | \- |
+| MBOX_RDY_FOR_DATA | 0 | \- | \- |
+| MBOX_EXECUTE_UC | 1 | true | Read from mbox_dataout. Write to any register. |
+| MBOX_EXECUTE_UC | 1 | false | \- |
+| MBOX_EXECUTE_UC | 0 | \- | \- |
+| MBOX_EXECUTE_SOC | 1 | true | Write to any register other than mbox_execute. |
+| MBOX_EXECUTE_SOC | 1 | false | \- |
+| MBOX_EXECUTE_SOC | 0 | true/false\* | Write to any register other than mbox_status. |
+
+\* mbox\_user value is not used when Caliptra has lock and is sending a Caliptra to SoC mailbox operation.
+
+# SoC SHA acceleration block
+
+## Overview
+
+The SHA acceleration block is in the SoC interface. The SoC can access the accelerator’s hardware API and stream data to be hashed over the APB interface.
+
+SHA acceleration block uses a similar protocol to the mailbox, but has its own dedicated registers.
+
+SHA\_LOCK register is set on read. A read of 0 indicates the SHA was unlocked and will now be locked for the requesting user.
+
+SHA\_MODE register sets the mode of operation for the SHA.
+
+See the Hardware specification for additional details.
+* 2’b00 - SHA384 streaming mode
+* 2’b01 - SHA512 streaming mode
+* 2’b10 - SHA384 mailbox mode (Caliptra only, invalid for SoC requests)
+* 2’b11 - SHA512 mailbox mode (Caliptra only, invalid for SoC requests)
+
+## SoC Sender Protocol
+
+**Sending data to the SHA accelerator:**
+1. Requester queries the accelerator by reading the SHA\_LOCK control register.
+ * If SHA\_LOCK returns 0, SHA\_LOCK is granted and is set to 1.
+ * If SHA\_LOCK returns 1, it is locked for another device.
+2. Requester writes the SHA\_MODE register to the appropriate mode of operation.
+3. Requester writes the data length in bytes to the SHA\_DLEN register.
+4. Requester writes data packets to the SHA\_DATAIN register until SHA\_DLEN bytes are written.
+5. Requester writes the SHA\_EXECUTE register, this indicates that it is done streaming data.
+6. Requesters can poll the SHA\_STATUS register for the VALID field to be asserted.
+7. Once VALID is asserted, the completed hash can be read from the SHA\_DIGEST register.
+8. Requester must write 1 to the LOCK register to release the lock.
+
+# TRNG REQ HW API
+
+For SoCs that choose to not instantiate Caliptra’s embedded TRNG, we provide a TRNQ REQ HW API.
+
+**While the use of this API is convenient for early enablement, the current
+Caliptra hardware is unable to provide the same security guarantees with an
+external TRNG. In particular, it is highly advisable to instantiate an internal
+TRNG if ROM glitch protection is important.**
+
+1. Caliptra asserts TRNG\_REQ wire (this may be because Caliptra’s internal hardware or firmware made the request for a TRNG).
+2. SoC writes the TRNG architectural registers.
+3. SoC write a done bit in the TRNG architectural registers.
+4. Caliptra deasserts TRNG\_REQ.
+
+Having an interface that is separate from the SoC mailbox ensures that this request is not intercepted by any SoC firmware agents (which communicate with SoC mailbox). It is a requirement for FIPS compliance that this TRNG HW API is always handled by SoC hardware gasket logic (and not some SoC ROM or firmware code).
+
+TRNG DATA register is tied to TRNG VALID PAUSER. SoC can program the TRNG VALID PAUSER and lock the register using TRNG\_PAUSER\_LOCK[LOCK]. This ensures that TRNG DATA register is read-writeable by only the PAUSER programmed into the TRNG\_VALID\_PAUSER register. If the CPTRA\_TNRG\_PAUSER\_LOCK.LOCK is set to ‘0, then any agent can write to the TRNG DATA register. If the lock is set, only an agent with a specific TRNG\_VALID\_PAUSER can write.
+
+# SRAM implementation
+
+## Overview
+
+SRAMs are instantiated at the SoC level. Caliptra provides the interface to export SRAMs from internal components.
+
+SRAM repair logic (for example, BIST) and its associated fuses, which are proprietary to companies and their methodologies, is implemented external to the Caliptra boundary.
+
+SRAMs must NOT go through BIST or repair flows across a “warm reset”.
+
+Mailbox SRAM is implemented with ECC protection. Data width for the mailbox is 32-bits, with 7 parity bits for a Hamming-based SECDED (single-bit error correction and double-bit error detection).
+
+## RISC-V internal memory export
+
+To support synthesis flexibility and ease memory integration to various fabrication processes, all SRAM blocks inside the RISC-V core are exported to an external location in the testbench. A single unified interface connects these memory blocks to their parent logic within the RISC-V core. Any memory implementation may be used to provide SRAM functionality in the external location in the testbench, provided the implementation adheres to the interface requirements connected to control logic inside the processor. Memories behind the interface are expected to be implemented as multiple banks of SRAM, from which the RISC-V processor selects the target using an enable vector. The I-Cache has multiple ways, each containing multiple banks of memory, but I-Cache is disabled in Caliptra and this may be removed for synthesis.
+
+The following memories are exported:
+* Instruction Closely-Coupled Memory (ICCM)
+* Data Closely Coupled Memory (DCCM)
+
+Table 4 indicates the signals contained in the memory interface. Direction is relative to the exported memory wrapper that is instantiated outside of the Caliptra subsystem (that is, from the testbench perspective).
+
+## SRAM timing behavior
+* [Writes] Input wren signal is asserted simultaneously with input data and address. Input data is stored at the input address 1 clock cycle later.
+* [Reads] Input clock enable signal is asserted simultaneously with input address. Output data is available 1 clock cycle later from a flip-flop register stage.
+* [Writes] Input wren signal is asserted simultaneously with input data and address. Data is stored at the input address 1 clock cycle later.
+
+The following figure shows the SRAM interface timing.
+
+*Figure 7: SRAM interface timing*
+
+
+
+## SRAM parameterization
+
+Parameterization for ICCM/DCCM memories is derived from the configuration of the VeeR RISC-V core that has been selected for Caliptra integration. Parameters defined in the VeeR core determine signal dimensions at the Caliptra top-level interface and drive requirements for SRAM layout. For details about interface parameterization, see the [Interface](#interface) section. The following configuration options from the RISC-V Core dictate this behavior:
+
+*Table 16: SRAM parameterization*
+
+| Parameter | Value | Description |
+| :--------- | :--------- | :--------- |
+| ICCM_ENABLE | 1 | Configures ICCM to be present in VeeR core. |
+| ICCM_NUM_BANKS | 4 | Determines the number of physical 39-bit (32-bit data + 7-bit ECC) SRAM blocks that are instantiated in the ICCM. |
+| ICCM_INDEX_BITS | 13 | Address bit width for each ICCM Bank that is instantiated. |
+| ICCM_SIZE | 128 | Capacity of the ICCM in KiB. Total ICCM capacity in bytes is given by 4 \* ICCM_NUM_BANKS \* 2ICCM_INDEX_BITS. |
+| DCCM_ENABLE | 1 | Configures DCCM to be present in VeeR core. |
+| DCCM_NUM_BANKS | 4 | Determines the number of physical 39-bit (32-bit data + 7-bit ECC) SRAM blocks that are instantiated in the DCCM. |
+| DCCM_INDEX_BITS | 13 | Address bit width for each DCCM Bank that is instantiated. |
+| DCCM_SIZE | 128 | Capacity of the DCCM in KiB. Total DCCM capacity in bytes is given by 4 \* DCCM_NUM_BANKS \* 2DCCM_INDEX_BITS. |
+
+## Example SRAM machine check reliability integration
+
+This section describes an example implementation of integrator machine check reliability.
+
+This example is applicable to scenarios where an integrator may need control of or visibility into SRAM errors for purposes of reliability or functional safety. In such cases, integrators may introduce additional layers of error injection, detection, and correction logic surrounding SRAMs. The addition of such logic is transparent to the correct function of Caliptra, and removes integrator dependency on Caliptra for error logging or injection.
+
+Note that the example assumes that data and ECC codes are in non-deterministic bit-position in the exposed SRAM interface bus. Accordingly, redundant correction coding is shown in the integrator level logic (i.e., integrator\_ecc(calitpra\_data, caliptra\_ecc)). If the Caliptra data and ECC are deterministically separable at the Caliptra interface, the integrator would have discretion to store the ECC codes directly and calculate integrator ECC codes for the data alone.
+
+*Figure 8: Example machine check reliability implementation*
+
+
+
+### Error detection and logging
+
+1. Caliptra IP shall interface to ECC protected memories.
+2. Caliptra IP calculates and applies its own ECC code, which produces a total of 39-bit data written to external or INTEGRATOR instantiated SRAMs.
+3. Each 39-bit bank memory internally calculates 8-bit ECC on a write and stores 47 bits of data with ECC into SRAM.
+4. On read access syndrome is calculated based on 39-bit data.
+5. If parity error is detected and syndrome is valid, then the error is deemed single-bit and correctable.
+6. If no parity error is detected but syndrome == 0 or the syndrome is invalid, the error is deemed uncorrectable.
+7. On both single and double errors, the read data is modified before being returned to Caliptra.
+8. Since single-bit errors shall be corrected through INTEGRATOR instantiated logic, Caliptra never sees single-bit errors from SRAM.
+9. Double-bit or uncorrectable errors would cause unpredictable data to be returned to Caliptra. Since this condition shall be detected and reported to MCRIP, there is no concern or expectation that Caliptra will operate correctly after a double error.
+10. On detection, single errors are reported as transparent to MCRIP, double errors are reported as fatal.
+11. Along with error severity, MCRIP logs physical location of the error.
+12. After MCRIP logs an error, it has a choice to send out in-band notification to an external agent.
+13. MCRIP logs can be queried by SoC software.
+
+### Error injection
+
+1. MCRIP supports two error injection modes: intrusive and non-intrusive.
+2. Intrusive error injection:
+ 1. Can force a single or double error to be injected, which would result in incorrect data to be returned on read access.
+ 2. The intrusive error injection mode is disabled in Production fused parts via Security State signal.
+3. Non-intrusive error injection:
+ 1. Allows external software to write into MCRIP error log registers.
+ 2. The non-intrusive error injection does not interfere with the operation of memories.
+ 3. The non-intrusive error injection is functional in Production fused parts.
+
+### Caliptra error and recovery flow
+
+1. Caliptra Stuck:
+ 1. SoC BC timeout mechanism with 300us timeout.
+2. Caliptra reports non-fatal error during boot flow:
+ 1. cptra\_error\_non\_fatal is an output Caliptra signal, which shall be routed to SoC interrupt controller.
+ 2. SoC can look at the Caliptra non-fatal error register for error source.
+ 3. Assume Caliptra can report a non-fatal error at any time.
+ 4. SoC should monitor the error interrupt or check it before sending any mailbox command.
+ 5. In the event of a non-fatal error during boot (that is, prior to a ready for RT signal), SoC should enter recovery flow and attempt to boot again using alternate boot part/partition.
+ 6. If SoC sees that a non-fatal error has occurred AFTER receiving the ready for RT signal, SoC may attempt to recover Caliptra by executing the “Run Self-Test” mailbox command (not yet defined).
+ 7. If this command completes successfully, SoC may continue using Caliptra as before.
+ 8. If this command is unsuccessful, Caliptra is in an error state for the remainder of the current boot.
+ 9. Non-fatal ECC errors are never reported by Caliptra; SoC needs to monitor MCRIP for non-fatal Caliptra ECC errors.
+3. Caliptra reports fatal error during boot flow:
+ 1. cptra\_error\_fatal is an output Caliptra signal, which shall be routed to SoC interrupt controller.
+ 2. SoC can look at the Caliptra fatal error register for error source.
+ 3. Assume Caliptra can report a fatal error at any time.
+ 4. Fatal errors are generally hardware in nature. SoC may attempt to recover by full reset of the entire SoC, or can move on and know that Caliptra will be unavailable for the remainder of the current boot.
+ 5. We cannot assume that uncorrectable errors will be correctly detected by Caliptra, ECC fatal errors shall be reported by SOC MCRIP.
+
+# SoC integration requirements
+
+The following table describes SoC integration requirements.
+
+*Table 17: SoC integration requirements*
+
+| Category | Requirement | Definition of done | Rationale |
+| :--------- | :--------- | :--------- | :--------- |
+| Deobfuscation Key | SoC backend flows shall generate deobfuscation key with appropriate NIST compliance as dictated in the Caliptra RoT specification. | Statement of conformance | Required by UDS and Field Entropy threat model |
+| Deobfuscation Key | If not driven through PUF, SoC backend flows shall ECO the deobfuscation key before tapeout. | Statement of conformance | Required by UDS and Field Entropy threat model |
+| Deobfuscation Key | Rotation of the deobfuscation key (if not driven through PUF) between silicon steppings of a given product (for example, A0 vs. B0 vs. PRQ stepping) is dependent on company-specific policies. | Statement of conformance | Required by UDS and Field Entropy threat model |
+| Deobfuscation Key | SoC backend flows should not insert deobfuscation key flops into the scan chain. | Synthesis report | Required by UDS and Field Entropy threat model |
+| Deobfuscation Key | For defense in depth, it is strongly recommended that debofuscation key flops are not on the scan chain.
Remove the following signals from the scan chain:
cptra_scan_mode_Latched_d
cptra_scan_mode_Latched_f
field_storage.internal_obf_key | Statement of conformance | Caliptra HW threat model |
+| DFT | Before scan is enabled (separate signal that SoC implements on scan insertion), SoC shall set Caliptra's scan_mode indication to '1 to allow secrets/assets to be flushed. | Statement of conformance | Required by Caliptra threat model |
+| DFT | Caliptra’s TAP should be a TAP endpoint. | Statement of conformance | Functional requirement |
+| Mailbox | SoC shall provide an access path between the mailbox and the application CPU complex on SoCs with such complexes (for example, Host CPUs and Smart NICs). See the [Sender Protocol](#sender-protocol) section for details about error conditions. | Statement of conformance | Required for Project Kirkland and TDISP TSM |
+| Fuses | SoC shall burn non-field fuses during manufacturing. Required vs. optional fuses are listed in the architectural specification. | Test on silicon | Required for UDS threat model |
+| Fuses | SoC shall expose an interface for burning field fuses. Protection of this interface is the SoC vendor’s responsibility. | Test on silicon | Required for Field Entropy |
+| Fuses | SoC shall write fuse registers and fuse done via immutable logic or ROM code. | Statement of conformance | Required for Caliptra threat model |
+| Security State | SoC shall drive security state wires in accordance with the SoC's security state. | Statement of conformance | Required for Caliptra threat model |
+| Security State | If SoC is under debug, then SoC shall drive debug security state to Caliptra. | Statement of conformance | Required for Caliptra threat model |
+| Resets and Clocks | SoC shall start input clock before caliptra_pwrgood assertion. | Statement of conformance | Functional |
+| Resets and Clocks | SoC reset logic shall assume reset assertions are asynchronous and deassertions are synchronous. | Statement of conformance | Functional |
+| Resets and Clocks | SoC shall ensure Caliptra's powergood is the SoC's own powergood. | Statement of conformance | Required for Caliptra threat model |
+| TRNG | SoC shall either provision Caliptra with a dedicated TRNG or shared TRNG. | Statement of conformance | Required for Caliptra threat model and Functional |
+| TRNG | SoC shall provision the Caliptra embedded TRNG with an entropy source if that is used (vs. SoC-shared TRNG API support). | Statement of conformance | Functional |
+| TRNG | If the TRNG is shared, then upon TRNG_REQ, SoC shall use immutable logic or code to program Caliptra's TRNG registers. | Statement of conformance | Required for Caliptra threat model and Functional |
+| SRAMs | SoC shall ensure timing convergence with 1-cycle read path for SRAMs. | Synthesis report | Functional |
+| SRAMs | SoC shall size SRAMs to account for SECDED. | Statement of conformance | Functional |
+| SRAMs | SoC shall write-protect fuses that characterize the SRAM. | Statement of conformance | Required for Caliptra threat model |
+| SRAMs | SoC shall ensure SRAM content is only destroyed on powergood cycling. | Statement of conformance | Functional (Warm Reset, Hitless Update) |
+| SRAMs | SoC shall only perform SRAM repair on powergood events and prior to caliptra_rst_b deassertion. | Statement of conformance | Functional (Warm Reset, Hitless Update) |
+| Backend convergence | Caliptra is validated and backend converged at 400MHz and at process nodes - TSMC 5nm, -- \ | | Functional |
+| Power saving | Caliptra clock gating shall be controlled by Caliptra firmware alone. SoC is provided a global clock gating enable signal (and a register) to control. | | Required for Caliptra threat model |
+| Power saving | SoC shall not power-gate Caliptra independently of the entire SoC. | Statement of conformance | Required for Caliptra threat model |
+| PAUSER | SoC shall drive PAUSER input in accordance with the IP integration spec. | Statement of conformance | ? |
+| Error reporting | SoC shall report Caliptra error outputs. | Statement of conformance | Telemetry and monitoring |
+| Error reporting | SoC shall only recover Caliptra fatal errors via SoC power-good reset. | Statement of conformance | Required for Caliptra threat model |
+| TRNG PAUSER Programming rules | If SoC doesn’t program the CPTRA_TRNG_PAUSER_LOCK\[LOCK\], then Caliptra HW will not accept TRNG data from any SoC entity. | Security | Required for Caliptra threat model |
+| TRNG PAUSER Programming rules | If SoC programs CPTRA_TRNG_VALID_PAUSER and sets CPTRA_TRNG_PAUSER_LOCK\[LOCK\], then Caliptra HW will accept TRNG data only from the entity that is programmed into the PAUSER register. | Security | Required for Caliptra threat model |
+| TRNG PAUSER Programming rules | It is strongly recommended that these PAUSER registers are either set at integration time through integration parameters or be programmed by the SoC ROM before any mutable FW or ROM patches are absorbed. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | 5 PAUSER attribute registers are implemented at SoC interface. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | At boot time, a default SoC or PAUSER can access the mailbox. The value of this PAUSER is an integration parameter, CPTRA_DEF_MBOX_VALID_PAUSER. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | The value of CPTRA_MBOX_VALID_PAUSER\[4:0\] register can be programmed by SoC. After it is locked, it becomes a valid PAUSER for accessing the mailbox. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | Alternatively, CPTRA_SET_MBOX_PAUSER_INTEG parameter can be set along with the corresponding CPTRA_MBOX_VALID_PAUSER parameter at integration time. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | SoC logic (ROM, HW) that is using the Caliptra mailbox right out of cold reset, without first configuring the programmable mailbox PAUSER registers, must send the mailbox accesses with the default PAUSER, CPTRA_DEF_MBOX_VALID_PAUSER. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | For CPTRA_MBOX_VALID_PAUSER\[4:0\], the corresponding lock bits MUST be programmed to ‘1. This enables the mailbox to accept transactions from non-default PAUSERS. | Security | Required for Caliptra threat model |
+| MAILBOX PAUSER programming rules | It is strongly recommended that these PAUSER registers are either set at integration time through integration parameters or be programmed by the SoC ROM before any mutable FW or ROM patches are applied. | Security | Required for Caliptra threat model |
+| FUSE PAUSER programming rules | 1 PAUSER attribute register is implemented at SoC interface: CPTRA_FUSE_VALID_PAUSER. | | |
+| FUSE PAUSER programming rules | CPTRA_FUSE_PAUSER_LOCK locks the programmable valid pauser register, and marks the programmed value as valid. | | |
+| FUSE PAUSER programming rules | Integrators can choose to harden the valid pauser for fuse access by setting the integration parameter, CPTRA_FUSE_VALID_PAUSER, to the desired value in RTL, and by setting CPTRA_SET_FUSE_PAUSER_INTEG to 1. | | |
+| GLS FEV | GLS FEV must be run to make sure netlist and RTL match and none of the countermeasures are optimized away. See the following table for example warnings from synthesis runs to resolve through FEV | GLS simulations pass | Functional requirement |
+
+*Table 18: Caliptra synthesis warnings for FEV evaluation*
+
+| Module | Warning | Line No. | Description |
+| :--------- | :--------- | :--------- | :--------- |
+| sha512_acc_top | Empty netlist for always_comb | 417 |Unused logic (no load)|
+| ecc_scalar_blinding | Netlist for always_ff block does not contain flip flop | 301 |Output width is smaller than internal signals, synthesis optimizes away the extra internal flops with no loads|
+| sha512_masked_core | "masked_carry" is read before being assigned. Synthesized result may not match simulation | 295, 312 ||
+| ecc_montgomerymultiplier | Netlist for always_ff block does not contain flip flop | 274, 326 |Output width is smaller than internal signals, synthesis optimizes away the extra internal flops with no loads|
+| Multiple modules | Signed to unsigned conversion occurs | ||
+
+# CDC analysis and constraints
+
+Clock Domain Crossing (CDC) analysis is performed on the Caliptra core IP. The following are the results and recommended constraints for Caliptra integrators using standard CDC analysis EDA tools.
+
+In an unconstrained environment, several CDC violations are anticipated. CDC analysis requires the addition of constraints to identify valid synchronization mechanisms and/or static/pseudo-static signals.
+
+## Analysis of missing synchronizers
+* All of the signals, whether single-bit or multi-bit, originate from the rvjtag\_tap module internal register on TCK clock, and the Sink/Endpoint is the rvdff register, which is in CalitpraClockDomain clock.
+* JTAG does a series of “jtag writes” for each single “register write”.
+* We only need to synchronize the controlling signal for this interface.
+* Inside the dmi\_wrapper, the dmi\_reg\_en and dmi\_reg\_wr\_en comes from dmi\_jtag\_to\_core\_sync, which is a 2FF synchronizer.
+
+The following code snippet and schematic diagram illustrate JTAG originating CDC violations.
+
+*Figure 9: Schematic diagram and code snippet showing JTAG-originating CDC violations*
+
+
+
+
+
+## CDC analysis conclusions
+* Missing synchronizers appear to be the result of “inferred” and/or only 2-FF instantiated synchronizers.
+ * dmi\_jtag\_to\_core\_sync.v contains inferred 2FF synchronizers on the control signals “dmi\_reg\_wr\_en” and “dmi\_reg\_rd\_en”.
+ * 2FF synchronizer inferences are considered non-compliant and should be replaced by an explicitly instantiated synchronization module, which is intended to be substituted on a per-integrator basis.
+ * cdc report scheme two\_dff -severity violation
+* Multi-bit signals are effectively pseudo-static and are qualified by synchronized control qualifiers.
+ * Pseudo-static: wr\_data, wr\_addr
+ * cdc signal reg\_wr\_data -module dmi\_wrapper -stable
+ * cdc signal reg\_wr\_addr -module dmi\_wrapper -stable
+* The core clock frequency must be at least twice the TCK clock frequency for the JTAG data to pass correctly through the synchronizers.
+
+## CDC constraints
+* cdc report scheme two\_dff -severity violation
+* cdc signal reg\_wr\_data -module dmi\_wrapper -stable
+* cdc signal reg\_wr\_addr -module dmi\_wrapper -stable
+
+# Synthesis findings
+
+Synthesis experiments have so far found the following:
+* Design converges at 400MHz 0.72V using a cutting edge TSMC process.
+* Design converges at 100MHz using TSMC 40nm process.
+
+Note: Any synthesis warnings of logic optimization must be reviewed and accounted for.
+
+# Netlist synthesis data
+
+The following table illustrates representative netlist synthesis results using industry standard EDA synthesis tools and tool configurations.
+
+These metrics are inclusive of VeeR core, Caliptra logic, imem/dmem RAM, ROM.
+
+The area is expressed in units of square microns.
+
+The target foundry technology node is an industry standard, moderately advanced technology node as of 2023 September.
+
+*Table 19: Netlist synthesis data*
+
+| **IP Name** | **Date** | **Path Group** | **Target Freq** | **QoR WNS** | **QoR Achieveable Freq** |
+| :--------- | :--------- | :--------- | :--------- | :--------- | :--------- |
+| CALIPTRA_WRAPPER | 6/15/2023 | CALIPTRACLK | 500MHz | -15.93 | 496MHz |
+| CALIPTRA_WRAPPER | 6/15/2023 | JTAG_TCK | 100MHz | 4606.5 | 100MHz |
+| CALIPTRA_WRAPPER | 6/15/2023 | clock_gating_default | 500MHz | 26.56 | 500MHz |
+| CALIPTRA_WRAPPER | 6/15/2023 | io_to_io | 500MHz | -599.82 | 385MHz |
+| CALIPTRA_WRAPPER | 6/15/2023 | io_to_flop | 500MHz | 0.25 | 500MHz |
+| CALIPTRA_WRAPPER | 6/15/2023 | flop_to_io | 500MHz | -627.58 | 381MHz |
+
+| **IP Name** | **Date** | **Stdcell Area** | **Macro Area** | **Memory Area** | **Total Area** | **Flop Count** | **No Clock Regs/Pins Count** | **FM Status** | **FM Eqv Pts** | **FM Non-Eqv Pts** | **FM Abort Pts** | **FM FM**
**Non-Comp** **Pts** |
+| :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- | :--------- |
+| CALIPTRA_WRAPPER | 10/4/2023 | 89279 | 7872 | 239937 | 337088 | 45601 | 31 | SUCCEEDED | 156211 | 0 | 0 | 0 |
+
+# LINT rules
+
+TODO 0p5: This is a WIP list
+
+## Recommended LINT rules
+
+The following LINT rules are the recommended minimum set for standalone analysis of Caliptra IP. The same set is recommended as a minimum subset that may be applied by Caliptra integrators.
+
+Error: "x" in casez statements not allowed
+
+Error: All instance inputs must be driven
+
+Error: An event variable is declared but never triggered
+
+Error: Bit truncation hazard; LHS/RHS truncation of extra bits
+
+Error: Blocking and non-blocking assignment to a signal/variable detected
+
+Error: Case expression width mismatch; case expression width does not match case select expression width
+
+Error: Combinational loops detected
+
+Error: Constant value clock pin of sequential instance
+
+Error: Detected a logical/scalar operation on a vector
+
+Error: Detected that a tristate is used below top-level of design
+
+Error: Detected always or process constructs that do not have an event control
+
+Error: Detected arithmetic comparison operator with unequal length
+
+Error: Detected conversion of unsigned (reg type) to integer
+
+Error: Detected floating or unconnected inout port of an instance
+
+Error: Detected loop step statement variables incorrectly incremented or decremented
+
+Error: Detected nonblocking assignment in a combinational always block
+
+Error: Detected reset or set used both synchronously and asynchronously
+
+Error: Detected signal read inside combinational always block missing from sensitivity list
+
+Error: Detected tri-state 'Z' or '?' value used in assign or comparison
+
+Error: Detected two state data type signals; must support 4 state data type
+
+Error: Detected undriven but loaded input of an instance
+
+Error: Detected undriven but loaded net is detected
+
+Error: Detected undriven but loaded output port of module
+
+Error: Detected undriven output pins connected to instance input
+
+Error: Detected unequal length operands in the bit-wise logical, arithmetic, and ternary operators
+
+Error: Detected unpacked structure declaration outside the package
+
+Error: Duplicate conditions of a case, unique-case, or priority-case
+
+Error: Function return does not set all bits of return variable
+
+Error: Inout port is not read or assigned
+
+Error: Instance pin connections must use named-association rather than positional association
+
+Error: LHS or RHS mismatch hazard; multi-bit expression assigned to single bit signal
+
+Error: Latch inference not permitted
+
+Error: Must declare enum base type explicitly as sized logic type
+
+Error: Negative or enum array index detected
+
+Error: Non-synthesizable construct; functions of type real detected
+
+Error: Non-synthesizable construct; repeat statement
+
+Error: Non-synthesizable construct; delays ignored by synthesis tools
+
+Error: Non-synthesizable construct; modelling style where clock and reset cannot be inferred in sequential inference
+
+Error: Non-synthesizable construct; states are not updated on the same clock phase in sequential inference
+
+Error: Null Ports detected
+
+Error: Port referred before definition
+
+Error: Range index or slice of an array discrepancy
+
+Error: Read before set hazard in blocking assignment signal
+
+Error: Recursive task hazard
+
+Error: Redeclaration of a port range
+
+Error: Text Macro Redefinition TMR
+
+Error: Variable is too short for array index
+
+Error: Identified case constructs without the default or `OTHERS` clause
+
+Fatal: Asynchronous reset inference must have "if" statement as first statement in the block
+
+Fatal: Blocking assignment detected in sequential always block
+
+Fatal: Detected a function or a sub-program sets a global signal or variable
+
+Fatal: Detected a function or a sub-program uses a global signal or variable
+
+Fatal: Detected assignment to input ports
+
+Fatal: Detected edge and non-edge conditions in block sensitivity list
+
+Fatal: Detected variable in which both the edges are used in an event control list
+
+Fatal: Event control detected in RHS of assignment statement
+
+Fatal: Illegal case construct label detected
+
+Fatal: Module instance port connection mismatch width compared to the port definition
+
+Fatal: Non-synthesizable construct; case equal operators (===) (!==) operators may not be synthesizable
+
+Fatal: Non-synthesizable construct; detected real operands that are used in logical comparisons
+
+Fatal: Non-synthesizable construct; detected real variables that are unsynthesizable
+
+Fatal: Non-synthesizable construct; MOS switches, such as cmos, pmos, and nmos
+
+Fatal: Non-synthesizable construct; disable statements detected
+
+Fatal: Non-synthesizable construct; event control expressions have multiple edges in sequential inference
+
+Fatal: Non-synthesizable construct; event variables
+
+Fatal: Non-synthesizable construct; the tri0 net declarations
+
+Fatal: Non-synthesizable construct; time declarations
+
+Fatal: Non-synthesizable construct; tri1 net declarations
+
+Fatal: Non-synthesizable construct; trireg declarations
+
+Fatal: The 'default' or 'others' must be last case in a case statement
+
+# Terminology
+
+The following terminology is used in this document.
+
+*Table 20: Terminology*
+
+
+| Abbreviation | Description |
+| :--------- | :--------- |
+| AHB | AMBA Advanced High-Performance Bus |
+| APB | AMBA Advanced Peripheral Bus |
+| AES | Advanced Encryption Standard |
+| BMD | Boot Media Dependent |
+| BMI | Boot Media Integrated |
+| ECC | Elliptic Curve Cryptography |
+| ECO | Engineering Change Order (used to implement logic changes to a hardware design post-synthesis) |
+| QSPI | Quad Serial Peripheral Interface |
+| RISC | Reduced Instruction Set Computer |
+| SHA | Secure Hashing Algorithm |
+| SPI | Serial Peripheral Interface |
+| UART | Universal Asynchronous Receiver Transmitter |
diff --git a/docs/Caliptra_Integration_Specification.pdf b/docs/Caliptra_Integration_Specification.pdf
deleted file mode 100755
index 0cc3f9ebe..000000000
Binary files a/docs/Caliptra_Integration_Specification.pdf and /dev/null differ
diff --git a/docs/images/Caliptra_CDC_JTAG_code_snippet.png b/docs/images/Caliptra_CDC_JTAG_code_snippet.png
new file mode 100644
index 000000000..fc1ff828f
Binary files /dev/null and b/docs/images/Caliptra_CDC_JTAG_code_snippet.png differ
diff --git a/docs/images/Caliptra_HW_diagram.png b/docs/images/Caliptra_HW_diagram.png
new file mode 100644
index 000000000..901368f98
Binary files /dev/null and b/docs/images/Caliptra_HW_diagram.png differ
diff --git a/docs/images/Caliptra_SRAM_interface_timing.png b/docs/images/Caliptra_SRAM_interface_timing.png
new file mode 100644
index 000000000..f1e196018
Binary files /dev/null and b/docs/images/Caliptra_SRAM_interface_timing.png differ
diff --git a/docs/images/Caliptra_eq_CLKDIV.png b/docs/images/Caliptra_eq_CLKDIV.png
new file mode 100644
index 000000000..275ece4b5
Binary files /dev/null and b/docs/images/Caliptra_eq_CLKDIV.png differ
diff --git a/docs/images/Caliptra_eq_NCO.png b/docs/images/Caliptra_eq_NCO.png
new file mode 100644
index 000000000..601d4ad3d
Binary files /dev/null and b/docs/images/Caliptra_eq_NCO.png differ
diff --git a/docs/images/Caliptra_eq_SPI_clk_period.png b/docs/images/Caliptra_eq_SPI_clk_period.png
new file mode 100644
index 000000000..c8b5b0b22
Binary files /dev/null and b/docs/images/Caliptra_eq_SPI_clk_period.png differ
diff --git a/docs/images/Caliptra_eq_UART.png b/docs/images/Caliptra_eq_UART.png
new file mode 100644
index 000000000..47277cc16
Binary files /dev/null and b/docs/images/Caliptra_eq_UART.png differ
diff --git a/docs/images/Caliptra_eq_UART2.png b/docs/images/Caliptra_eq_UART2.png
new file mode 100644
index 000000000..dd9dde5d2
Binary files /dev/null and b/docs/images/Caliptra_eq_UART2.png differ
diff --git a/docs/images/Caliptra_machine_reliability.png b/docs/images/Caliptra_machine_reliability.png
new file mode 100644
index 000000000..fa25c5e0e
Binary files /dev/null and b/docs/images/Caliptra_machine_reliability.png differ
diff --git a/docs/images/Caliptra_mbox-sender.png b/docs/images/Caliptra_mbox-sender.png
new file mode 100644
index 000000000..4c43e8ea0
Binary files /dev/null and b/docs/images/Caliptra_mbox-sender.png differ
diff --git a/docs/images/Caliptra_mbox_boot_FSM.png b/docs/images/Caliptra_mbox_boot_FSM.png
new file mode 100644
index 000000000..dd575d531
Binary files /dev/null and b/docs/images/Caliptra_mbox_boot_FSM.png differ
diff --git a/docs/images/Caliptra_mbox_receiver.png b/docs/images/Caliptra_mbox_receiver.png
new file mode 100644
index 000000000..c86502e5a
Binary files /dev/null and b/docs/images/Caliptra_mbox_receiver.png differ
diff --git a/docs/images/Caliptra_reset_timing.png b/docs/images/Caliptra_reset_timing.png
new file mode 100644
index 000000000..fc131247e
Binary files /dev/null and b/docs/images/Caliptra_reset_timing.png differ
diff --git a/docs/images/Caliptra_schematic_jtag.png b/docs/images/Caliptra_schematic_jtag.png
new file mode 100644
index 000000000..2efad2873
Binary files /dev/null and b/docs/images/Caliptra_schematic_jtag.png differ
diff --git a/docs/images/Caliptra_soc_interface_block.png b/docs/images/Caliptra_soc_interface_block.png
new file mode 100644
index 000000000..a2f9985c2
Binary files /dev/null and b/docs/images/Caliptra_soc_interface_block.png differ
diff --git a/docs/images/OCP_logo.png b/docs/images/OCP_logo.png
new file mode 100644
index 000000000..c7a1dfd86
Binary files /dev/null and b/docs/images/OCP_logo.png differ
diff --git a/src/ahb_lite_bus/rtl/ahb_lite_bus.sv b/src/ahb_lite_bus/rtl/ahb_lite_bus.sv
index 4cc2cc372..b6a088d9e 100644
--- a/src/ahb_lite_bus/rtl/ahb_lite_bus.sv
+++ b/src/ahb_lite_bus/rtl/ahb_lite_bus.sv
@@ -36,7 +36,7 @@ module ahb_lite_bus #(
// --------------------------------------
// Responder Interface Port
// --------------------------------------
- CALIPTRA_AHB_LITE_BUS_INF.Responder_Interface_Ports ahb_lite_responders[NUM_RESPONDERS-1:0],
+ CALIPTRA_AHB_LITE_BUS_INF.Responder_Interface_Ports ahb_lite_responders[0:NUM_RESPONDERS-1],
// ----------------------------------------------
// Respnder Disable
diff --git a/src/caliptra_prim/rtl/caliptra_prim_assert.sv b/src/caliptra_prim/rtl/caliptra_prim_assert.sv
index 7a91601a9..7ab0e3bc7 100644
--- a/src/caliptra_prim/rtl/caliptra_prim_assert.sv
+++ b/src/caliptra_prim/rtl/caliptra_prim_assert.sv
@@ -49,8 +49,8 @@
// Static assertions for checks inside SV packages. If the conditions is not true, this will
// trigger an error during elaboration.
`define CALIPTRA_ASSERT_STATIC_IN_PACKAGE(__name, __prop) \
- function automatic bit assert_static_in_package_``__name(); \
- bit unused_bit [((__prop) ? 1 : -1)]; \
+ function automatic logic assert_static_in_package_``__name(); \
+ logic unused_bit [((__prop) ? 1 : -1)]; \
unused_bit = '{default: 1'b0}; \
return unused_bit[0]; \
endfunction
diff --git a/src/csrng/config/csrng.vf b/src/csrng/config/csrng.vf
index ef06dd886..0a1c5d165 100644
--- a/src/csrng/config/csrng.vf
+++ b/src/csrng/config/csrng.vf
@@ -102,4 +102,3 @@ ${CALIPTRA_ROOT}/src/csrng/rtl/csrng_block_encrypt.sv
${CALIPTRA_ROOT}/src/csrng/rtl/csrng_state_db.sv
${CALIPTRA_ROOT}/src/csrng/rtl/csrng_cmd_stage.sv
${CALIPTRA_ROOT}/src/csrng/rtl/csrng.sv
-${CALIPTRA_ROOT}/src/csrng/tb/csrng_tb.sv
diff --git a/src/doe/rtl/doe_reg.rdl b/src/doe/rtl/doe_reg.rdl
index b969aaa0f..392822d5a 100644
--- a/src/doe/rtl/doe_reg.rdl
+++ b/src/doe/rtl/doe_reg.rdl
@@ -204,8 +204,10 @@ addrmap doe_reg {
reg error_intr_trig_t {
name = "Interrupt Trigger Register type definition";
desc = "Single bit for each interrupt event allows SW to manually
- trigger occurrence of that event. Upon SW write, the bit
- will pulse for 1 cycle then clear to 0.";
+ trigger occurrence of that event. Upon SW write, the trigger bit
+ will pulse for 1 cycle then clear to 0. The pulse on the
+ trigger register bit results in the corresponding interrupt
+ status bit being set to 1.";
default hw = na;
default sw = rw;
@@ -223,8 +225,10 @@ addrmap doe_reg {
reg notif_intr_trig_t {
name = "Interrupt Trigger Register type definition";
desc = "Single bit for each interrupt event allows SW to manually
- trigger occurrence of that event. Upon SW write, the bit
- will pulse for 1 cycle then clear to 0.";
+ trigger occurrence of that event. Upon SW write, the trigger bit
+ will pulse for 1 cycle then clear to 0. The pulse on the
+ trigger register bit results in the corresponding interrupt
+ status bit being set to 1.";
default hw = na;
default sw = rw;
diff --git a/src/ecc/coverage/ecc_top_cov_if.sv b/src/ecc/coverage/ecc_top_cov_if.sv
index 97f1a8cac..345964c64 100644
--- a/src/ecc/coverage/ecc_top_cov_if.sv
+++ b/src/ecc/coverage/ecc_top_cov_if.sv
@@ -34,6 +34,7 @@ interface ecc_top_cov_if
logic error_flag;
logic privkey_input_outofrange;
logic r_output_outofrange;
+ logic s_output_outofrange;
logic r_input_outofrange;
logic s_input_outofrange;
logic pubkeyx_input_outofrange;
@@ -93,6 +94,7 @@ interface ecc_top_cov_if
assign error_flag = ecc_top.ecc_dsa_ctrl_i.error_flag;
assign privkey_input_outofrange = ecc_top.ecc_dsa_ctrl_i.privkey_input_outofrange;
assign r_output_outofrange = ecc_top.ecc_dsa_ctrl_i.r_output_outofrange;
+ assign s_output_outofrange = ecc_top.ecc_dsa_ctrl_i.s_output_outofrange;
assign r_input_outofrange = ecc_top.ecc_dsa_ctrl_i.r_input_outofrange;
assign s_input_outofrange = ecc_top.ecc_dsa_ctrl_i.s_input_outofrange;
assign pubkeyx_input_outofrange = ecc_top.ecc_dsa_ctrl_i.pubkeyx_input_outofrange;
@@ -118,6 +120,7 @@ interface ecc_top_cov_if
error_flag_cp: coverpoint error_flag;
privkey_input_outofrange_cp: coverpoint privkey_input_outofrange;
r_output_outofrange_cp: coverpoint r_output_outofrange;
+ s_output_outofrange_cp: coverpoint s_output_outofrange;
r_input_outofrange_cp: coverpoint r_input_outofrange;
s_input_outofrange_cp: coverpoint s_input_outofrange;
pubkeyx_input_outofrange_cp: coverpoint pubkeyx_input_outofrange;
diff --git a/src/ecc/rtl/ecc_dsa_ctrl.sv b/src/ecc/rtl/ecc_dsa_ctrl.sv
index 48eb05af2..405c7fa4e 100644
--- a/src/ecc/rtl/ecc_dsa_ctrl.sv
+++ b/src/ecc/rtl/ecc_dsa_ctrl.sv
@@ -129,6 +129,7 @@ module ecc_dsa_ctrl
logic [1 : 0] cmd_reg;
logic [2 : 0] pm_cmd_reg;
logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] msg_reg;
+ logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] msg_reduced_reg;
logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] privkey_reg;
logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] kv_reg;
logic [REG_NUM_DWORDS-1 : 0][RADIX-1:0] pubkeyx_reg;
@@ -196,6 +197,7 @@ module ecc_dsa_ctrl
logic privkey_input_outofrange;
logic r_output_outofrange;
+ logic s_output_outofrange;
logic r_input_outofrange;
logic s_input_outofrange;
logic pubkeyx_input_outofrange;
@@ -263,7 +265,7 @@ module ecc_dsa_ctrl
.keygen_seed(seed_reg),
.keygen_nonce(nonce_reg),
.privKey(privkey_reg),
- .hashed_msg(msg_reg),
+ .hashed_msg(msg_reduced_reg),
.IV(IV_reg),
.lambda(lambda),
.scalar_rnd(scalar_rnd_reg),
@@ -435,6 +437,21 @@ module ecc_dsa_ctrl
hwif_in.ECC_IV[dword].IV.hwclr = zeroize_reg;
end
end
+
+ //transformed msg into modulo q
+ always_ff @(posedge clk or negedge reset_n)
+ begin : reduced_msg
+ if (!reset_n)
+ msg_reduced_reg <= '0;
+ else if (zeroize_reg)
+ msg_reduced_reg <= '0;
+ else begin
+ if (msg_reg >= GROUP_ORDER)
+ msg_reduced_reg <= msg_reg - GROUP_ORDER;
+ else
+ msg_reduced_reg <= msg_reg;
+ end
+ end
always_comb hwif_in.ECC_CTRL.CTRL.hwclr = |hwif_out.ECC_CTRL.CTRL.value;
@@ -564,7 +581,7 @@ module ecc_dsa_ctrl
CONST_G_Y_MONT_ID : write_reg = {zero_pad, G_Y_MONT};
CONST_R2_q_MONT_ID : write_reg = {zero_pad, R2_q_MONT};
CONST_ONE_q_MONT_ID : write_reg = {zero_pad, ONE_q_MONT};
- MSG_ID : write_reg = {zero_pad, msg_reg};
+ MSG_ID : write_reg = {zero_pad, msg_reduced_reg};
PRIVKEY_ID : write_reg = {zero_pad, privkey_reg};
PUBKEYX_ID : write_reg = {zero_pad, pubkeyx_reg};
PUBKEYY_ID : write_reg = {zero_pad, pubkeyy_reg};
@@ -643,6 +660,7 @@ module ecc_dsa_ctrl
assign privkey_input_outofrange = signing_process & ((privkey_reg == 0) | (privkey_reg >= GROUP_ORDER));
assign r_output_outofrange = signing_process & (hw_r_we & (read_reg == 0));
+ assign s_output_outofrange = signing_process & (hw_s_we & (read_reg == 0));
assign r_input_outofrange = verifying_process & ((r_reg == 0) | (r_reg >= GROUP_ORDER));
assign s_input_outofrange = verifying_process & ((s_reg == 0) | (s_reg >= GROUP_ORDER));
@@ -652,7 +670,7 @@ module ecc_dsa_ctrl
assign pcr_sign_input_invalid = ((cmd_reg == KEYGEN) | (cmd_reg == VERIFY)) & pcr_sign_mode;
- assign error_flag = privkey_input_outofrange | r_output_outofrange | r_input_outofrange | s_input_outofrange | pubkeyx_input_outofrange | pubkeyy_input_outofrange | pubkey_input_invalid | pcr_sign_input_invalid;
+ assign error_flag = privkey_input_outofrange | r_output_outofrange | s_output_outofrange | r_input_outofrange | s_input_outofrange | pubkeyx_input_outofrange | pubkeyy_input_outofrange | pubkey_input_invalid | pcr_sign_input_invalid;
//----------------------------------------------------------------
// ECDSA_FSM_flow
diff --git a/src/ecc/rtl/ecc_hmac_drbg_interface.sv b/src/ecc/rtl/ecc_hmac_drbg_interface.sv
index 4df95d7a3..aff0288f6 100644
--- a/src/ecc/rtl/ecc_hmac_drbg_interface.sv
+++ b/src/ecc/rtl/ecc_hmac_drbg_interface.sv
@@ -209,7 +209,6 @@ module ecc_hmac_drbg_interface#(
end
else
if (hmac_done_edge) begin
- /* verilator lint_off CASEINCOMPLETE */
unique case (state_reg) inside
LFSR_ST: lfsr_seed_reg <= hmac_drbg_result[147 : 0];
LAMBDA_ST: lambda_reg <= hmac_drbg_result;
@@ -217,8 +216,14 @@ module ecc_hmac_drbg_interface#(
MASKING_RND_ST: masking_rnd_reg <= hmac_drbg_result;
KEYGEN_ST: drbg_reg <= hmac_drbg_result;
SIGN_ST: drbg_reg <= hmac_drbg_result;
+ default: begin
+ lambda_reg <= '0;
+ scalar_rnd_reg <= '0;
+ masking_rnd_reg <= '0;
+ drbg_reg <= '0;
+ lfsr_seed_reg <= LFSR_INIT_SEED;
+ end
endcase
- /* verilator lint_on CASEINCOMPLETE */
end
end //reg_update
diff --git a/src/ecc/rtl/ecc_reg.rdl b/src/ecc/rtl/ecc_reg.rdl
index 4446bf8fa..12239e82f 100644
--- a/src/ecc/rtl/ecc_reg.rdl
+++ b/src/ecc/rtl/ecc_reg.rdl
@@ -455,8 +455,10 @@ addrmap ecc_reg {
reg error_intr_trig_t {
name = "Interrupt Trigger Register type definition";
desc = "Single bit for each interrupt event allows SW to manually
- trigger occurrence of that event. Upon SW write, the bit
- will pulse for 1 cycle then clear to 0.";
+ trigger occurrence of that event. Upon SW write, the trigger bit
+ will pulse for 1 cycle then clear to 0. The pulse on the
+ trigger register bit results in the corresponding interrupt
+ status bit being set to 1.";
default hw = na;
default sw = rw;
@@ -471,8 +473,10 @@ addrmap ecc_reg {
reg notif_intr_trig_t {
name = "Interrupt Trigger Register type definition";
desc = "Single bit for each interrupt event allows SW to manually
- trigger occurrence of that event. Upon SW write, the bit
- will pulse for 1 cycle then clear to 0.";
+ trigger occurrence of that event. Upon SW write, the trigger bit
+ will pulse for 1 cycle then clear to 0. The pulse on the
+ trigger register bit results in the corresponding interrupt
+ status bit being set to 1.";
default hw = na;
default sw = rw;
diff --git a/src/ecc/tb/test_vectors/ecc_drbg_mbedtls.hex b/src/ecc/tb/test_vectors/ecc_drbg_mbedtls.hex
index 03bb042c5..03e50bb56 100644
--- a/src/ecc/tb/test_vectors/ecc_drbg_mbedtls.hex
+++ b/src/ecc/tb/test_vectors/ecc_drbg_mbedtls.hex
@@ -8,15 +8,15 @@ BB9C3A2F061E8D7014278DD51E66A918A6B6F9F1C1937312D4E7A921B18EF0F41FDD401D9E771850
E548E535A1CC600E133B5591AEBAAD78054006D752D0E1DF94FBFA95D78F0B3F8E81B9119C2BE008BF6D6F4E4185F87D
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0
-C8F518D4F3AA1BD46ED56C1C3C9E16FB800AF504DB98843548C5F623EE115F73D4C62ABC06D303B5D90D9A175087290D
-F274F69D163B0C9F1FC3EBF4292AD1C4EB3CEC1C5A7DDE6F80C14292934C2055E087748D0A169C772483ADEE5EE70E17
-D79C6D972B34A1DFC916A7B6E0A99B6B5387B34DA2187607C1AD0A4D1A8C2E4172AB5FA5D9AB58FE45E43F56BBB66BA4
-5A7363932B06B4F223BEF0B60A6390265112DBBD0AAE67FEF26B465BE935B48E451E68D16F1118F2B32B4C28608749ED
-8FA8541C82A392CA74F23ED1DBFD73541C5966391B97EA73D744B0E34B9DF59ED0158063E39C09A5A055371EDF7A5441
-1B7EC5E548E8AAA92EC77097CA9551C9783CE682CA18FB1EDBD9F1E50BC382DB8AB39496C8EE423F8CA105CBBA7B6588
-871E6EA4DDC5432CDDAA60FD7F055472D3C4DD41A5BFB26709E88C311A97093599A7C8F55B3974C19E4F5A7BFC1DD2AC
-3E5552DE6403350EE70AD74E4B854D2DC4126BBF9C153A5D7A07BD4B85D06E45F850920E898FB7D34F80796DAE29365C
-3401CEFAE20A737649073AC1A351E32926DB9ED0DB6B1CFFAB0493DAAFB93DDDD83EDEA28A803D0D003B2633B9D0F1BF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+7F68A6D896EA5DA62E78DEDB46F6662BC141F2F0B9E641ACC7342663FD51444E380FEA1DABBCA55F18987C0CFC10DF77
+787D82654607CD1D5A1B11F25C7DF90541380E497CB0560E1489BF7F71B6596300CC9D19335C4827A9BC6148B342F5EC
+A321B7C112EEE7227631066CDB556F0D6C66CA87AE912EB4DC412F2F108B27E2BECCBA94F0D844BD7872106EF25C9F25
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F3132CF17D965F02E7BF2FDA8755BF54B31B72053D3C35031AA28AB7689C046AF863DB63D04D4810CD042F3B07A860FC
+01A6FDB4EFC82CC544B06FE7741CF9C6E8D8189C14A250FBAFCB3FDC5290F30E5E7092FCD1B1A54E60E4F37750BBFE7D
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
1
5F1C0F632D10524D84F4BD20C9ADDAD795CDF5DAA60EA1217A00DD7B1ECAD268C23CC6D7F258E3747A5E4299893F8C37
C9DA896F656439AE83BCA037496DC001CB1F8F0FC9AB9C3C1723768352399E4BF5F44A60E84C2567B88C32569342B706
diff --git a/src/ecc/uvmf_ecc/config/uvmf_ecc.vf b/src/ecc/uvmf_ecc/config/uvmf_ecc.vf
new file mode 100644
index 000000000..f53355d1a
--- /dev/null
+++ b/src/ecc/uvmf_ecc/config/uvmf_ecc.vf
@@ -0,0 +1,173 @@
++define+MAP_PROT_ATTR
++incdir+${UVM_HOME}/src
++incdir+${UVM_HOME}/src/dpi
++incdir+${QUESTA_MVC_HOME}/questa_mvc_src/sv
++incdir+${QUESTA_MVC_HOME}/questa_mvc_src/sv/ahb
++incdir+${QUESTA_MVC_HOME}/questa_mvc_src/sv/ahb/modules
++incdir+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3
++incdir+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3/modules
++incdir+${UVMF_HOME}/common/mgc_vip/ahb
++incdir+${UVMF_HOME}/common/mgc_vip/apb
++incdir+${UVMF_HOME}/common/modules
++incdir+${UVMF_HOME}/common/utility_packages/qvip_utils_pkg
++incdir+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils
++incdir+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/clock
++incdir+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/memload
++incdir+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/reset
++incdir+${UVMF_HOME}/uvmf_base_pkg
++incdir+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/uvmf
++incdir+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/config_policies
++incdir+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_apb5_slave_dir/uvmf
++incdir+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_apb5_slave_dir/config_policies
++incdir+${CALIPTRA_ROOT}/src/integration/rtl
++incdir+${CALIPTRA_ROOT}/src/libs/rtl
++incdir+${CALIPTRA_ROOT}/src/keyvault/rtl
++incdir+${CALIPTRA_ROOT}/src/pcrvault/rtl
++incdir+${CALIPTRA_ROOT}/src/ecc/coverage
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/../rtl
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/../../libs/rtl
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/src
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/src
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/environment_packages/ECC_env_pkg
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/parameters
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/sequences
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/tests
++incdir+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench
++incdir+${CALIPTRA_ROOT}/src/sha512/rtl
++incdir+${CALIPTRA_ROOT}/src/sha512_masked/rtl
++incdir+${CALIPTRA_ROOT}/src/hmac/rtl
++incdir+${CALIPTRA_ROOT}/src/hmac_drbg/rtl
++incdir+${CALIPTRA_ROOT}/src/ecc/rtl
+${UVM_HOME}/src/uvm_pkg.sv
+${QUESTA_MVC_HOME}/include/questa_mvc_svapi.svh
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/mvc_pkg.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3/mgc_apb3_v1_0_pkg.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/ahb/mgc_ahb_v2_0_pkg.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/ahb/modules/ahb_lite_slave.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/ahb/modules/ahb_lite_monitor.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3/modules/apb5_master.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3/modules/apb_monitor.sv
+${QUESTA_MVC_HOME}/questa_mvc_src/sv/apb3/modules/apb5_monitor.sv
+${UVMF_HOME}/uvmf_base_pkg/uvmf_base_pkg_hdl.sv
+${UVMF_HOME}/uvmf_base_pkg/uvmf_base_pkg.sv
+${UVMF_HOME}/common/utility_packages/qvip_utils_pkg/qvip_utils_pkg.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_master_hdl.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_master_hvl.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_module_hvl.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_signal_if.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_slave_hdl.sv
+${UVMF_HOME}/common/mgc_vip/ahb/mgc_ahb_slave_hvl.sv
+${UVMF_HOME}/common/modules/ahb_master.v
+${UVMF_HOME}/common/modules/ahb_memory_slave_module_hdl.sv
+${UVMF_HOME}/common/modules/ahb_memory_slave_module_hvl.sv
+${UVMF_HOME}/common/modules/ahb_memory_slave_module.sv
+${UVMF_HOME}/common/modules/ahb_slave.v
+${UVMF_HOME}/common/modules/apb3_memory_slave_module.sv
+${UVMF_HOME}/common/mgc_vip/apb/apb_master_hdl_wrapper.sv
+${UVMF_HOME}/common/mgc_vip/apb/apb_master_hvl_wrapper.sv
+${UVMF_HOME}/common/mgc_vip/apb/apb_monitor_hdl_wrapper.sv
+${UVMF_HOME}/common/mgc_vip/apb/apb_monitor_hvl_wrapper.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/clock/clock_pkg.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/clock/clock_bfm.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/memload/memload_pkg.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/reset/reset_pkg.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/reset/async_reset_bfm.sv
+${UVMF_HOME}/common/uvm_co_emulation_utilities/uvm_co-emulation_utilities/utils/reset/sync_reset_bfm.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/config_policies/qvip_ahb_lite_slave_params_pkg.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/uvmf/qvip_ahb_lite_slave_pkg.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/uvmf/hdl_qvip_ahb_lite_slave.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/uvmf/default_clk_gen.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_ahb_lite_slave_dir/uvmf/default_reset_gen.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_apb5_slave_dir/config_policies/qvip_apb5_slave_params_pkg.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_apb5_slave_dir/uvmf/qvip_apb5_slave_pkg.sv
+${CALIPTRA_ROOT}/src/libs/uvmf/qvip_apb5_slave_dir/uvmf/hdl_qvip_apb5_slave.sv
+${CALIPTRA_ROOT}/src/integration/rtl/config_defines.svh
+${CALIPTRA_ROOT}/src/integration/rtl/caliptra_reg_defines.svh
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_sva.svh
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_macros.svh
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_sram.sv
+${CALIPTRA_ROOT}/src/libs/rtl/ahb_defines_pkg.sv
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_ahb_srom.sv
+${CALIPTRA_ROOT}/src/libs/rtl/apb_slv_sif.sv
+${CALIPTRA_ROOT}/src/libs/rtl/ahb_slv_sif.sv
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_icg.sv
+${CALIPTRA_ROOT}/src/libs/rtl/clk_gate.sv
+${CALIPTRA_ROOT}/src/libs/rtl/caliptra_2ff_sync.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_defines_pkg.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_macros.svh
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_defines_pkg.sv
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_macros.svh
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_gen_hash.sv
+${CALIPTRA_ROOT}/src/ecc/coverage/ecc_top_cov_if.sv
+${CALIPTRA_ROOT}/src/ecc/coverage/ecc_top_cov_bind.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/ECC_in_pkg_hdl.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/ECC_in_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/src/ECC_in_driver_bfm.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/src/ECC_in_if.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_in_pkg/src/ECC_in_monitor_bfm.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/ECC_out_pkg_hdl.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/ECC_out_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/src/ECC_out_driver_bfm.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/src/ECC_out_if.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/interface_packages/ECC_out_pkg/src/ECC_out_monitor_bfm.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/verification_ip/environment_packages/ECC_env_pkg/ECC_env_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/parameters/ECC_parameters_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/sequences/ECC_sequences_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/tests/ECC_tests_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hdl_top.sv
+${CALIPTRA_ROOT}/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hvl_top.sv
+${CALIPTRA_ROOT}/src/libs/rtl/ahb_to_reg_adapter.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_reg_pkg.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_reg.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_fsm.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_read_client.sv
+${CALIPTRA_ROOT}/src/keyvault/rtl/kv_write_client.sv
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_reg_pkg.sv
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_reg.sv
+${CALIPTRA_ROOT}/src/pcrvault/rtl/pv.sv
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg_pkg.sv
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_params_pkg.sv
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_ctrl.sv
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512.sv
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_core.v
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_h_constants.v
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_k_constants.v
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v
+${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv
+${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv
+${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv
+${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v
+${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv
+${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv
+${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_dsa_uop_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pm_uop_pkg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_top.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_dsa_ctrl.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_dsa_sequencer.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_scalar_blinding.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_hmac_drbg_interface.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_arith_unit.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pm_ctrl.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pm_sequencer.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_ram_tdp_file.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_fau.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_montgomerymultiplier.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pe_first.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pe.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_pe_final.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_mult_dsp.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_add_sub_mod_alter.sv
+${CALIPTRA_ROOT}/src/ecc/rtl/ecc_adder.sv
\ No newline at end of file
diff --git a/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hdl_top.sv b/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hdl_top.sv
index d9d9209bb..01fffdedb 100644
--- a/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hdl_top.sv
+++ b/src/ecc/uvmf_ecc/uvmf_template_output/project_benches/ECC/tb/testbench/hdl_top.sv
@@ -120,6 +120,7 @@ import uvmf_base_pkg_hdl::*;
.debugUnlock_or_scan_mode_switch('0)
);
+ ecc_top_cov_bind i_ecc_top_cov_bind();
// pragma uvmf custom dut_instantiation end
initial begin // tbx vif_binding_block
diff --git a/src/hmac/formal/model/hmac_core.h b/src/hmac/formal/model/hmac_core.h
new file mode 100644
index 000000000..b534e3046
--- /dev/null
+++ b/src/hmac/formal/model/hmac_core.h
@@ -0,0 +1,201 @@
+// -------------------------------------------------
+// Contact: contact@lubis-eda.com
+// Author: Tobias Ludwig, Michael Schwarz
+// -------------------------------------------------
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef HMAC_H_
+#define HMAC_H_
+
+#include "systemc.h"
+#include "Interfaces.h"
+#include
+#include
+#include
+#include
+
+using namespace std;
+
+#define MSG_WIDTH 1024 // b bits
+#define PAD_WIDTH 640
+#define DIGEST_WIDTH 512
+#define KEY_WIDTH 384 // n bits
+#define MASK_WIDTH 512
+
+const sc_biguint IPAD = sc_biguint("0x3636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636363636");
+const sc_biguint OPAD = "0x5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c5c";
+const sc_biguint FINAL_PAD = "0x8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000580";
+const sc_biguint garbage_vector = "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000";
+
+enum state
+{
+ state_IPAD,
+ state_OPAD,
+ state_HMAC
+};
+
+struct sha_block
+{
+ sc_biguint block_msg;
+ bool init;
+ bool next;
+ sc_biguint<74> lfsr_rnd;
+};
+
+struct sha_splitter
+{
+ sha_block sha1;
+ sha_block sha2;
+};
+
+struct block
+{
+ sc_biguint key;
+ sc_biguint block_msg;
+ bool init, next;
+};
+
+sc_biguint key_ipadded(sc_biguint key)
+{
+ return (static_cast>((static_cast>(key << (PAD_WIDTH))) ^ IPAD));
+}
+
+sc_biguint key_opadded(sc_biguint key)
+{
+ return (static_cast>(static_cast>(key << (PAD_WIDTH))) ^ OPAD);
+}
+
+sc_biguint hmac_padded(sc_biguint hmac_digest)
+{
+ return (static_cast>(static_cast>(hmac_digest << (PAD_WIDTH))) | FINAL_PAD);
+}
+
+SC_MODULE(HMAC)
+{
+public:
+ SC_CTOR(HMAC)
+ {
+
+ SC_THREAD(fsm);
+ }
+
+#ifndef LUBIS
+ blocking_out sha_msg_1 , sha_msg_2;
+#else
+ master_out sha_msg /*, sha_msg_2*/;
+#endif
+
+ blocking_in> H1_digest, H2_digest, H1_setup_digest;
+ blocking_in hmac_msg;
+
+#ifndef LUBIS
+ blocking_out> tag;
+
+#else
+ master_out> tag;
+#endif
+
+private:
+ sc_biguint sha_msg_input_ipad;
+ sc_biguint sha_digest_out_ipad, sha_digest_out_ipad_2, sha_digest_out_opad;
+ sc_biguint S1, S2;
+ sc_biguint temp;
+ bool first_round;
+ block hmac;
+ sc_biguint hmac_blk_msg;
+ sha_splitter sha_inst;
+ sc_biguint key_i;
+ sc_biguint block_msg_i;
+ bool init_i, next_i;
+
+ void fsm()
+ {
+
+ while (true)
+ {
+
+ sha_msg_input_ipad = hmac_padded(sc_biguint(0));
+
+ hmac_msg->read(hmac, "idle");
+ cout<<"INIT"<write(sha_inst);
+#else
+
+ sha_msg->master_write(sha_inst);
+#endif
+ cout<<"IPAD"<read(sha_digest_out_ipad, "ctrl_ipad");
+ }
+
+ sha_inst.sha2.block_msg = key_opadded(hmac.key);
+ sha_inst.sha2.next = false;
+ sha_inst.sha2.init = true;
+ sha_inst.sha1.block_msg = hmac.block_msg;
+ sha_inst.sha1.init = false;
+ sha_inst.sha1.next = true;
+#ifndef LUBIS
+ sha_msg_1->write(sha_inst);
+#else
+ sha_msg->master_write(sha_inst);
+#endif
+ cout<<"OPAD"<read(sha_digest_out_ipad, "ctrl_opad");
+
+ temp = static_cast>(sha_digest_out_ipad >> 128);
+
+ sha_msg_input_ipad = hmac_padded(temp);
+
+ sha_inst.sha1.block_msg = key_ipadded(hmac.key);
+ sha_inst.sha1.init = false;
+ sha_inst.sha1.next = false;
+ sha_inst.sha2.block_msg = sha_msg_input_ipad;
+ sha_inst.sha2.init = false;
+ sha_inst.sha2.next = true;
+
+
+#ifndef LUBIS
+ sha_msg_2->write(sha_inst);
+#else
+ sha_msg->master_write(sha_inst);
+#endif
+ cout<<"ctrl_hmac"<read(sha_digest_out_opad, "ctrl_hmac");
+ insert_state("done_tag");
+
+ cout<<"done"<write((sha_digest_out_opad >> 128));
+#else
+ tag->master_write((sha_digest_out_opad >> 128));
+#endif
+ }
+ }
+};
+
+#endif
diff --git a/src/hmac/formal/model/simulation_model/hmac_sha_join.h b/src/hmac/formal/model/simulation_model/hmac_sha_join.h
new file mode 100644
index 000000000..775adac21
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/hmac_sha_join.h
@@ -0,0 +1,180 @@
+// -------------------------------------------------
+// Contact: contact@lubis-eda.com
+// Author: Tobias Ludwig, Michael Schwarz
+// -------------------------------------------------
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef HMAC_SHA_
+#define HMAC_SHA_
+
+#include "systemc.h"
+#include "Interfaces.h"
+#include
+#include
+#include
+#include
+#include
+#include "../hmac_core.h"
+
+using namespace std;
+
+#define MSG_WIDTH 1024 // b bits
+#define PAD_WIDTH 640
+#define DIGEST_WIDTH 512
+#define KEY_WIDTH 384 // n bits
+#define MASK_WIDTH 512
+
+SC_MODULE(hmac_sha)
+{
+public:
+ SC_CTOR(hmac_sha)
+ {
+ SC_THREAD(fsm);
+ }
+
+ blocking_in sha_msg_split_1 ,sha_msg_split_2;
+ blocking_out> hmac_setup_digest, hmac_1_digest, hmac_2_digest;
+
+ blocking_out h_sha_msg_1, h_sha_msg_2;
+ blocking_in> sha_1_digest, sha_2_digest;
+
+private:
+ sha_splitter chunk1, chunk2, chunk3;
+ sha_block shablock1, shablock2;
+ sc_biguint<1024> MSG_raw_1, MSG_raw_2, block_msg_reg;
+ sc_biguint<2048> msg_comb;
+ sc_biguint<104000> MSG_padded, shift_pad;
+ sc_biguint sha_digest_out_ipad, sha_digest_out_ipad_2, sha_digest_out_opad;
+ sc_uint<32> MSG_Length;
+ sc_biguint<384> expected_result;
+ sc_biguint garabage_digest;
+ bool init_reg, next_reg;
+
+ int num = 1;
+ int zero_pad_len, MSG_chnks, i, j;
+
+ void fsm()
+ {
+ std::random_device seed;
+ std::default_random_engine generator(seed());
+ std::uniform_int_distribution distribution(0,0xFFFFFFFFFFFFFFFF);
+ while (true)
+ {
+
+ // cout << "sha_hmac_read_start" << endl;
+ sha_msg_split_1->read(chunk1, "ipad_state1");
+ if (chunk1.sha1.init)
+ {
+ shablock1.block_msg = chunk1.sha1.block_msg;
+ shablock1.init = chunk1.sha1.init;
+
+ shablock1.next = chunk1.sha1.next;
+ shablock2.block_msg = chunk1.sha1.block_msg;
+ shablock2.init = chunk1.sha2.init;
+ shablock2.next = chunk1.sha2.next;
+
+ h_sha_msg_1->write(shablock1, "send_sha1_key");
+
+ sha_1_digest->read(garabage_digest, "sha1_digest_out");
+ hmac_setup_digest->write(garabage_digest, "read_garbage_digest");
+ sha_msg_split_1->read(chunk2, "ipad_state2");
+
+ MSG_Length = 1024;
+ MSG_chnks = 2;
+ // cout << "sha_hmac_read_block" << endl;
+
+ MSG_raw_1 = chunk2.sha1.block_msg;
+
+ init_reg = chunk2.sha2.init;
+ block_msg_reg = chunk2.sha2.block_msg;
+ next_reg = chunk2.sha2.next;
+
+ shablock1.init = chunk2.sha1.init;
+ shablock1.next = chunk2.sha1.next;
+ }
+ else
+ {
+ MSG_Length = 1024;
+ MSG_chnks = 2;
+ // cout << "sha_hmac_read_block" << endl;
+
+ MSG_raw_1 = chunk1.sha1.block_msg;
+
+ init_reg = chunk1.sha2.init;
+ block_msg_reg = chunk1.sha2.block_msg;
+ next_reg = chunk1.sha2.next;
+
+ shablock1.init = chunk1.sha1.init;
+ shablock1.next = chunk1.sha1.next;
+ }
+
+ MSG_padded = static_cast>(static_cast>(MSG_raw_1 << (1024)) + (static_cast>(8) << static_cast>(1020)) + static_cast>(2048));
+ //cout << "MSG_padded::" << MSG_padded << endl;
+ for (i = 0; i < MSG_chnks; ++i)
+ {
+ shablock1.lfsr_rnd= static_cast>(distribution(generator))*sc_biguint<74>(1024) + static_cast>(distribution(generator));
+ shablock1.block_msg = static_cast>(MSG_padded >> (1024 * (MSG_chnks - 1)));
+ if (i > 0)
+ {
+ shablock1.next = chunk2.sha1.next;
+ }
+
+ h_sha_msg_1->write(shablock1, "send_ipad_msg");
+ MSG_padded = static_cast>(MSG_padded << 1024);
+ shablock1.init = chunk2.sha1.init;
+
+ sha_1_digest->read(sha_digest_out_ipad_2, "sha1_digest_out");
+ }
+ hmac_1_digest->write(sha_digest_out_ipad_2, "shaop_IPAD_DIGEST_HMAC");
+ //////////////////////////////////////
+
+ MSG_Length = 1024;
+ MSG_chnks = 2;
+ // cout << "sha_hmac_read_digest" << endl;
+
+ sha_msg_split_2->read(chunk3, "ipad_state2");
+ shablock1.block_msg = chunk3.sha1.block_msg;
+ shablock1.init = chunk3.sha1.init;
+ shablock1.next = chunk3.sha1.next;
+ MSG_raw_2 = chunk3.sha2.block_msg;
+
+ MSG_padded = ((static_cast>(block_msg_reg)) << 1024) | (MSG_raw_2);
+ // cout << "MSG_padded_sha2::" << MSG_padded << endl;
+
+ shablock2.init = init_reg;
+ shablock2.next = next_reg;
+
+ for (j = 0; j < MSG_chnks; j++)
+ {
+ shablock2.lfsr_rnd= static_cast>(distribution(generator))*sc_biguint<74>(1024) + static_cast>(distribution(generator));
+ shablock2.block_msg = static_cast>(MSG_padded >> (1024 * (MSG_chnks - 1)));
+ if (j > 0)
+ {
+ shablock2.next = chunk3.sha1.next;
+ }
+ h_sha_msg_2->write(shablock2, "send_ipad_msg");
+ MSG_padded = static_cast>(MSG_padded << 1024);
+ shablock2.init = chunk3.sha1.init;
+ sha_2_digest->read(sha_digest_out_opad, "sha1_digest_out");
+ }
+ hmac_2_digest->write(sha_digest_out_opad, "shaop_IPAD_DIGEST_HMAC");
+
+ chunk1.sha1.init = chunk3.sha1.init;
+ }
+ }
+};
+
+#endif
\ No newline at end of file
diff --git a/src/hmac/formal/model/simulation_model/sha_algo.h b/src/hmac/formal/model/simulation_model/sha_algo.h
new file mode 100644
index 000000000..498359e54
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/sha_algo.h
@@ -0,0 +1,428 @@
+// -------------------------------------------------
+// Contact: contact@lubis-eda.com
+// Author: Tobias Ludwig, Michael Schwarz
+// -------------------------------------------------
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef SHA
+#define SHA
+
+#include
+#include "systemc.h"
+#include "string.h"
+#include "Interfaces.h"
+#include "../hmac_core.h"
+
+using namespace std;
+#define NUM_ROUNDS 80
+
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+
+ sc_biguint<64> slicer(sc_biguint<1024> block, int index) {
+ switch (index){
+ case 0:
+ return static_cast> (block >> sc_biguint<1024>(64 * 0));
+ break;
+ case 1:
+ return static_cast> (block >> sc_biguint<1024>(64 * 1));
+ break;
+ case 2:
+ return static_cast> (block >> sc_biguint<1024>(64 * 2));
+ break;
+ case 3:
+ return static_cast> (block >> sc_biguint<1024>(64 * 3));
+ break;
+ case 4:
+ return static_cast> (block >> sc_biguint<1024>(64 * 4));
+ break;
+ case 5:
+ return static_cast> (block >> sc_biguint<1024>(64 * 5));
+ break;
+ case 6:
+ return static_cast> (block >> sc_biguint<1024>(64 * 6));
+ break;
+ case 7:
+ return static_cast> (block >> sc_biguint<1024>(64 * 7));
+ break;
+ case 8:
+ return static_cast> (block >> sc_biguint<1024>(64 * 8));
+ break;
+ case 9:
+ return static_cast> (block >> sc_biguint<1024>(64 * 9));
+ break;
+ case 10:
+ return static_cast> (block >> sc_biguint<1024>(64 * 10));
+ break;
+ case 11:
+ return static_cast> (block >> sc_biguint<1024>(64 * 11));
+ break;
+ case 12:
+ return static_cast> (block >> sc_biguint<1024>(64 * 12));
+ break;
+ case 13:
+ return static_cast> (block >> sc_biguint<1024>(64 * 13));
+ break;
+ case 14:
+ return static_cast> (block >> sc_biguint<1024>(64 * 14));
+ break;
+ case 15:
+ return static_cast> (block >> sc_biguint<1024>(64 * 15));
+ break;
+ default:
+ return static_cast> (block >> sc_biguint<1024>(64 * 15));
+ break;
+ }
+}
+
+sc_biguint<64> Ch(sc_biguint<64> a, sc_biguint<64> b, sc_biguint<64> c) {
+ return static_cast>((a & b) ^ (~a & c));
+}
+
+sc_biguint<64> Maj(sc_biguint<64> x, sc_biguint<64> y, sc_biguint<64> z) {
+ return static_cast>((x & y) ^ (x & z) ^ (y & z));
+}
+
+sc_biguint<64> shr6(sc_biguint<64> n) {
+ return static_cast>(n >> sc_biguint<64>(6));
+}
+
+sc_biguint<64> shr7(sc_biguint<64> n) {
+ return static_cast>(n >> sc_biguint<64>(7));
+}
+
+sc_biguint<64> rotr1(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(1))) | (n << (sc_biguint<64>(63))));
+}
+
+sc_biguint<64> rotr8(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(8))) | (n << (sc_biguint<64>(56))));
+}
+
+sc_biguint<64> rotr14(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(14))) | (n << (sc_biguint<64>(50))));
+}
+
+sc_biguint<64> rotr18(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(18))) | (n << (sc_biguint<64>(46))));
+}
+
+sc_biguint<64> rotr19(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(19))) | (n << (sc_biguint<64>(45))));
+}
+
+sc_biguint<64> rotr28(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(28))) | (n << (sc_biguint<64>(36))));
+}
+
+sc_biguint<64> rotr34(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(34))) | (n << (sc_biguint<64>(30))));
+}
+
+sc_biguint<64> rotr39(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(39))) | (n << (sc_biguint<64>(25))));
+}
+
+sc_biguint<64> rotr41(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(41))) | (n << (sc_biguint<64>(23))));
+}
+
+sc_biguint<64> rotr61(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(61))) | (n << (sc_biguint<64>(3))));
+}
+
+sc_biguint<64> sigma0(sc_biguint<64> x){
+ return static_cast> (rotr28(x) ^ rotr34(x) ^ rotr39(x));
+}
+
+sc_biguint<64> sigma1(sc_biguint<64> x) {
+ return static_cast> (rotr14(x) ^ rotr18(x) ^ rotr41(x));
+}
+
+sc_biguint<64> delta0(sc_biguint<64> x) {
+ return static_cast> (rotr1(x) ^ rotr8(x) ^ shr7(x));
+}
+
+sc_biguint<64> delta1(sc_biguint<64> x) {
+ return static_cast> (rotr19(x) ^ rotr61(x) ^ shr6(x));
+}
+
+sc_biguint<64> T1(sc_biguint<64> e, sc_biguint<64> f, sc_biguint<64> g, sc_biguint<64> h, sc_biguint<64> k, sc_biguint<64> w) {
+ return static_cast>(h + sigma1(e) + Ch(e, f, g) + k + w);
+}
+
+sc_biguint<64> T2(sc_biguint<64> a, sc_biguint<64> b, sc_biguint<64> c) {
+ return static_cast>(sigma0(a) + Maj(a, b, c));
+}
+sc_biguint<64> compute_e(sc_biguint<64> d,sc_biguint<64> e, sc_biguint<64> f, sc_biguint<64> g, sc_biguint<64> h, sc_biguint<64> k, sc_biguint<64> w) {
+ return static_cast>(d+ h + sigma1(e) + Ch(e, f, g) + k + w);
+}
+sc_biguint<64> compute_a(sc_biguint<64> e, sc_biguint<64> f, sc_biguint<64> g, sc_biguint<64> h, sc_biguint<64> k, sc_biguint<64> w,sc_biguint<64> a, sc_biguint<64> b, sc_biguint<64> c) {
+ return static_cast>((static_cast>(h + sigma1(e) + Ch(e, f, g) + k + w))+(static_cast>(sigma0(a) + Maj(a, b, c))));
+}
+
+sc_biguint<64> compute_w(sc_biguint<64> w14, sc_biguint<64> w9, sc_biguint<64> w1, sc_biguint<64> w0) {
+ return static_cast>(delta1(w14) + w9 + delta0(w1) + w0);
+}
+
+sc_biguint<512> compute_dig (sc_biguint<512> dig,sc_biguint<64> h7, sc_biguint<64> h6, sc_biguint<64> h5, sc_biguint<64> h4,sc_biguint<64> h3,sc_biguint<64> h2, sc_biguint<64> h1, sc_biguint<64> h0){
+ dig += static_cast> (h6 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h6 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h5 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h4 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h3 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h2 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h1 << sc_biguint<64>(448));
+ dig = static_cast> (dig >> sc_biguint<512>(64));
+ dig += static_cast> (h0 << sc_biguint<64>(448));
+
+ return(dig);
+
+}
+// struct SHA_Args{
+// sc_biguint<1024> in;
+// bool init;
+// bool next;
+// };
+
+/*struct sha_block{
+ sc_biguint block_msg;
+ bool init;
+ bool next;
+};*/
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+ const array , 80> K =
+ {sc_biguint<64>(0x428a2f98d728ae22), sc_biguint<64>(0x7137449123ef65cd), sc_biguint<64>(0xb5c0fbcfec4d3b2f),\
+ sc_biguint<64>(0xe9b5dba58189dbbc), sc_biguint<64>(0x3956c25bf348b538), sc_biguint<64>(0x59f111f1b605d019),\
+ sc_biguint<64>(0x923f82a4af194f9b), sc_biguint<64>(0xab1c5ed5da6d8118), sc_biguint<64>(0xd807aa98a3030242),\
+ sc_biguint<64>(0x12835b0145706fbe), sc_biguint<64>(0x243185be4ee4b28c), sc_biguint<64>(0x550c7dc3d5ffb4e2),\
+ sc_biguint<64>(0x72be5d74f27b896f), sc_biguint<64>(0x80deb1fe3b1696b1), sc_biguint<64>(0x9bdc06a725c71235),\
+ sc_biguint<64>(0xc19bf174cf692694), sc_biguint<64>(0xe49b69c19ef14ad2), sc_biguint<64>(0xefbe4786384f25e3),\
+ sc_biguint<64>(0x0fc19dc68b8cd5b5), sc_biguint<64>(0x240ca1cc77ac9c65), sc_biguint<64>(0x2de92c6f592b0275),\
+ sc_biguint<64>(0x4a7484aa6ea6e483), sc_biguint<64>(0x5cb0a9dcbd41fbd4), sc_biguint<64>(0x76f988da831153b5),\
+ sc_biguint<64>(0x983e5152ee66dfab), sc_biguint<64>(0xa831c66d2db43210), sc_biguint<64>(0xb00327c898fb213f),\
+ sc_biguint<64>(0xbf597fc7beef0ee4), sc_biguint<64>(0xc6e00bf33da88fc2), sc_biguint<64>(0xd5a79147930aa725),\
+ sc_biguint<64>(0x06ca6351e003826f), sc_biguint<64>(0x142929670a0e6e70), sc_biguint<64>(0x27b70a8546d22ffc),\
+ sc_biguint<64>(0x2e1b21385c26c926), sc_biguint<64>(0x4d2c6dfc5ac42aed), sc_biguint<64>(0x53380d139d95b3df),\
+ sc_biguint<64>(0x650a73548baf63de), sc_biguint<64>(0x766a0abb3c77b2a8), sc_biguint<64>(0x81c2c92e47edaee6),\
+ sc_biguint<64>(0x92722c851482353b), sc_biguint<64>(0xa2bfe8a14cf10364), sc_biguint<64>(0xa81a664bbc423001),\
+ sc_biguint<64>(0xc24b8b70d0f89791), sc_biguint<64>(0xc76c51a30654be30), sc_biguint<64>(0xd192e819d6ef5218),\
+ sc_biguint<64>(0xd69906245565a910), sc_biguint<64>(0xf40e35855771202a), sc_biguint<64>(0x106aa07032bbd1b8),\
+ sc_biguint<64>(0x19a4c116b8d2d0c8), sc_biguint<64>(0x1e376c085141ab53), sc_biguint<64>(0x2748774cdf8eeb99),\
+ sc_biguint<64>(0x34b0bcb5e19b48a8), sc_biguint<64>(0x391c0cb3c5c95a63), sc_biguint<64>(0x4ed8aa4ae3418acb),\
+ sc_biguint<64>(0x5b9cca4f7763e373), sc_biguint<64>(0x682e6ff3d6b2b8a3), sc_biguint<64>(0x748f82ee5defb2fc),\
+ sc_biguint<64>(0x78a5636f43172f60), sc_biguint<64>(0x84c87814a1f0ab72), sc_biguint<64>(0x8cc702081a6439ec),\
+ sc_biguint<64>(0x90befffa23631e28), sc_biguint<64>(0xa4506cebde82bde9), sc_biguint<64>(0xbef9a3f7b2c67915),\
+ sc_biguint<64>(0xc67178f2e372532b), sc_biguint<64>(0xca273eceea26619c), sc_biguint<64>(0xd186b8c721c0c207),\
+ sc_biguint<64>(0xeada7dd6cde0eb1e), sc_biguint<64>(0xf57d4f7fee6ed178), sc_biguint<64>(0x06f067aa72176fba),\
+ sc_biguint<64>(0x0a637dc5a2c898a6), sc_biguint<64>(0x113f9804bef90dae), sc_biguint<64>(0x1b710b35131c471b),\
+ sc_biguint<64>(0x28db77f523047d84), sc_biguint<64>(0x32caab7b40c72493), sc_biguint<64>(0x3c9ebe0a15c9bebc),\
+ sc_biguint<64>(0x431d67c49c100d4c), sc_biguint<64>(0x4cc5d4becb3e42b6), sc_biguint<64>(0x597f299cfc657e2a),\
+ sc_biguint<64>(0x5fcb6fab3ad6faec), sc_biguint<64>(0x6c44198c4a475817)};;
+
+SC_MODULE(SHA512) {
+
+ blocking_in SHA_Input;
+ blocking_out > out;
+
+ array , 16> W;
+ array , 8> H;
+
+ sc_biguint<64> t1 = sc_biguint<64> (0), t2 = sc_biguint<64> (0),
+ a = sc_biguint<64> (0), b = sc_biguint<64> (0),
+ c = sc_biguint<64> (0), d = sc_biguint<64> (0),
+ e = sc_biguint<64> (0), f = sc_biguint<64> (0),
+ g = sc_biguint<64> (0), h = sc_biguint<64> (0),
+ w = sc_biguint<64> (0), k = sc_biguint<64> (0);
+ sc_biguint<64> tmp_w;
+
+ sc_biguint<1024> block_in;
+ sc_biguint<1024> block_copy;
+ sc_biguint<512> MSG_digest;
+
+ sha_block SHA_in;
+ int SHA_Mode_in;
+ bool init, next, success, zeroize;
+
+ int i, j, m=0;
+
+ void fsm();
+
+ SC_CTOR(SHA512){
+ SC_THREAD(fsm);
+ }
+};
+
+void SHA512::fsm(){
+
+while(true){
+
+ SHA_Input->read(SHA_in, "IDLE");
+
+ block_in = SHA_in.block_msg;
+ SHA_Mode_in = 384;
+ init = SHA_in.init;
+ next = SHA_in.next;
+ //zeroize = SHA_in.zeroize;
+ cout<<"sha_called"<(0x8c3d37c819544da2), sc_biguint<64>(0x73e1996689dcd4d6),\
+ sc_biguint<64>(0x1dfab7ae32ff9c82), sc_biguint<64>(0x679dd514582f9fcf),\
+ sc_biguint<64>(0x0f6d2b697bd44da8), sc_biguint<64>(0x77e36f7304c48942),\
+ sc_biguint<64>(0x3f9d85a86a1d36c8), sc_biguint<64>(0x1112e6ad91d692a1)};
+ break;
+ case 256:
+ H ={sc_biguint<64>(0x22312194fc2bf72c), sc_biguint<64>(0x9f555fa3c84c64c2),\
+ sc_biguint<64>(0x2393b86b6f53b151), sc_biguint<64>(0x963877195940eabd),\
+ sc_biguint<64>(0x96283ee2a88effe3), sc_biguint<64>(0xbe5e1e2553863992),\
+ sc_biguint<64>(0x2b0199fc2c85b8aa), sc_biguint<64>(0x0eb72ddc81c52ca2)};
+ break;
+ case 384:
+ H ={sc_biguint<64>(0xcbbb9d5dc1059ed8), sc_biguint<64>(0x629a292a367cd507),\
+ sc_biguint<64>(0x9159015a3070dd17), sc_biguint<64>(0x152fecd8f70e5939),\
+ sc_biguint<64>(0x67332667ffc00b31), sc_biguint<64>(0x8eb44a8768581511),\
+ sc_biguint<64>(0xdb0c2e0d64f98fa7), sc_biguint<64>(0x47b5481dbefa4fa4)};
+ break;
+ case 512:
+ H ={sc_biguint<64>(0x6a09e667f3bcc908), sc_biguint<64>(0xbb67ae8584caa73b),\
+ sc_biguint<64>(0x3c6ef372fe94f82b), sc_biguint<64>(0xa54ff53a5f1d36f1),\
+ sc_biguint<64>(0x510e527fade682d1), sc_biguint<64>(0x9b05688c2b3e6c1f),\
+ sc_biguint<64>(0x1f83d9abfb41bd6b), sc_biguint<64>(0x5be0cd19137e2179)};
+
+ break;
+ default:
+ H ={sc_biguint<64>(0xcbbb9d5dc1059ed8), sc_biguint<64>(0x629a292a367cd507),\
+ sc_biguint<64>(0x9159015a3070dd17), sc_biguint<64>(0x152fecd8f70e5939),\
+ sc_biguint<64>(0x67332667ffc00b31), sc_biguint<64>(0x8eb44a8768581511),\
+ sc_biguint<64>(0xdb0c2e0d64f98fa7), sc_biguint<64>(0x47b5481dbefa4fa4)};
+ break;
+ }
+
+ t1 = sc_biguint<64> (0); t2 = sc_biguint<64> (0);
+ a = sc_biguint<64> (0); b = sc_biguint<64> (0);
+ c = sc_biguint<64> (0); d = sc_biguint<64> (0);
+ e = sc_biguint<64> (0); f = sc_biguint<64> (0);
+ g = sc_biguint<64> (0); h = sc_biguint<64> (0);
+ w = sc_biguint<64> (0); k = sc_biguint<64> (0);
+ W = {sc_biguint<64>(0)};
+ }
+
+ std::cout << "*****************"<< std::endl;
+ std::cout << "H[0] registers: "<< std::hex<> (H[7] << (sc_biguint<64>(448)));
+ for (j=6; j > -1; --j) {
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(64));
+ MSG_digest += static_cast> (H[j] << sc_biguint<64>(448));
+ }
+ //MSG_digest = compute_dig(static_cast>(0),H[7],H[6],H[5],H[4],H[3],H[2],H[1],H[0]);
+ //MSG_digest = concati(MSG_digest, H, j);
+ /* BYME: to comply with rtl
+ switch (SHA_Mode_in){
+ case 224:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(288));
+ break;
+ case 256:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(256));
+ break;
+ case 384:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(128));
+ break;
+ default:
+ MSG_digest = static_cast> (MSG_digest);
+ break;
+ }*/
+
+ out->write(static_cast> (MSG_digest));
+
+
+ //};
+
+ //out->write(static_cast> (MSG_digest >> static_cast>(512-SHA_Mode_in)));
+ }
+};
+#endif
\ No newline at end of file
diff --git a/src/hmac/formal/model/simulation_model/sha_algo_masked.h b/src/hmac/formal/model/simulation_model/sha_algo_masked.h
new file mode 100644
index 000000000..6187434a9
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/sha_algo_masked.h
@@ -0,0 +1,506 @@
+// -------------------------------------------------
+// Contact: contact@lubis-eda.com
+// Author: Tobias Ludwig, Michael Schwarz
+// -------------------------------------------------
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef SHA
+#define SHA
+
+#include
+#include
+#include "systemc.h"
+#include "string.h"
+#include "Interfaces.h"
+#include "../hmac_core.h"
+using namespace std;
+
+#define NUM_ROUNDS 80
+#define SHA512_RNDs 9
+const sc_biguint<74> LFSR_INIT_SEED = sc_biguint<74>(0xA79D0EC11E389277);
+
+std::random_device seed;
+std::default_random_engine generator(seed());
+std::uniform_int_distribution distribution(0,0xFFFFFFFFFFFFFFFF);
+
+//0x079D0EC11E389277); // a random value, copied from RTL:
+//BYME: check latest versin of code, Luref, functions23A
+//ASK: I don't want some stuff in luref
+//BYME: changed fv_constraints to fix block_msg
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+
+/* struct sha_block
+{
+ sc_biguint block_msg;
+ bool init;
+ bool next;
+ sc_biguint<74> lfsr_rnd;
+}; */
+struct masked_reg_t {
+ sc_biguint<64> masked, random;
+};
+
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+
+ sc_biguint<64> slicer(sc_biguint<1024> block, int index) {
+ switch (index){
+ case 0:
+ return static_cast> (block >> sc_biguint<1024>(64 * 0));
+ break;
+ case 1:
+ return static_cast> (block >> sc_biguint<1024>(64 * 1));
+ break;
+ case 2:
+ return static_cast> (block >> sc_biguint<1024>(64 * 2));
+ break;
+ case 3:
+ return static_cast> (block >> sc_biguint<1024>(64 * 3));
+ break;
+ case 4:
+ return static_cast> (block >> sc_biguint<1024>(64 * 4));
+ break;
+ case 5:
+ return static_cast> (block >> sc_biguint<1024>(64 * 5));
+ break;
+ case 6:
+ return static_cast> (block >> sc_biguint<1024>(64 * 6));
+ break;
+ case 7:
+ return static_cast> (block >> sc_biguint<1024>(64 * 7));
+ break;
+ case 8:
+ return static_cast> (block >> sc_biguint<1024>(64 * 8));
+ break;
+ case 9:
+ return static_cast> (block >> sc_biguint<1024>(64 * 9));
+ break;
+ case 10:
+ return static_cast> (block >> sc_biguint<1024>(64 * 10));
+ break;
+ case 11:
+ return static_cast> (block >> sc_biguint<1024>(64 * 11));
+ break;
+ case 12:
+ return static_cast> (block >> sc_biguint<1024>(64 * 12));
+ break;
+ case 13:
+ return static_cast> (block >> sc_biguint<1024>(64 * 13));
+ break;
+ case 14:
+ return static_cast> (block >> sc_biguint<1024>(64 * 14));
+ break;
+ case 15:
+ return static_cast> (block >> sc_biguint<1024>(64 * 15));
+ break;
+ default:
+ return static_cast> (block >> sc_biguint<1024>(64 * 15));
+ break;
+ }
+}
+
+sc_biguint<512> concati(sc_biguint<512> MSG_digest, array , 8> H, int j) {
+ MSG_digest = static_cast> (H[7] << (sc_biguint<64>(448)));
+ for (j=6; j > -1; --j) {
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(64));
+ MSG_digest += static_cast> (H[j] << sc_biguint<64>(448));
+ };
+ return MSG_digest;
+}
+
+sc_biguint<64> shr6(sc_biguint<64> n) {
+ return static_cast>(n >> sc_biguint<64>(6));
+}
+
+sc_biguint<64> shr7(sc_biguint<64> n) {
+ return static_cast>(n >> sc_biguint<64>(7));
+}
+
+sc_biguint<64> rotr1(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(1))) | (n << (sc_biguint<64>(63))));
+}
+
+sc_biguint<64> rotr8(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(8))) | (n << (sc_biguint<64>(56))));
+}
+
+sc_biguint<64> rotr14(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(14))) | (n << (sc_biguint<64>(50))));
+}
+
+sc_biguint<64> rotr18(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(18))) | (n << (sc_biguint<64>(46))));
+}
+
+sc_biguint<64> rotr19(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(19))) | (n << (sc_biguint<64>(45))));
+}
+
+sc_biguint<64> rotr28(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(28))) | (n << (sc_biguint<64>(36))));
+}
+
+sc_biguint<64> rotr34(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(34))) | (n << (sc_biguint<64>(30))));
+}
+
+sc_biguint<64> rotr39(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(39))) | (n << (sc_biguint<64>(25))));
+}
+
+sc_biguint<64> rotr41(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(41))) | (n << (sc_biguint<64>(23))));
+}
+
+sc_biguint<64> rotr61(sc_biguint<64> n) {
+ return static_cast>((n >> (sc_biguint<64>(61))) | (n << (sc_biguint<64>(3))));
+}
+
+sc_biguint<64> sigma0(sc_biguint<64> x){
+ return static_cast> (rotr28(x) ^ rotr34(x) ^ rotr39(x));
+}
+
+sc_biguint<64> sigma1(sc_biguint<64> x) {
+ return static_cast> (rotr14(x) ^ rotr18(x) ^ rotr41(x));
+}
+
+sc_biguint<64> delta0(sc_biguint<64> x) {
+ return static_cast> (rotr1(x) ^ rotr8(x) ^ shr7(x));
+}
+
+sc_biguint<64> delta1(sc_biguint<64> x) {
+ return static_cast> (rotr19(x) ^ rotr61(x) ^ shr6(x));
+}
+
+sc_biguint<64> masked_and(sc_biguint<64> x_masked, sc_biguint<64> x_random, sc_biguint<64> y_masked, sc_biguint<64> y_random) {
+ return (~y_masked & ((~y_random & x_random) | (y_random & x_masked))) | (y_masked & ((y_random & x_random) | (~y_random & x_masked))); //x & y;
+}
+
+sc_biguint<64> masked_Maj(sc_biguint<64> a_masked, sc_biguint<64> a_random, sc_biguint<64> b_masked, sc_biguint<64> b_random, sc_biguint<64> c_masked, sc_biguint<64> c_random) {
+ return masked_and(a_masked, a_random, b_masked, b_random) ^ masked_and(a_masked, a_random, c_masked, c_random) ^ masked_and(b_masked, b_random, c_masked, c_random);
+}
+
+sc_biguint<64> masked_Ch_m(sc_biguint<64> e_masked, sc_biguint<64> e_random, sc_biguint<64> f_masked, sc_biguint<64> f_random, sc_biguint<64> g_masked, sc_biguint<64> g_random) {
+ return masked_and(e_masked, e_random, f_masked, f_random) ^ masked_and(g_masked, g_random, ~e_masked, e_random);
+}
+
+sc_biguint<64> masked_Ch_r(sc_biguint<64> e_masked, sc_biguint<64> e_random, sc_biguint<64> f_masked, sc_biguint<64> f_random, sc_biguint<64> g_masked, sc_biguint<64> g_random) {
+ return e_random ^ g_random;
+}
+
+sc_biguint<64> B2A_conv(sc_biguint<64> x_masked, sc_biguint<64> x_random, bool q, bool masked_carry, sc_biguint<128> x_prime, sc_biguint<64> mask, int j) { // convert x_masked = x ^ rnd to x_prime = x + rand
+ // masked_carry[j] = c[j] ^ qs
+ mask = sc_biguint<64>(0x01);
+ x_prime = sc_biguint<128>(0);
+ masked_carry = q; //used this initial value to avoid the separate case of 0
+
+ for (j = 0; j < 64; ++j) { //BYME: change next line
+ x_prime += ((x_masked & mask) == mask) != masked_carry != q ? sc_biguint<128>(16) * sc_biguint<128>(0x01000000000000000) : sc_biguint<128>(0);
+ masked_carry = (!((x_masked & mask) == mask) and (((x_random & mask) == mask) != q)) or (((x_masked & mask) == mask) and masked_carry);
+
+ x_prime = x_prime >> sc_biguint<128>(1);
+ mask = mask << sc_biguint<64>(1);
+ }
+
+ return static_cast>(x_prime);//x_prime
+}
+
+sc_biguint<64> A2B_conv(sc_biguint<64> x_masked, sc_biguint<64> x_random, bool q, bool masked_carry, sc_biguint<128> x_m, sc_biguint<64> mask, int j) { // convert x_prime = x + rand to x_masked = x ^ rnd
+ // masked_carry[j] = c[j] ^ q
+ mask = sc_biguint<64>(0x01);
+ x_m = static_cast>((x_masked & mask) << (sc_biguint<128>(64)));
+ masked_carry = (not((x_masked & mask) == mask) and ((x_random & mask) == mask)) != q;//used this initial value to avoid separate case of 0
+
+ for (j = 1; j < 64; ++j) {
+ mask = mask << sc_biguint<64>(1);
+
+ x_m = (x_m >> 1);//BYME: change next line
+ x_m += ((x_masked & mask) == mask) != masked_carry != q ? sc_biguint<128>(16) * sc_biguint<128>(0x01000000000000000) : sc_biguint<128>(0);
+
+ masked_carry = ((((x_masked & mask) == mask) != ((x_random & mask) == mask)) and (((x_random & mask) == mask) != q)) or ((!((x_masked & mask) == mask) != ((x_random & mask) == mask)) and masked_carry);
+
+ }
+ x_m = (x_m >> 1);
+
+
+ return static_cast>(x_m);//x_m
+}
+
+sc_biguint<64> T1_m(sc_biguint<64> e_masked, sc_biguint<64> e_random, sc_biguint<64> f_masked, sc_biguint<64> f_random, sc_biguint<64> g_masked, sc_biguint<64> g_random, sc_biguint<64> h_masked, sc_biguint<64> h_random, sc_biguint<64> k, sc_biguint<64> w_masked, sc_biguint<64> w_random, bool masked_carry, sc_biguint<128> x_prime, sc_biguint<64> mask, bool q_masking_rnd_0, bool q_masking_rnd_1, bool q_masking_rnd_2, bool q_masking_rnd_3, bool q_masking_rnd_4, int j) {
+
+ return static_cast>(B2A_conv(h_masked, h_random, q_masking_rnd_0, masked_carry, x_prime, mask, j) +
+ B2A_conv(sigma1(e_masked), sigma1(e_random), q_masking_rnd_1, masked_carry, x_prime, mask, j)+
+ B2A_conv(masked_Ch_m(e_masked, e_random, f_masked, f_random, g_masked, g_random), e_random ^ g_random, q_masking_rnd_2, masked_carry, x_prime, mask, j) +
+ B2A_conv(k, sc_biguint<64>(0x0), q_masking_rnd_3, masked_carry, x_prime, mask, j) +
+ B2A_conv(w_masked, w_random, q_masking_rnd_4, masked_carry, x_prime, mask, j));
+}
+
+sc_biguint<64> T1_r(sc_biguint<64> e_random, sc_biguint<64> g_random, sc_biguint<64> h_random, sc_biguint<64> w_random) {
+ return static_cast>(h_random + sigma1(e_random) + (e_random ^ g_random) + w_random);
+}
+
+sc_biguint<64> T2_m(sc_biguint<64> a_masked, sc_biguint<64> a_random, sc_biguint<64> b_masked, sc_biguint<64> b_random, sc_biguint<64> c_masked, sc_biguint<64> c_random, bool masked_carry, sc_biguint<128> x_prime, sc_biguint<64> mask, bool q_masking_rnd_5, bool q_masking_rnd_6, int j) {
+ return static_cast>(B2A_conv(sigma0(a_masked), sigma0(a_random), q_masking_rnd_5, masked_carry, x_prime, mask, j) +
+ B2A_conv(masked_Maj(a_masked, a_random, b_masked, b_random, c_masked, c_random), b_random, q_masking_rnd_6, masked_carry, x_prime, mask, j));
+}
+
+sc_biguint<64> T2_r(sc_biguint<64> a_random, sc_biguint<64> b_random) {
+ return static_cast>(sigma0(a_random) + b_random);
+}
+
+sc_biguint<74> lfsr(sc_biguint<74> a) {
+ return static_cast>((a * 2) + (a[73] ^ a[72] ^ a[58] ^ a[57]));
+}
+
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+const array , 80> K =
+ {sc_biguint<64>(0x428a2f98d728ae22), sc_biguint<64>(0x7137449123ef65cd), sc_biguint<64>(0xb5c0fbcfec4d3b2f),\
+ sc_biguint<64>(0xe9b5dba58189dbbc), sc_biguint<64>(0x3956c25bf348b538), sc_biguint<64>(0x59f111f1b605d019),\
+ sc_biguint<64>(0x923f82a4af194f9b), sc_biguint<64>(0xab1c5ed5da6d8118), sc_biguint<64>(0xd807aa98a3030242),\
+ sc_biguint<64>(0x12835b0145706fbe), sc_biguint<64>(0x243185be4ee4b28c), sc_biguint<64>(0x550c7dc3d5ffb4e2),\
+ sc_biguint<64>(0x72be5d74f27b896f), sc_biguint<64>(0x80deb1fe3b1696b1), sc_biguint<64>(0x9bdc06a725c71235),\
+ sc_biguint<64>(0xc19bf174cf692694), sc_biguint<64>(0xe49b69c19ef14ad2), sc_biguint<64>(0xefbe4786384f25e3),\
+ sc_biguint<64>(0x0fc19dc68b8cd5b5), sc_biguint<64>(0x240ca1cc77ac9c65), sc_biguint<64>(0x2de92c6f592b0275),\
+ sc_biguint<64>(0x4a7484aa6ea6e483), sc_biguint<64>(0x5cb0a9dcbd41fbd4), sc_biguint<64>(0x76f988da831153b5),\
+ sc_biguint<64>(0x983e5152ee66dfab), sc_biguint<64>(0xa831c66d2db43210), sc_biguint<64>(0xb00327c898fb213f),\
+ sc_biguint<64>(0xbf597fc7beef0ee4), sc_biguint<64>(0xc6e00bf33da88fc2), sc_biguint<64>(0xd5a79147930aa725),\
+ sc_biguint<64>(0x06ca6351e003826f), sc_biguint<64>(0x142929670a0e6e70), sc_biguint<64>(0x27b70a8546d22ffc),\
+ sc_biguint<64>(0x2e1b21385c26c926), sc_biguint<64>(0x4d2c6dfc5ac42aed), sc_biguint<64>(0x53380d139d95b3df),\
+ sc_biguint<64>(0x650a73548baf63de), sc_biguint<64>(0x766a0abb3c77b2a8), sc_biguint<64>(0x81c2c92e47edaee6),\
+ sc_biguint<64>(0x92722c851482353b), sc_biguint<64>(0xa2bfe8a14cf10364), sc_biguint<64>(0xa81a664bbc423001),\
+ sc_biguint<64>(0xc24b8b70d0f89791), sc_biguint<64>(0xc76c51a30654be30), sc_biguint<64>(0xd192e819d6ef5218),\
+ sc_biguint<64>(0xd69906245565a910), sc_biguint<64>(0xf40e35855771202a), sc_biguint<64>(0x106aa07032bbd1b8),\
+ sc_biguint<64>(0x19a4c116b8d2d0c8), sc_biguint<64>(0x1e376c085141ab53), sc_biguint<64>(0x2748774cdf8eeb99),\
+ sc_biguint<64>(0x34b0bcb5e19b48a8), sc_biguint<64>(0x391c0cb3c5c95a63), sc_biguint<64>(0x4ed8aa4ae3418acb),\
+ sc_biguint<64>(0x5b9cca4f7763e373), sc_biguint<64>(0x682e6ff3d6b2b8a3), sc_biguint<64>(0x748f82ee5defb2fc),\
+ sc_biguint<64>(0x78a5636f43172f60), sc_biguint<64>(0x84c87814a1f0ab72), sc_biguint<64>(0x8cc702081a6439ec),\
+ sc_biguint<64>(0x90befffa23631e28), sc_biguint<64>(0xa4506cebde82bde9), sc_biguint<64>(0xbef9a3f7b2c67915),\
+ sc_biguint<64>(0xc67178f2e372532b), sc_biguint<64>(0xca273eceea26619c), sc_biguint<64>(0xd186b8c721c0c207),\
+ sc_biguint<64>(0xeada7dd6cde0eb1e), sc_biguint<64>(0xf57d4f7fee6ed178), sc_biguint<64>(0x06f067aa72176fba),\
+ sc_biguint<64>(0x0a637dc5a2c898a6), sc_biguint<64>(0x113f9804bef90dae), sc_biguint<64>(0x1b710b35131c471b),\
+ sc_biguint<64>(0x28db77f523047d84), sc_biguint<64>(0x32caab7b40c72493), sc_biguint<64>(0x3c9ebe0a15c9bebc),\
+ sc_biguint<64>(0x431d67c49c100d4c), sc_biguint<64>(0x4cc5d4becb3e42b6), sc_biguint<64>(0x597f299cfc657e2a),\
+ sc_biguint<64>(0x5fcb6fab3ad6faec), sc_biguint<64>(0x6c44198c4a475817)};
+
+SC_MODULE(SHA512_masked) {
+
+ blocking_in SHA_Input;
+ blocking_out > out;
+
+ array , 16> W;
+ array , 8> H;
+ array , 8> rh_masking_rnd = {sc_biguint<64>(0)};
+
+ masked_reg_t t1 = {sc_biguint<64>(0)}, t2 = {sc_biguint<64>(0)},
+ a = {sc_biguint<64>(0)}, b = {sc_biguint<64>(0)},
+ c = {sc_biguint<64>(0)}, d = {sc_biguint<64>(0)},
+ e = {sc_biguint<64>(0)}, f = {sc_biguint<64>(0)},
+ g = {sc_biguint<64>(0)}, h = {sc_biguint<64>(0)},
+ w_data = {sc_biguint<64>(0)};
+ sc_biguint<64> w = sc_biguint<64> (0), k = sc_biguint<64> (0);
+ sc_biguint<64> tmp_w;
+
+ sc_biguint<1024> block_in;
+ sc_biguint<1024> block_copy;
+ sc_biguint<512> MSG_digest;
+
+ sc_biguint<74> lfsr_rnd;
+ //sc_biguint<74> lfsr_rnd = LFSR_INIT_SEED;
+ sc_biguint<74> lfsr_rnd_c;
+
+ sha_block SHA_in;
+ int SHA_Mode_in;
+ bool init_cmd, next_cmd, success, zeroize;
+
+ bool masked_carry;
+ sc_biguint<64> mask = sc_biguint<64>(0x01);;
+ sc_biguint<64> rw_masking_rnd;
+ array q_masking_rnd;
+ sc_biguint<128> x_prime;
+ sc_biguint<128> x_masked;
+
+ int i, j, m=0, p;
+
+ void fsm();
+
+ SC_CTOR(SHA512_masked){
+ SC_THREAD(fsm);
+ }
+};
+
+void SHA512_masked::fsm(){
+
+ while(true){
+ //lfsr_rnd = LFSR_INIT_SEED; //BYME: otherwise in reset property would be 0
+ SHA_Input->read(SHA_in, "IDLE");
+
+ block_in = SHA_in.block_msg;
+ lfsr_rnd = SHA_in.lfsr_rnd;
+ SHA_Mode_in = 384;
+ init_cmd = SHA_in.init;
+ next_cmd = SHA_in.next;
+ //zeroize = SHA_in.zeroize;
+
+ //for (p=0; p(0x8c3d37c819544da2), sc_biguint<64>(0x73e1996689dcd4d6),\
+ sc_biguint<64>(0x1dfab7ae32ff9c82), sc_biguint<64>(0x679dd514582f9fcf),\
+ sc_biguint<64>(0x0f6d2b697bd44da8), sc_biguint<64>(0x77e36f7304c48942),\
+ sc_biguint<64>(0x3f9d85a86a1d36c8), sc_biguint<64>(0x1112e6ad91d692a1)};
+ break;
+ case 1:
+ H ={sc_biguint<64>(0x22312194fc2bf72c), sc_biguint<64>(0x9f555fa3c84c64c2),\
+ sc_biguint<64>(0x2393b86b6f53b151), sc_biguint<64>(0x963877195940eabd),\
+ sc_biguint<64>(0x96283ee2a88effe3), sc_biguint<64>(0xbe5e1e2553863992),\
+ sc_biguint<64>(0x2b0199fc2c85b8aa), sc_biguint<64>(0x0eb72ddc81c52ca2)};
+ break;
+ /*case 2:
+ H ={sc_biguint<64>(0xcbbb9d5dc1059ed8), sc_biguint<64>(0x629a292a367cd507),\
+ sc_biguint<64>(0x9159015a3070dd17), sc_biguint<64>(0x152fecd8f70e5939),\
+ sc_biguint<64>(0x67332667ffc00b31), sc_biguint<64>(0x8eb44a8768581511),\
+ sc_biguint<64>(0xdb0c2e0d64f98fa7), sc_biguint<64>(0x47b5481dbefa4fa4)};
+ break;*/
+ case 3:
+ H ={sc_biguint<64>(0x6a09e667f3bcc908), sc_biguint<64>(0xbb67ae8584caa73b),\
+ sc_biguint<64>(0x3c6ef372fe94f82b), sc_biguint<64>(0xa54ff53a5f1d36f1),\
+ sc_biguint<64>(0x510e527fade682d1), sc_biguint<64>(0x9b05688c2b3e6c1f),\
+ sc_biguint<64>(0x1f83d9abfb41bd6b), sc_biguint<64>(0x5be0cd19137e2179)};
+ break;
+ default:
+ H ={sc_biguint<64>(0xcbbb9d5dc1059ed8), sc_biguint<64>(0x629a292a367cd507),\
+ sc_biguint<64>(0x9159015a3070dd17), sc_biguint<64>(0x152fecd8f70e5939),\
+ sc_biguint<64>(0x67332667ffc00b31), sc_biguint<64>(0x8eb44a8768581511),\
+ sc_biguint<64>(0xdb0c2e0d64f98fa7), sc_biguint<64>(0x47b5481dbefa4fa4)};
+ break;
+ }
+ // BYME: Wasn't it this way before?
+ t1= {sc_biguint<64>(0)}; t2 = {sc_biguint<64>(0)};
+ a = {sc_biguint<64>(0)}; b = {sc_biguint<64>(0)};
+ c = {sc_biguint<64>(0)}; d = {sc_biguint<64>(0)};
+ e = {sc_biguint<64>(0)}; f = {sc_biguint<64>(0)};
+ g = {sc_biguint<64>(0)}; h = {sc_biguint<64>(0)};
+ w = sc_biguint<64> (0); k = sc_biguint<64> (0);
+ W = {sc_biguint<64>(0)};
+ //lfsr_rnd = LFSR_INIT_SEED;//BYME lfsr_seed;
+ }
+
+ for (j=0; j<8; ++j) { //BYME: if (masking_init)rh_masking_rnd[rnd_ctr_reg[2 : 0]] <= lfsr_rnd[63 : 0];
+ rh_masking_rnd[j] = lfsr_rnd;
+ };
+
+ //next(block_in);
+ //W_schedule(block_in);
+ block_copy = block_in;
+
+ for (j=0; j<16; ++j) {
+ W[15-j] = slicer(block_copy, j);
+ };
+
+ //copy_digest();
+ a = {H[0] ^ rh_masking_rnd[0], rh_masking_rnd[0]}; b = {H[1] ^ rh_masking_rnd[1], rh_masking_rnd[1]};
+ c = {H[2] ^ rh_masking_rnd[2], rh_masking_rnd[2]}; d = {H[3] ^ rh_masking_rnd[3], rh_masking_rnd[3]};
+ e = {H[4] ^ rh_masking_rnd[4], rh_masking_rnd[4]}; f = {H[5] ^ rh_masking_rnd[5], rh_masking_rnd[5]};
+ g = {H[6] ^ rh_masking_rnd[6], rh_masking_rnd[6]}; h = {H[7] ^ rh_masking_rnd[7], rh_masking_rnd[7]};
+
+ for (i=0; i>(distribution(generator))*sc_biguint<74>(1024) + static_cast>(distribution(generator));
+ //std::cout << std::dec << "LFSR_RND in round " << i << " is: " << std::hex << lfsr_rnd << std::endl;
+ insert_state("SHA_Rounds");
+ //sha512_round(i);
+ k = K[i];
+ //w = next_w(i);
+
+ if (i < 16)
+ w = W[i];
+ else {
+ tmp_w = delta1(W[14]) + W[9] + delta0(W[1]) + W[0];
+ for (j=0; j<15; ++j) {
+ W[j] = W[(j+1)];
+ };
+ W[15] = tmp_w;
+ w = tmp_w;
+ };
+
+ rw_masking_rnd = static_cast>(lfsr_rnd);
+ lfsr_rnd_c = lfsr_rnd >> 64;
+ for (j=0; j<10; ++j) {
+ q_masking_rnd[j] = ((lfsr_rnd_c) & 0x1) == 1;
+ lfsr_rnd_c = lfsr_rnd_c >> 1;
+ };
+ w_data = {w ^ rw_masking_rnd, rw_masking_rnd};
+ t1 = {T1_m(e.masked, e.random, f.masked, f.random, g.masked, g.random, h.masked, h.random, k, w_data.masked, w_data.random, masked_carry, x_prime, mask, q_masking_rnd[0], q_masking_rnd[1], q_masking_rnd[2], q_masking_rnd[3], q_masking_rnd[4], j), T1_r(e.random, g.random, h.random, w_data.random)};
+ t2 = {T2_m(a.masked, a.random, b.masked, b.random, c.masked, c.random, masked_carry, x_prime, mask, q_masking_rnd[5], q_masking_rnd[6], j), T2_r(a.random, b.random)};
+ h = g;
+ g = f;
+ f = e;
+ e = {A2B_conv((B2A_conv(d.masked, d.random, q_masking_rnd[7], masked_carry, x_prime, mask, j) + t1.masked), (d.random + t1.random), q_masking_rnd[9], masked_carry, x_masked, mask, j), (d.random + t1.random)};
+ d = c;
+ c = b;
+ b = a;
+ a = {A2B_conv((t1.masked + t2.masked), (t1.random + t2.random), q_masking_rnd[8], masked_carry, x_masked, mask, j), (t1.random + t2.random)};
+
+ };
+ insert_state("DONE");
+ //update_digest();
+ H[0] = (H[0] + (a.masked ^ a.random));
+ H[1] = (H[1] + (b.masked ^ b.random));
+ H[2] = (H[2] + (c.masked ^ c.random));
+ H[3] = (H[3] + (d.masked ^ d.random));
+ H[4] = (H[4] + (e.masked ^ e.random));
+ H[5] = (H[5] + (f.masked ^ f.random));
+ H[6] = (H[6] + (g.masked ^ g.random));
+ H[7] = (H[7] + (h.masked ^ h.random));
+
+ MSG_digest = static_cast> (H[7] << (sc_biguint<64>(448)));
+ for (j=6; j > -1; --j) {
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(64));
+ MSG_digest += static_cast> (H[j] << sc_biguint<64>(448));
+ };
+ //MSG_digest = concati(MSG_digest, H, j);
+ /* BYME: to comply with rtl
+ switch (SHA_Mode_in){
+ case 0:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(288));
+ break;
+ case 1:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(256));
+ break;
+ case 2:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(128));
+ break;
+ case 3:
+ MSG_digest = static_cast> (MSG_digest);
+ break;
+ default:
+ MSG_digest = static_cast> (MSG_digest >> sc_biguint<512>(128));
+ break;
+ }*/
+
+ out->write(static_cast> (MSG_digest));
+
+ //};
+
+ //out->write(static_cast> (MSG_digest >> static_cast>(512-SHA_Mode_in)));
+ }
+};
+#endif
\ No newline at end of file
diff --git a/src/hmac/formal/model/simulation_model/simulation/CMakeLists.txt b/src/hmac/formal/model/simulation_model/simulation/CMakeLists.txt
new file mode 100644
index 000000000..19c71a4ee
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/simulation/CMakeLists.txt
@@ -0,0 +1,51 @@
+########################## Configuration ##########################
+
+# Set the path to the directory where the 'Interfaces.h' header can be found
+set(INTERFACES_DIR "/home/advaith-sreevalsan/.vscode-server/extensions/lubis.lubis-vsc-plugin-2023.3.2/LUBIS/include/interfaces")
+# Set TRUE if this CMakeLists should download and install SystemC by itself,
+# otherwise set to FALSE and give a directory path to another SystemC installation
+set(INSTALL_SYSTEMC TRUE)
+set(SYSTEMC_INCLUDE_DIR "/home/advaith-sreevalsan/.vscode-server/extensions/lubis.lubis-vsc-plugin-2023.3.2/LUBIS/include/systemc")
+set(SYSTEMC_LIB_DIR "")
+
+###################################################################
+
+include(FetchContent)
+
+cmake_minimum_required(VERSION 3.10)
+project(LUBIS_Simulation)
+set(CMAKE_CXX_STANDARD 14)
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_SOURCE_DIR}/bin)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_SOURCE_DIR}/bin)
+
+if(INSTALL_SYSTEMC)
+ FetchContent_Declare(SYSTEMC
+ GIT_REPOSITORY https://github.com/accellera-official/systemc
+ GIT_TAG 2.3.3
+ GIT_SHALLOW TRUE
+ GIT_PROGRESS TRUE
+ )
+ FetchContent_MakeAvailable(SYSTEMC)
+ include_directories(
+ ${CMAKE_CACHEFILE_DIR}/_deps/systemc-src/src
+ )
+else()
+ include_directories(
+ ${SYSTEMC_INCLUDE_DIR}
+ )
+ link_directories(
+ ${SYSTEMC_LIB_DIR}
+ )
+endif()
+
+include_directories(
+ ${INTERFACES_DIR}
+)
+
+add_executable(hmac_tests
+ hmac_main.cpp
+)
+
+target_link_libraries(hmac_tests PRIVATE
+ systemc
+)
diff --git a/src/hmac/formal/model/simulation_model/simulation/hmac_main.cpp b/src/hmac/formal/model/simulation_model/simulation/hmac_main.cpp
new file mode 100644
index 000000000..98d68f0ce
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/simulation/hmac_main.cpp
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Description:
+//
+
+#include "systemc.h"
+#include "Interfaces.h"
+#include "../../hmac_core.h"
+#include "hmac_tests.h"
+#include "../top.h"
+#include "../sha_algo_masked.h"
+
+int sc_main(int argc, char **argv) {
+ top top1("top1");
+ hmac_tests tests("tests");
+
+
+ Blocking hmac_msg("hmac_msg");
+ Blocking> tag("tag");
+
+ top1.top_hmac(hmac_msg);
+ top1.top_tag(tag);
+
+ tests.hmac_msg(hmac_msg);
+ tests.tag(tag);
+
+
+ sc_start();
+ return 0;
+}
diff --git a/src/hmac/formal/model/simulation_model/simulation/hmac_tests.h b/src/hmac/formal/model/simulation_model/simulation/hmac_tests.h
new file mode 100644
index 000000000..2dc0ba359
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/simulation/hmac_tests.h
@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Description:
+//
+
+#ifndef HMAC_CORE_TESTS_H
+#define HMAC_CORE_TESTS_H
+
+
+#include "systemc.h"
+#include "Interfaces.h"
+#include
+#include
+#include "../sha_algo_masked.h"
+#include "../../hmac_core.h"
+//#include "../top.h"
+
+using namespace std;
+
+
+SC_MODULE(hmac_tests) {
+public:
+ SC_CTOR(hmac_tests) {
+ // read_test_vectors(file_path);
+ SC_THREAD(testbench)
+ }
+
+ blocking_out hmac_msg;
+ blocking_in> tag;
+
+private:
+ void testbench() {
+
+ sc_biguint<384> test_result;
+ block test_input;
+ sc_biguint<384>KEY;
+ string COUNT;
+ sc_biguint<104000> MSG_raw;
+ sc_biguint<104000> MSG_padded;
+ sc_uint<32> MSG_Length;
+ sc_biguint<384> expected_result;
+ int num = 1;
+ int zero_pad_len, MSG_chnks,i;
+ /* std::string filename = "hmac_vectors_singleblk.txt";
+ //std::ifstream myfile;
+
+ std::ifstream myfile(filename);
+
+ if (!myfile.is_open()) {
+ std::cout << "Failed to open the file: " << filename << std::endl;
+ // Handle the error condition
+ return;
+}
+ while (myfile)
+ {
+ myfile >> COUNT;
+ myfile >> MSG_Length;
+ myfile >> std::hex >> KEY;
+ myfile >> std::hex >> MSG_padded;
+ myfile >> expected_result;
+
+
+ MSG_chnks = static_cast (MSG_Length / 1024); */
+ while(true){
+ test_input.init = 1;
+ test_input.next = 0;
+ test_input.key = 0;
+ MSG_padded = "0x01010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010100768412320f7b0aa5812fce428dc4706b3cae50e02a64caa16a782249bfe8efc4b7ef1ccb126255d196047dfedf17a0a96b9d3dad2e1b8c1c05b19875b6659f4de23c3b667bf297ba9aa47740787137d896d5724e4c70a825f872c9ea60d2edf5800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000888";
+ expected_result = 0;
+ MSG_Length = 2048;
+ MSG_chnks = static_cast (MSG_Length / 1024);
+
+ for (i=0; i >(MSG_padded >> (1024*(MSG_chnks-1)));
+ cout<0){
+ test_input.next = 1;
+ test_input.init = 0;}
+ hmac_msg->write(test_input);
+ MSG_padded = static_cast> (MSG_padded << 1024);
+ test_input.init = 0;
+ tag->read(test_result, "success");
+
+ };
+
+ if (test_result != (expected_result)){
+ std::cout << "Test " << COUNT << " Failed!" << std::endl;
+ std::cout << std::hex << "Output: " << test_result << std::endl;
+ std::cout << std::hex << "Expected: " << expected_result << std::endl;
+ }
+ else {
+ std::cout << "Test " << COUNT << " Passed!" << std::endl;
+ }
+
+
+
+
+ //myfile.close();
+ sc_stop();
+}
+ }
+};
+
+
+#endif
+
+
+
+
+
+
diff --git a/src/hmac/formal/model/simulation_model/simulation/hmac_vectors_singleblk.txt b/src/hmac/formal/model/simulation_model/simulation/hmac_vectors_singleblk.txt
new file mode 100644
index 000000000..0912d3479
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/simulation/hmac_vectors_singleblk.txt
@@ -0,0 +1,35 @@
+COUNT0
+1024
+0x000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
+0x53616D706C65206D65737361676520666F72206B65796C656E3C626C6F636B6C656E80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510
+0xbe92ab28770b45bdbff7c1ff8e559ec8db51852fe8ba1ac86e7f87c9dc8f2e5eb71a10b0033160740c8ab06181b62d7a
+COUNT1
+1024
+0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+0x4869205468657265800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000440
+0x47a071f44d2ea7df1ac5ff7cf937068ea34ed0453aed3a61c63d39ae475ed03ea426dce81fb89c3d239887fe2284c267
+COUNT2
+1024
+0x4a6566654a6566654a6566654a6566654a6566654a6566654a6566654a6566654a6566654a6566654a6566654a656665
+0x7768617420646f2079612077616e7420666f72206e6f7468696e673f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e0
+0xe51de7ae00cc719ec8a304d9ff962d53358a7e0b5b6874533af75a66e01a4ee504b9173fd582ba618fe1f6264a889d91
+COUNT3
+1024
+0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000590
+0x06d08f889071a284af1bf4ba6b35599e728e20b0fbfa2103c7ebcb2aed872a8adc3769847c9dad14c43fbc9bb12a9e87
+COUNT4
+1024
+0x0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f200a0b0c0d0e0f10111213141516171819
+0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000590
+0x40e90e787a5cbffeba9252ee2fd76750701199b320cd4b7b9caaa196348ede37d26760e3ebb9ace726ec08a030c3cc2a
+COUNT5
+1024
+0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+0x0000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510
+0x282cf79e9dbe17f48911baa32b7840c4a045786992cde132a1d0dba00e0dd2631d94705be075ea5b90e90ea0c8da26e9
+COUNT6
+1024
+0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+0x0000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510
+0x4088db02e38c741c3d108cd17814afcdf5b27e93fa7baa5ea1d64f61ab9f70604a120e9fe5c3f713ede59db7adbc1c3e
\ No newline at end of file
diff --git a/src/hmac/formal/model/simulation_model/top.h b/src/hmac/formal/model/simulation_model/top.h
new file mode 100644
index 000000000..3c7c7504f
--- /dev/null
+++ b/src/hmac/formal/model/simulation_model/top.h
@@ -0,0 +1,105 @@
+// -------------------------------------------------
+// Contact: contact@lubis-eda.com
+// Author: Tobias Ludwig, Michael Schwarz
+// -------------------------------------------------
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include "systemc.h"
+#include "Interfaces.h"
+#include "../hmac_core.h"
+#include "sha_algo_masked.h"
+#include "hmac_sha_join.h"
+
+SC_MODULE(top)
+{
+
+ HMAC hmc;
+ SHA512_masked sha384_1;
+ SHA512_masked sha384_2;
+ hmac_sha hmacsha;
+
+ blocking_in top_hmac;
+ blocking_out> top_tag;
+
+ Blocking hmac_msg;
+ Blocking> tag;
+
+ Blocking