[sw, otbn, crypto] Sync with the master branch

azure-pipelines.yml

@@ -394,6 +394,29 @@ jobs:
       make -C hw/ip/otbn/util asm-check
     displayName: Assemble & link code snippets
 
+- job: otbn_crypto_tests
+  displayName: Run OTBN crypto tests
+  dependsOn: lint
+  condition: and(succeeded(), eq(dependencies.lint.outputs['DetermineBuildType.onlyCdcChanges'], '0'))
+  pool:
+    vmImage: ubuntu-20.04
+  timeoutInMinutes: 60
+  steps:
+  - template: ci/checkout-template.yml
+  - template: ci/install-package-dependencies.yml
+  - task: DownloadSecureFile@1
+    condition: eq(variables['Build.SourceBranchName'], 'master')
+    name: bazelCacheGcpKey
+    inputs:
+      secureFile: "bazel_cache_gcp_key.json"
+  - bash: echo "##vso[task.setvariable variable=bazelCacheGcpKeyPath]$(bazelCacheGcpKey.secureFilePath)"
+    condition: eq(variables['Build.SourceBranchName'], 'master')
+    displayName: GCP key path
+    # Set the remote cache GCP key path
+  - bash: |
+      ci/bazelisk.sh test --test_tag_filters=-nightly //sw/otbn/crypto/...
+    displayName: Execute tests
+
 - job: chip_darjeeling_cw310
   displayName: CW310's Darjeeling Bitstream
   # Build CW310 variant of the Darjeeling toplevel design using Vivado

ci/azure-pipelines-nightly.yml

@@ -70,6 +70,29 @@ jobs:
         //sw/device/silicon_creator/rom/e2e/...
     displayName: "Run all ROM E2E tests"
 
+- job: slow_otbn_crypto_tests
+  displayName: Run slow OTBN crypto tests
+  dependsOn: lint
+  condition: and(succeeded(), eq(dependencies.lint.outputs['DetermineBuildType.onlyCdcChanges'], '0'))
+  pool:
+    vmImage: ubuntu-20.04
+  timeoutInMinutes: 120
+  steps:
+  - template: ci/checkout-template.yml
+  - template: ci/install-package-dependencies.yml
+  - task: DownloadSecureFile@1
+    condition: eq(variables['Build.SourceBranchName'], 'master')
+    name: bazelCacheGcpKey
+    inputs:
+      secureFile: "bazel_cache_gcp_key.json"
+  - bash: echo "##vso[task.setvariable variable=bazelCacheGcpKeyPath]$(bazelCacheGcpKey.secureFilePath)"
+    condition: eq(variables['Build.SourceBranchName'], 'master')
+    displayName: GCP key path
+    # Set the remote cache GCP key path
+  - bash: |
+      ci/bazelisk.sh test --test_tag_filters=nightly //sw/otbn/crypto/...
+    displayName: Execute tests
+
 - job: bob_spi_i2c
   displayName: "BoB: SPI and I2C Tests"
   timeoutInMinutes: 30

hw/ip/otbn/dv/smoke/smoke_test.s

@@ -98,24 +98,24 @@ test_label_3:
 # use mod WSR to load bignum registers with base li psuedo-instruction
 # mod = 0x78fccc06_2228e9d6_89c9b54f_887cf14e_c79af825_69be586e_9866bb3b_53769ada
 li x23, 0x78fccc06
-csrrw x0, 0x7d7, x23
+csrrw x0, mod7, x23
 li x23, 0x2228e9d6
-csrrw x0, 0x7d6, x23
+csrrw x0, mod6, x23
 li x23, 0x89c9b54f
-csrrw x0, 0x7d5, x23
+csrrw x0, mod5, x23
 li x23, 0x887cf14e
-csrrw x0, 0x7d4, x23
+csrrw x0, mod4, x23
 li x23, 0xc79af825
-csrrw x0, 0x7d3, x23
+csrrw x0, mod3, x23
 li x23, 0x69be586e
-csrrw x0, 0x7d2, x23
+csrrw x0, mod2, x23
 li x23, 0x9866bb3b
-csrrw x0, 0x7d1, x23
+csrrw x0, mod1, x23
 li x23, 0x53769ada
-csrrw x0, 0x7d0, x23
+csrrw x0, mod0, x23
 
 # x22 = 0x89c9b54f
-csrrs x23, 0x7d5, x0
+csrrs x23, mod5, x0
 
 # Note that some instructions used the fixed inputs (from w1 and w2) others use
 # results from previous instructions. When debugging an failure it is recommened
@@ -126,7 +126,7 @@ csrrs x23, 0x7d5, x0
 bn.wsrr w1, 0x0 /* MOD */
 
 # Request an RND value with a write to CSR RND_PREFETCH
-csrrw x0, 0x7d8, x0
+csrrw x0, rnd_prefetch, x0
 
 # sim environment provides a fixed value for RND (in other environment RND isn't
 # fixed so this test will have a different final state)
@@ -185,7 +185,7 @@ bn.addc w15, w10, w11, FG0
 bn.subb w17, w3, w4, FG1
 
 # x24 = {fg1, fg0} = 0x52
-csrrs x24, 0x7c8, x0
+csrrs x24, flags, x0
 
 # w18 = w1 + (w2 << 136) = 0x23a7769f_bbc28381_34745fe9_22168a4e_c79af825_69be586e_9866bb3b_53769ada
 bn.add w18, w1, w2 << 136

hw/top_darjeeling/rtl/autogen/chip_darjeeling_cw310.sv

@@ -1499,54 +1499,71 @@ module chip_darjeeling_cw310 #(
 
   // Capture trigger.
   // We use the clkmgr_aon_idle signal of the IP of interest to form a precise capture trigger.
-  // GPIO[11:9] is used for selecting the IP of interest. The encoding is as follows (see
+  // GPIO[11:10] is used for selecting the IP of interest. The encoding is as follows (see
   // hint_names_e enum in clkmgr_pkg.sv for details).
   //
-  // IP              - GPIO[11:9] - Index for clkmgr_aon_idle
-  // ------------------------------------------------------------
-  //  AES            -   000      -  0
-  //  HMAC           -   001      -  1 - not implemented on CW305
-  //  KMAC           -   010      -  2 - not implemented on CW305
-  //  OTBN (IO_DIV4) -   011      -  3 - not implemented on CW305
-  //  OTBN           -   100      -  4 - not implemented on CW305
+  // IP              - GPIO[11:10] - Index for clkmgr_aon_idle
+  // -------------------------------------------------------------
+  //  AES            -   00       -  0
+  //  HMAC           -   01       -  1 - not implemented on CW305
+  //  KMAC           -   10       -  2 - not implemented on CW305
+  //  OTBN           -   11       -  3 - not implemented on CW305
   //
-  // In addition, GPIO8 is used for gating the capture trigger in software.
-  // Note that GPIO[11:8] are connected to LED[3:0] on the CW310.
-  // On the CW305, GPIO[9,8] are connected to LED[5,7].
+  // GPIO9 is used for gating the selected capture trigger in software. Alternatively, GPIO8
+  // can be used to implement a less precise but fully software-controlled capture trigger
+  // similar to what can be done on ASIC.
+  //
+  // Note that on the CW305, GPIO[9,8] are connected to LED[5(Green),7(Red)].
 
   prim_mubi_pkg::mubi4_t clk_trans_idle, manual_in_io_clk_idle;
 
   clkmgr_pkg::hint_names_e trigger_sel;
   always_comb begin : trigger_sel_mux
-    unique case ({dio_out[DioGpioGpio11], dio_out[DioGpioGpio10], dio_out[DioGpioGpio9]})
-      3'b000:  trigger_sel = clkmgr_pkg::HintMainAes;
-      3'b001:  trigger_sel = clkmgr_pkg::HintMainHmac;
-      3'b010:  trigger_sel = clkmgr_pkg::HintMainKmac;
-      3'b100:  trigger_sel = clkmgr_pkg::HintMainOtbn;
+    unique case ({dio_out[DioGpioGpio11], dio_out[DioGpioGpio10]})
+      2'b00:   trigger_sel = clkmgr_pkg::HintMainAes;
+      2'b01:   trigger_sel = clkmgr_pkg::HintMainHmac;
+      2'b10:   trigger_sel = clkmgr_pkg::HintMainKmac;
+      2'b11:   trigger_sel = clkmgr_pkg::HintMainOtbn;
       default: trigger_sel = clkmgr_pkg::HintMainAes;
     endcase;
   end
   assign clk_trans_idle = top_darjeeling.clkmgr_aon_idle[trigger_sel];
 
   logic clk_io_div4_trigger_en, manual_in_io_clk_trigger_en;
   logic clk_io_div4_trigger_oe, manual_in_io_clk_trigger_oe;
-  assign clk_io_div4_trigger_en = dio_out[DioGpioGpio8];
-  assign clk_io_div4_trigger_oe = dio_oe[DioGpioGpio8];
+  logic clk_io_div4_trigger_hw_en, manual_in_io_clk_trigger_hw_en;
+  logic clk_io_div4_trigger_hw_oe, manual_in_io_clk_trigger_hw_oe;
+  logic clk_io_div4_trigger_sw_en, manual_in_io_clk_trigger_sw_en;
+  logic clk_io_div4_trigger_sw_oe, manual_in_io_clk_trigger_sw_oe;
+  assign clk_io_div4_trigger_hw_en = dio_out[DioGpioGpio9];
+  assign clk_io_div4_trigger_hw_oe = dio_oe[DioGpioGpio9];
+  assign clk_io_div4_trigger_sw_en = dio_out[DioGpioGpio8];
+  assign clk_io_div4_trigger_sw_oe = dio_oe[DioGpioGpio8];
 
   // Synchronize signals to manual_in_io_clk.
   prim_flop_2sync #(
-    .Width ($bits(clk_trans_idle) + 2)
+    .Width ($bits(clk_trans_idle) + 4)
   ) u_sync_trigger (
     .clk_i (manual_in_io_clk),
     .rst_ni(manual_in_por_n),
-    .d_i   ({clk_trans_idle,        clk_io_div4_trigger_en,      clk_io_div4_trigger_oe}),
-    .q_o   ({manual_in_io_clk_idle, manual_in_io_clk_trigger_en, manual_in_io_clk_trigger_oe})
+    .d_i   ({clk_trans_idle,
+             clk_io_div4_trigger_hw_en,
+             clk_io_div4_trigger_hw_oe,
+             clk_io_div4_trigger_sw_en,
+             clk_io_div4_trigger_sw_oe}),
+    .q_o   ({manual_in_io_clk_idle,
+             manual_in_io_clk_trigger_hw_en,
+             manual_in_io_clk_trigger_hw_oe,
+             manual_in_io_clk_trigger_sw_en,
+             manual_in_io_clk_trigger_sw_oe})
   );
 
-  // Generate the actual trigger signal.
+  // Generate the actual trigger signal as trigger_sw OR trigger_hw.
   assign manual_attr_io_trigger = '0;
-  assign manual_oe_io_trigger  = manual_in_io_clk_trigger_oe;
-  assign manual_out_io_trigger = manual_in_io_clk_trigger_en &
-      prim_mubi_pkg::mubi4_test_false_strict(manual_in_io_clk_idle);
+  assign manual_oe_io_trigger  =
+      manual_in_io_clk_trigger_sw_oe | manual_in_io_clk_trigger_hw_oe;
+  assign manual_out_io_trigger =
+      manual_in_io_clk_trigger_sw_en | (manual_in_io_clk_trigger_hw_en &
+          prim_mubi_pkg::mubi4_test_false_strict(manual_in_io_clk_idle));
 
 endmodule : chip_darjeeling_cw310

hw/top_earlgrey/rtl/autogen/chip_earlgrey_cw310.sv

@@ -1109,54 +1109,71 @@ module chip_earlgrey_cw310 #(
 
   // Capture trigger.
   // We use the clkmgr_aon_idle signal of the IP of interest to form a precise capture trigger.
-  // GPIO[11:9] is used for selecting the IP of interest. The encoding is as follows (see
+  // GPIO[11:10] is used for selecting the IP of interest. The encoding is as follows (see
   // hint_names_e enum in clkmgr_pkg.sv for details).
   //
-  // IP              - GPIO[11:9] - Index for clkmgr_aon_idle
-  // ------------------------------------------------------------
-  //  AES            -   000      -  0
-  //  HMAC           -   001      -  1 - not implemented on CW305
-  //  KMAC           -   010      -  2 - not implemented on CW305
-  //  OTBN (IO_DIV4) -   011      -  3 - not implemented on CW305
-  //  OTBN           -   100      -  4 - not implemented on CW305
+  // IP              - GPIO[11:10] - Index for clkmgr_aon_idle
+  // -------------------------------------------------------------
+  //  AES            -   00       -  0
+  //  HMAC           -   01       -  1 - not implemented on CW305
+  //  KMAC           -   10       -  2 - not implemented on CW305
+  //  OTBN           -   11       -  3 - not implemented on CW305
   //
-  // In addition, GPIO8 is used for gating the capture trigger in software.
-  // Note that GPIO[11:8] are connected to LED[3:0] on the CW310.
-  // On the CW305, GPIO[9,8] are connected to LED[5,7].
+  // GPIO9 is used for gating the selected capture trigger in software. Alternatively, GPIO8
+  // can be used to implement a less precise but fully software-controlled capture trigger
+  // similar to what can be done on ASIC.
+  //
+  // Note that on the CW305, GPIO[9,8] are connected to LED[5(Green),7(Red)].
 
   prim_mubi_pkg::mubi4_t clk_trans_idle, manual_in_io_clk_idle;
 
   clkmgr_pkg::hint_names_e trigger_sel;
   always_comb begin : trigger_sel_mux
-    unique case ({mio_out[MioOutGpioGpio11], mio_out[MioOutGpioGpio10], mio_out[MioOutGpioGpio9]})
-      3'b000:  trigger_sel = clkmgr_pkg::HintMainAes;
-      3'b001:  trigger_sel = clkmgr_pkg::HintMainHmac;
-      3'b010:  trigger_sel = clkmgr_pkg::HintMainKmac;
-      3'b100:  trigger_sel = clkmgr_pkg::HintMainOtbn;
+    unique case ({mio_out[MioOutGpioGpio11], mio_out[MioOutGpioGpio10]})
+      2'b00:   trigger_sel = clkmgr_pkg::HintMainAes;
+      2'b01:   trigger_sel = clkmgr_pkg::HintMainHmac;
+      2'b10:   trigger_sel = clkmgr_pkg::HintMainKmac;
+      2'b11:   trigger_sel = clkmgr_pkg::HintMainOtbn;
       default: trigger_sel = clkmgr_pkg::HintMainAes;
     endcase;
   end
   assign clk_trans_idle = top_earlgrey.clkmgr_aon_idle[trigger_sel];
 
   logic clk_io_div4_trigger_en, manual_in_io_clk_trigger_en;
   logic clk_io_div4_trigger_oe, manual_in_io_clk_trigger_oe;
-  assign clk_io_div4_trigger_en = mio_out[MioOutGpioGpio8];
-  assign clk_io_div4_trigger_oe = mio_oe[MioOutGpioGpio8];
+  logic clk_io_div4_trigger_hw_en, manual_in_io_clk_trigger_hw_en;
+  logic clk_io_div4_trigger_hw_oe, manual_in_io_clk_trigger_hw_oe;
+  logic clk_io_div4_trigger_sw_en, manual_in_io_clk_trigger_sw_en;
+  logic clk_io_div4_trigger_sw_oe, manual_in_io_clk_trigger_sw_oe;
+  assign clk_io_div4_trigger_hw_en = mio_out[MioOutGpioGpio9];
+  assign clk_io_div4_trigger_hw_oe = mio_oe[MioOutGpioGpio9];
+  assign clk_io_div4_trigger_sw_en = mio_out[MioOutGpioGpio8];
+  assign clk_io_div4_trigger_sw_oe = mio_oe[MioOutGpioGpio8];
 
   // Synchronize signals to manual_in_io_clk.
   prim_flop_2sync #(
-    .Width ($bits(clk_trans_idle) + 2)
+    .Width ($bits(clk_trans_idle) + 4)
   ) u_sync_trigger (
     .clk_i (manual_in_io_clk),
     .rst_ni(manual_in_por_n),
-    .d_i   ({clk_trans_idle,        clk_io_div4_trigger_en,      clk_io_div4_trigger_oe}),
-    .q_o   ({manual_in_io_clk_idle, manual_in_io_clk_trigger_en, manual_in_io_clk_trigger_oe})
+    .d_i   ({clk_trans_idle,
+             clk_io_div4_trigger_hw_en,
+             clk_io_div4_trigger_hw_oe,
+             clk_io_div4_trigger_sw_en,
+             clk_io_div4_trigger_sw_oe}),
+    .q_o   ({manual_in_io_clk_idle,
+             manual_in_io_clk_trigger_hw_en,
+             manual_in_io_clk_trigger_hw_oe,
+             manual_in_io_clk_trigger_sw_en,
+             manual_in_io_clk_trigger_sw_oe})
   );
 
-  // Generate the actual trigger signal.
+  // Generate the actual trigger signal as trigger_sw OR trigger_hw.
   assign manual_attr_io_trigger = '0;
-  assign manual_oe_io_trigger  = manual_in_io_clk_trigger_oe;
-  assign manual_out_io_trigger = manual_in_io_clk_trigger_en &
-      prim_mubi_pkg::mubi4_test_false_strict(manual_in_io_clk_idle);
+  assign manual_oe_io_trigger  =
+      manual_in_io_clk_trigger_sw_oe | manual_in_io_clk_trigger_hw_oe;
+  assign manual_out_io_trigger =
+      manual_in_io_clk_trigger_sw_en | (manual_in_io_clk_trigger_hw_en &
+          prim_mubi_pkg::mubi4_test_false_strict(manual_in_io_clk_idle));
 
 endmodule : chip_earlgrey_cw310

sw/device/sca/BUILD

@@ -23,6 +23,7 @@ opentitan_flash_binary(
         "//sw/device/lib/testing/test_framework:check",
         "//sw/device/lib/testing/test_framework:ottf_ld_silicon_creator_slot_a",
         "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/sca/lib:aes",
         "//sw/device/sca/lib:prng",
         "//sw/device/sca/lib:sca",
         "//sw/device/sca/lib:simple_serial",