Skip to content

[csrng/rtl] Simplify the CTR_DRBG data path #28804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

[csrng/rtl] Simplify the CTR_DRBG data path #28804

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3063855
[csrng/rtl] Add unified CTR_DRBG data path module
glaserf Oct 29, 2025
293fc12
[csrng/rtl] Instantiate the unified CTR_DRBG module
glaserf Oct 31, 2025
faafaff
[csrng] Update IP description, regfile, and doc
glaserf Nov 7, 2025
21c34ab
[csrng/dv] Align dv with RTL changes
glaserf Nov 13, 2025
4cf31c2
[csrng/dif] Align dif with regfile and RTL changes
glaserf Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions hw/dv/sv/csrng_agent/csrng_agent_cov.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

// covergroups
// Depends on whether the agent is device or host mode, the "csrng_cmd_cp" are slightly different:
// In device mode: acmd INV, GENB, GENU are in the illegal bin.
// In device mode: acmd INV, is in the illegal bin.
covergroup device_cmd_cg with function sample(csrng_item item, csrng_cmd_sts_e sts);
option.name = "csrng_device_cmd_cg";
option.per_instance = 1;
Expand Down Expand Up @@ -62,8 +62,6 @@ covergroup host_cmd_cg with function sample(csrng_item item, csrng_cmd_sts_e sts
bins gen = {GEN};
bins upd = {UPD};
bins uni = {UNI};
bins genb = {GENB};
bins genu = {GENU};
illegal_bins il = default;
}
csrng_clen_cp: coverpoint item.clen {
Expand All @@ -84,10 +82,10 @@ covergroup host_cmd_cg with function sample(csrng_item item, csrng_cmd_sts_e sts
csrng_cmd_clen_flag_cross: cross csrng_cmd_cp, csrng_clen_cp, csrng_flag_cp;

csrng_cmd_clen_flag_sts_cross: cross csrng_cmd_cp, csrng_clen_cp, csrng_flag_cp, csrng_sts {
// Illegal commands (INV, GENB, GENU) don't get a response, thus don't have a status.
ignore_bins illegal_cmds = binsof(csrng_cmd_cp) intersect {INV, GENB, GENU};
// Illegal command INV doesn't get a response, thus doesn't have a status.
ignore_bins illegal_cmds = binsof(csrng_cmd_cp) intersect {INV};
// Ignore status error responses for legal commands.
ignore_bins legal_cmds_with_error_sts = !binsof(csrng_cmd_cp) intersect {INV, GENB, GENU} &&
ignore_bins legal_cmds_with_error_sts = !binsof(csrng_cmd_cp) intersect {INV} &&
!binsof(csrng_sts) intersect {CMD_STS_SUCCESS};
}

Expand Down
1 change: 1 addition & 0 deletions hw/dv/sv/push_pull_agent/push_pull_driver_lib.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,7 @@ class pull_device_driver #(
`CB.ack_int <= 1'b0;
if (!cfg.hold_d_data_until_next_req) `CB.d_data_int <= 'x;,
wait (cfg.in_reset);)
if (cfg.in_reset) `CB.ack_int <= '0;
endtask

`undef CB
Expand Down
4 changes: 1 addition & 3 deletions hw/ip/csrng/csrng.core
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,7 @@ filesets:
- rtl/csrng_state_db.sv
- rtl/csrng_cmd_stage.sv
- rtl/csrng_block_encrypt.sv
- rtl/csrng_ctr_drbg_cmd.sv
- rtl/csrng_ctr_drbg_upd.sv
- rtl/csrng_ctr_drbg_gen.sv
- rtl/csrng_ctr_drbg.sv
- rtl/csrng_core.sv
- rtl/csrng.sv
file_type: systemVerilogSource
Expand Down
98 changes: 12 additions & 86 deletions hw/ip/csrng/data/csrng.hjson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,29 +175,20 @@
{ name: "INTERSIG.MUBI"
desc: "OTP signal used to enable software access to registers."
}
{ name: "CMD_STAGE.FSM.SPARSE"
desc: "The CSRNG command stage state machines use a sparse state encoding."
}
{ name: "MAIN_SM.FSM.SPARSE"
desc: "The CSRNG main state machine uses a sparse state encoding."
}
{ name: "UPDRSP.FSM.SPARSE"
desc: "The CSRNG update response state machine uses a sparse state encoding."
}
{ name: "UPDATE.FSM.SPARSE"
desc: "The CSRNG update state machine uses a sparse state encoding."
}
{ name: "BLK_ENC.FSM.SPARSE"
desc: "The CSRNG block encrypt state machine uses a sparse state encoding."
}
{ name: "OUTBLK.FSM.SPARSE"
desc: "The CSRNG block output state machine uses a sparse state encoding."
{ name: "CTR_DRBG.FSM.SPARSE"
desc: "The CTR DRBG state machine uses a sparse state encoding."
}
{ name: "GEN_CMD.CTR.REDUN"
desc: "The generate command uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "DRBG_UPD.CTR.REDUN"
desc: "The ctr_drbg update algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "DRBG_GEN.CTR.REDUN"
desc: "The ctr_drbg generate algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
{ name: "CTR_DRBG.CTR.REDUN"
desc: "The ctr_drbg algorithm uses a counter that is protected by a second counter that counts in the opposite direction."
}
{ name: "CTRL.MUBI"
desc: "Multi-bit field used for selection control."
Expand Down Expand Up @@ -731,42 +722,6 @@
This bit will stay set until the next reset.
'''
}
{ bits: "9",
name: "SFIFO_FINAL_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
final FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "10",
name: "SFIFO_GBENCACK_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
gbencack FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "13",
name: "SFIFO_GADSTAGE_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
gadstage FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "15",
name: "SFIFO_CMDID_ERR",
desc: '''
This bit will be set to one when an error has been detected for the
cmdid FIFO. The type of error is reflected in the type status
bits (bits 28 through 30 of this register).
This bit will stay set until the next reset.
'''
}
{ bits: "20",
name: "CMD_STAGE_SM_ERR",
desc: '''
Expand All @@ -786,28 +741,10 @@
'''
}
{ bits: "22",
name: "DRBG_GEN_SM_ERR",
desc: '''
This bit will be set to one when an illegal state has been detected for the
ctr_drbg gen state machine. This error will signal a fatal alert, and also
an interrupt if enabled.
This bit will stay set until the next reset.
'''
}
{ bits: "23",
name: "DRBG_UPDBE_SM_ERR",
name: "CTR_DRBG_SM_ERR",
desc: '''
This bit will be set to one when an illegal state has been detected for the
ctr_drbg update block encode state machine. This error will signal a fatal alert, and also
an interrupt if enabled.
This bit will stay set until the next reset.
'''
}
{ bits: "24",
name: "DRBG_UPDOB_SM_ERR",
desc: '''
This bit will be set to one when an illegal state has been detected for the
ctr_drbg update out block state machine. This error will signal a fatal alert, and also
ctr_drbg state machine. This error will signal a fatal alert, and also
an interrupt if enabled.
This bit will stay set until the next reset.
'''
Expand All @@ -816,27 +753,16 @@
name: "AES_CIPHER_SM_ERR",
desc: '''
This bit will be set to one when an AES fatal error has been detected.
This error will signal a fatal alert, and also
an interrupt if enabled.
This error will signal a fatal alert, and also an interrupt if enabled.
This bit will stay set until the next reset.
'''
}
{ bits: "26",
name: "CMD_GEN_CNT_ERR",
name: "CTR_ERR",
desc: '''
This bit will be set to one when a mismatch in any of the hardened counters
has been detected.
This error will signal a fatal alert, and also
an interrupt if enabled.
This bit will stay set until the next reset.
'''
}
{ bits: "27",
name: "DRBG_CMD_SM_ERR",
desc: '''
This bit will be set when the state machine in the ctr_drbg_cmd unit has entered
an illegal state.
This error will signal a fatal alert, and also an interrupt, if enabled.
This error will signal a fatal alert, and also an interrupt if enabled.
This bit will stay set until the next reset.
'''
}
Expand Down
51 changes: 9 additions & 42 deletions hw/ip/csrng/data/csrng_sec_cm_testplan.hjson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_updrsp_fsm_sparse
name: sec_cm_cmd_stage_fsm_sparse
desc: '''
Verify the countermeasure(s) UPDRSP.FSM.SPARSE.
Verify the countermeasure(s) CMD_STAGE.FSM.SPARSE.
The csrng_intr and csrng_err tests verify that if the FSM state is forced to an illegal state encoding 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
Expand All @@ -78,9 +78,9 @@
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_update_fsm_sparse
name: sec_cm_ctr_drbg_fsm_sparse
desc: '''
Verify the countermeasure(s) UPDATE.FSM.SPARSE.
Verify the countermeasure(s) CTR_DRBG.FSM.SPARSE.
The csrng_intr and csrng_err tests verify that if the FSM state is forced to an illegal state encoding 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
Expand All @@ -89,28 +89,19 @@
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_blk_enc_fsm_sparse
// All counter errors are reported in ERR_CODE.CTR_ERR.
name: sec_cm_ctr_drbg_ctr_redun
desc: '''
Verify the countermeasure(s) BLK_ENC.FSM.SPARSE.
The csrng_intr and csrng_err tests verify that if the FSM state is forced to an illegal state encoding 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
'''
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_outblk_fsm_sparse
desc: '''
Verify the countermeasure(s) OUTBLK.FSM.SPARSE.
The csrng_intr and csrng_err tests verify that if the FSM state is forced to an illegal state encoding 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
Verify the countermeasure(s) CTR_DRBG.CTR.REDUN.
The csrng_intr and csrng_err tests verify that if there is a mismatch in the redundant counters of the CTR_DRBG generate counter 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
'''
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
// All counter errors are reported in ERR_CODE.CTR_ERR.
name: sec_cm_gen_cmd_ctr_redun
desc: '''
Verify the countermeasure(s) GEN_CMD.CTR.REDUN.
Expand All @@ -121,30 +112,6 @@
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
// All counter errors are collected in ERR_CODE.CMD_GEN_CNT_ERR.
name: sec_cm_drbg_upd_ctr_redun
desc: '''
Verify the countermeasure(s) DRBG_UPD.CTR.REDUN.
The csrng_intr and csrng_err tests verify that if there is a mismatch in the redundant counters of the CTR_DRBG update counter 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
'''
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
// All counter errors are collected in ERR_CODE.CMD_GEN_CNT_ERR.
name: sec_cm_drbg_gen_ctr_redun
desc: '''
Verify the countermeasure(s) DRBG_GEN.CTR.REDUN.
The csrng_intr and csrng_err tests verify that if there is a mismatch in the redundant counters of the CTR_DRBG generate counter 1) this is reported with a cs_fatal_err interrupt in the INTR_STATE register and 2) the corresponding bit in the ERR_CODE register is set.
They currently don't check whether the DUT actually triggers a fatal alert.
Alert connection and triggering are verified through automated FPV.
'''
stage: V2S
tests: ["csrng_sec_cm", "csrng_intr", "csrng_err"]
}
{
name: sec_cm_ctrl_mubi
desc: '''
Expand Down
9 changes: 3 additions & 6 deletions hw/ip/csrng/doc/interfaces.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,11 @@ Referring to the [Comportable guideline for peripheral device functionality](htt
| CSRNG.CONFIG.REGWEN | Registers are protected from writes. |
| CSRNG.CONFIG.MUBI | Registers have multi-bit encoded fields. |
| CSRNG.INTERSIG.MUBI | OTP signal used to enable software access to registers. |
| CSRNG.CMD_STAGE.FSM.SPARSE | The CSRNG command stage state machines use a sparse state encoding. |
| CSRNG.MAIN_SM.FSM.SPARSE | The CSRNG main state machine uses a sparse state encoding. |
| CSRNG.UPDRSP.FSM.SPARSE | The CSRNG update response state machine uses a sparse state encoding. |
| CSRNG.UPDATE.FSM.SPARSE | The CSRNG update state machine uses a sparse state encoding. |
| CSRNG.BLK_ENC.FSM.SPARSE | The CSRNG block encrypt state machine uses a sparse state encoding. |
| CSRNG.OUTBLK.FSM.SPARSE | The CSRNG block output state machine uses a sparse state encoding. |
| CSRNG.CTR_DRBG.FSM.SPARSE | The CTR DRBG state machine uses a sparse state encoding. |
| CSRNG.GEN_CMD.CTR.REDUN | The generate command uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.DRBG_UPD.CTR.REDUN | The ctr_drbg update algorithm uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.DRBG_GEN.CTR.REDUN | The ctr_drbg generate algorithm uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.CTR_DRBG.CTR.REDUN | The ctr_drbg algorithm uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.CTRL.MUBI | Multi-bit field used for selection control. |
| CSRNG.MAIN_SM.CTR.LOCAL_ESC | A mismatch detected inside any CSRNG counter moves the main state machine into a terminal error state. |
| CSRNG.CONSTANTS.LC_GATED | Seed diversification based on the lifecycle state. |
Expand Down
Loading
Loading