[sw/fi] Add firmware code for OTP data read FI penetration test #23156
Conversation
wettermo
requested review from
moidx and
nasahlpa
and removed request for
a team and
moidx
wettermo
force-pushed
the
earlgrey_es_sival_fi_otp_pr
branch
from
b4ad314 to
95fe35d
Compare
| TRY(otp_vendor_test_dump(otp_read32_result_vendor_test_fi)); | ||
|
|
||
| // Get registered alerts from alert handler. | ||
| reg_alerts = sca_get_triggered_alerts(); |
There was a problem hiding this comment.
Just a FYI - it might be useful to also register the alerts triggered inside Ibex. You could do something similar to here:
opentitan/sw/device/tests/penetrationtests/firmware/fi/ibex_fi.c
Lines 221 to 223 in 08d6cba
Also applies to the test functions below.
There was a problem hiding this comment.
Good point, could be useful. I'll add it.
| uj_output.alerts[0] = reg_alerts.alerts[0]; | ||
| uj_output.alerts[1] = reg_alerts.alerts[1]; | ||
| uj_output.alerts[2] = reg_alerts.alerts[2]; |
There was a problem hiding this comment.
| uj_output.alerts[0] = reg_alerts.alerts[0]; | |
| uj_output.alerts[1] = reg_alerts.alerts[1]; | |
| uj_output.alerts[2] = reg_alerts.alerts[2]; | |
| memcpy(uj_output.alerts, reg_alerts.alerts, sizeof(reg_alerts.alerts)); |
Would also work.
Also applies to the test functions below.
| // Send result & status codes to host. | ||
| otp_fi_hwcfg_partition_t uj_output; | ||
| for (uint32_t i = 0; i < OTP_CTRL_PARAM_HW_CFG_SIZE / 4; i++) { | ||
| uj_output.hw_cfg_comp[i] = otp_read32_result_hw_cfg_comp[i]; |
There was a problem hiding this comment.
Is there a reason why you are not doing the comparison on the chip instead of sending back all data?
In terms of performance, it could be faster to do the comparison on the chip to avoid the communication overhead?
There was a problem hiding this comment.
I had a discussion with Oscar about this, and he said that regarding communication overhead this shouldn't really be relevant, because, compared to SCA, it's only possible to do a couple of FI runs per second, so that the com overhead doesn't have that much impact. Also, it could be nice to have the whole output available on the host to have a look at it in case of a successful FI.
| // FI code target. | ||
| sca_set_trigger_high(); | ||
|
|
||
| // Point for FI | ||
| NOP1000; | ||
| NOP1000; | ||
| NOP1000; | ||
| NOP1000; | ||
|
|
||
| sca_set_trigger_low(); |
There was a problem hiding this comment.
Did you check with the oscilloscope whether this trigger window stays constant when executing this function multiple times? If not, it might be worth to set the reseeding interval to max in the init, .e.g.:
There was a problem hiding this comment.
What do you mean by trigger window staying constant? And how is this related to the entropy source?
There was a problem hiding this comment.
When doing measurements with the oscilloscope, I've noticed that sometimes the trigger windows (i.e., the time between sca_set_trigger_high() and sca_set_trigger_low()) is not constant. The root cause for this was that there were several entropy complex reseed that delayed the execution.
| UJSON_SERDE_STRUCT(OtpFiVendortestPartition, otp_fi_vendortest_partition_t, OTPFI_VENDORTEST_PARTITION); | ||
|
|
||
| #define OTPFI_OWNERSWCFG_PARTITION(field, string) \ | ||
| field(owner_sw_cfg_comp, uint32_t, 200) \ |
There was a problem hiding this comment.
Where are these sizes coming from (e.g. 200)? Would it make sense to use variables here to make sure that we do not accidentally try sending too many / less data over UART back to the host?
There was a problem hiding this comment.
These are just the amount of 32-bit words each partition has (which afaik are fixed).
I can add some #define macros at the top of the file and replace the hardcoded numbers with them, so that its better comprehensible what these sizes represent.
For example:
// Partition sizes in 32-bit words
#define VENDORTEST_SIZE32 16
#define OWNERSWCFG_SIZE32 200
#define HWCFG_SIZE32 20
#define LIFECYCLE_SIZE32 22
95fe35d to
bf8be96
Compare
This adds firmware code for FI pen-testing the OTP module. The test sequence can be summarized in the following way: 1. Read content from a selected OTP partition for comparison values 2. Perform fault injection on nop instructions 3. Read content from the same OTP partition again 4. Compare output with previous output and check if values differ Signed-off-by: Moritz Wettermann <[email protected]>
wettermo
force-pushed
the
earlgrey_es_sival_fi_otp_pr
branch
from
bf8be96 to
039e7b1
Compare
|
Thanks Pascal for the review, I added everything. I also updated the PR in ot-sca (lowRISC/ot-sca#367) accordingly. |
This adds firmware code for FI pen-testing the OTP module.
The test sequence can be summarized in the following way:
The corresponding PR in lowRISC/ot-sca is lowRISC/ot-sca#367