varuns-nvidia
commented
5 months ago @bharatpillilli @howardtr I think we need to revise this text. iTRNG is the preferred integration solution.
Closed A-Rovelli closed 3 months ago
varuns-nvidia
commented
5 months ago @bharatpillilli @howardtr I think we need to revise this text. iTRNG is the preferred integration solution.
varuns-nvidia
commented
5 months ago Actually, sorry I read the spec text and it is intentional. The iTRNG is the preferred integration and the spec is consistent.
Moreover, exactly what does the phrase "...is unable to provide the same security guarantees with an external TRNG." mean?
It means that because the random number comes from the external APB bus instead of the internal AHB bus, Caliptra cannot provide the same assurances. Hence the recommendation for iTRNG.
bharatpillilli
commented
3 months ago Closing because there is no more activity on this
In Caliptra's documentation, as far as the implementation of TRNG is concerned, it is written that the "internal TRNG" solution is the preferable one, but at the same time it is also written that it is not, at the moment, completely reliable. Since this position seems to be a bit ambiguous, we would like to know what exactly Caliptra WG recommends.
These are the text fragments to which we refer:
https://github.com/chipsalliance/Caliptra/blob/main/doc/Caliptra.md#hardware “This mode (HW API) is advised for early development but discouraged for production tape outs due to the lower security assurances of an external TRNG.”
https://github.com/chipsalliance/caliptra-rtl/blob/main/docs/CaliptraIntegrationSpecification.md#trng-req-hw-api “While the use of this API is convenient for early enablement, the current Caliptra hardware is unable to provide the same security guarantees with an external TRNG.”
Moreover, exactly what does the phrase "...is unable to provide the same security guarantees with an external TRNG." mean?