Closed msfschaffner closed 6 months ago
git rev-parse HEAD
c73929e4d6e864bad72c456b265a089225a5c8e2
git log Earlgrey-M2.5.2-RC0..HEAD --oneline hw/ip/keymgr
otp_ctrl_pkg::otp_keymgr_key_t
the creator root key shares got renamed and the valid
signal got split into one valid signal per share.UseOtpSeedsInsteadOfFlash
synthesis parameter is enabled, which is disabled in Earlgrey -- so this does not change functionality for Earlgrey.https://github.com/lowRISC/opentitan/issues?q=is%3Aissue+is%3Aclosed+closed%3A%3E2023-06-27+keymgr
--> not planned
--> bug in prim_subreg
that got resolved
--> resolved for Earlgrey-ES tapeout already but got closed afterwards
--> not planned
--> top-level test
--> not planned
--> resolved in #21372: keymgr now gets a unique diversification value (from lc_ctrl) for each group of life cycle states
--> kmac
--> not planned for Earlgrey-PROD
--> flash_ctrl
--> edn
--> not planned
--> unrelated to keymgr
--> test issue
--> test issue
--> kmac
--> bazel
--> top-level test
--> keymgr_dpe
--> keymgr_dpe
--> kmac
--> CM annotations
--> kmac
--> otp_ctrl
--> pwrmgr
--> otp_ctrl
--> pwrmgr
--> top_darjeeling
--> SiVal
--> SiVal
https://github.com/lowRISC/opentitan/issues?q=is%3Aissue+is%3Aopen+keymgr
--> future release / backlog
--> ROM
--> kmac
--> cryptolib
--> edn
--> future release / backlog
--> D2S & M3; thus we expect security hardening changes for keymgr and should not sign off D2S yet
--> V2S & M5
--> doc improvement
--> ROM_EXT
--> kmac
--> kmac
--> future release / backlog
--> top-level test
--> DIF
--> Integrated
--> cryptolib
--> top-level test
--> top-level test
--> cryptolib
--> ROM_EXT
--> kmac
--> cryptolib
--> future release / backlog
--> ROM_EXT
--> V3 & M5
--> future release / backlog
--> cryptolib
--> V3 & M5
--> M3
--> cryptolib
--> V3 & M5
--> V3 & M5
--> M5
--> not directly related to keymgr
--> SiVal
--> ROM_EXT
--> ROM_EXT
--> build system
--> SiVal
--> cryptolib
--> ROM
--> SiVal
--> future release / backlog
--> SiVal
--> keymgr_dpe
--> this issue
--> V2(S) signoff
--> keymgr_dpe
--> SiVal
--> keymgr_dpe
--> SiVal
--> SiVal
--> SiVal
--> SiVal
--> SiVal
--> ROM
--> ROM
--> SiVal
--> cryptolib
--> SW
--> feature request under discussion, not gating this signoff on it
--> cryptolib
--> looks like a provisioning issue rather than a HW issue; otherwise feature request to be discussed, not gating this signoff on it
--> feature request under discussion, not gating this signoff on it
--> feature request under discussion, not gating this signoff on it
--> cryptolib
Re RTL changes, e81b5885e5 is the only RTL change with minimal functional impact; the only functional change is that each creator root key share now has its own valid signal. The two valid signals get ANDed in keymgr_ctrl
before u_key_valid_sync
. This doesn't create glitch problems because the signals only ever transition from 0 to 1. DV has been changed to take this into account.
Re closed design issues since Earlgrey-ES tapeout, #19146 fixed a bug in prim_subreg_arb
(#5146), which is relevant for keymgr, and #21372 changed lc_ctrl so that keymgr now gets a unique diversification value for each group of life cycle states (resolving #14047). Top-level tests cover these changes.
Re open design issues, #8120 is an open item for D2S, so we should not sign off D2S at this point. #22117, #22296, and #22297 could be open items for D2 but they are under discussion, so I suggest we don't gate this signoff on them. If we decide that at least one of those items need a keymgr design change, that could be a minor change as part of D3 or, if it's a major change, we will have to re-open D2.
In conclusion, I think this analysis supports signing keymgr off at D2 but not D2S. I'll create a separate issue for keymgr D2S signoff as part of M3.
@vogelpi: May I ask you for feedback on my analysis and D2 signoff approval if you agree?
Thanks for putting this together @andreaskurth !
To be honest, I am in favor of signing of D2S. This is the state keymgr was before and as you pointed out, no significant changes have gone in since the last sign-off. So there is IMO no need to go back down again. I agree that there are a couple of security hardening changes we want to do for M3. But all of them are minor. We also keep adding security improvements to other blocks after hitting D2S.
D2S just says security countermeasures are implemented and this is the case for keymgr. The things coming in M3 are not about adding new countermeasures but minor improvements to existing things.
So to summarize: signing of at D2 is definitely okay, signing of at D2S would be preferred from my side. It will save us further paper work in M3.
Alright, given that (1) keymgr has been signed off at D2S before and the changes since then don't revert D2S and (2) #8120 is tracked for M3, I agree that we can sign keymgr off at D2S again.
Description
Ensure D2(S) signoff criteria are still maintained (this is not a focus area block).