lowRISC / opentitan

OpenTitan: Open source silicon root of trust
https://www.opentitan.org
Apache License 2.0
2.58k stars 777 forks source link

[aes] V2S Signoff #21029

Closed msfschaffner closed 8 months ago

msfschaffner commented 9 months ago

Description

Ensure V1 / V2S signoff criteria are fulfilled after focus area changes have landed.

vogelpi commented 8 months ago

Commits since Earlgrey-ES tapeout

$ git log Earlgrey-M2.5.2-RC0..HEAD --oneline hw/ip/lc_ctrl

fa5dc8a876 [pre_sca] Convert PROLEAD configuration files to Unix format 66472e257a [pre_syn] Include csrng_pkg.sv to re-enable Yosys synthesis 0891b2f045 [aes,pre_sca] Modify evaluation parameters for PROLEAD b9afd40c3e [aes,rtl] Switch to Bivium-based masking PRNG implementation 0726a6dd01 [alma, aes] Add README for the verification flow 7e76564213 [aes, alma] Add verification script for AES S-box 82dc6dce1f [alma] Add yosys template for AES S-box flattening 8354636d91 [alma] Add patching tool for techlib 25f488deab [aes,dv] Fix aes_ctrl_cg sample function declaration 61a237e197 [util/reggen] reverse order of substruct generation de31bdf1c2 [reggen] Remove the devmode input 895c541640 [aes, doc] Clarify availability of sideload, change cryptolib link ac5a127a9c [aes, pre_sca] Enable masking evaluation of AES with PROLEAD 5be278bb25 [aes, kmac, otbn] Perform final clean -purge step in Yosys synthesis 2d0887b7a9 [aes,SiVal] Add features of AES module 78abd88092 [aes, doc] Fix broken links 1b16ca2122 [reggen] Add mubi support SWAccess that sets/clears a reg 59f8142826 [doc] Moved badges over to using hosted images 7688e714e8 [reggen] Add initial support for version and cip_id hjson fields fbd888eea8 Revert "[reggen] Add CIP_IDs and bump all major versions" ba2ca76ae7 [aes, doc] Mention option of implementing GCM with Ibex and bitmanip 9bc003ca25 [aes, kmac] Replace term aggravate in SCA/FI context 4dc21fb4ec [aes, pre_dv] Add very basic scratch Verilator testbench for cipher core 0ba10b3cd3 [reggen] Add CIP_IDs and bump all major versions 5b12b346dc [aes, dv] Enable aes_stress_all(_with_rand_reset) tests 69fa03aaac [aes, dv] Move end detection of last message from scoreboard to env 3dbbf0b3cb [aes, dv] Rework tracking of good, corrupted, split and skipped messages af95b78408 [aes, dv] Encapsulate vseqs in fork/join_any and disable fork blocks 30aee10d6f [aes, dv] Add randomization constraints for aes_alert_reset_vseq f1dcf7ad4d [aes, dv] Reorder test list, add comments to explain grouping 2526b01657 [aes, dv] Fix aes_manual_config_err_vseq cb90c98960 [aes, dv] Fix cfg_error_type constraint resolution for aes_message_item e47df29f3e [misc] Use lc_tx_t testing functions at endpoints 6744fe2f94 [aes, dv] Switch from csr_update() to csr_wr() for set_regwen() f2b781b359 [aes, dv] Move regwen testing into base sequence 9cb2a1c077 [aes, dv] Add alert_test testing to aes_alert_reset_test 9d0f701812 [aes, dv] Increase manual operation percentage for config error test 89f58b3bc7 [aes, dv] Simplify handling of different modes in process_tl_access() b39259025b [aes, dv] Enable configuration error testing with sideload keys 52551971f4 [aes, dv] Comment and fix usage of status_fsm() task inside send_msg() bd450974ee [aes, dv] Make sure aes_status_cg.cp_alert_recov is hit be7bae1ec7 [aes, dv] Always set PRNG reseed rate during setup_dut()

Issues closed since the Earlgrey-ES tapeout

DD (& DV)

DV

Doc

Community support requests

Misc

Currently open issues

DD (& DV)

DV

Misc

Coverage report from 02/21/2024

The following reports have been retrieved from the nightly DV dashboard (based on commit df66f8a42e0877692826e6534f439486df976832).

Masked variant

m2_v2s_signoff_aes_masked

Unmasked variant

m2_v2s_signoff_aes_unmasked

At a first glance, the progress on the sequences seems low. However, upon inspecting the pass/fail rates, one can see that all tests have a pass rate above 90%, meaning the V2S criteria are still met as before. Similarly, coverage metrics are above the threshold.

The last FPV report is from Aug 2023 and all FPV tests were passing for AES. Since then, the only relevant RTL change was the replacement of the PRNG which doesn't touch FPV.

Summary

The only relevant RTL change in this block was #19091 where we replaced the LFSR-based PRNG with an implementation based on the Bivium stream cipher primitive to prevent brute-forcing attacks on the PRNG state. The change itself is very isolated to the PRNG itself and the relevant DV parts have been adjusted to maintain the coverage metrics and pass rates above the thresholds (in particular the aes_reseed test).

Most test failures are in the FI tests part of V2S. Modeling the expected behavior for these tests would require high effort without a clear benefit, we don't gain more confidence into these FI countermeasures by reaching 100% pass rate. The important work here has been to ensure that the countermeasure isn't optimized away during synthesis and this work has been done a long time ago. Still, the pass rate for all tests is above the V2S threshold of 90%.

Since M2.5.2 there has been some DV work to enable a previously disabled test (stress_all) and some fixes to improve functional coverage. One little and uncritical coverage hole has been discovered since then which is tracked in #20941. All coverage metrics are above the V2S threshold of 90%.

Since the block still fulfills the V2S criteria, I am suggesting to sign this off at V2S directly.

vogelpi commented 8 months ago

Would you mind taking a look at this @msfschaffner and @andreaskurth please?

msfschaffner commented 8 months ago

Thanks for the analysis @vogelpi. Given the amount of verification (both DV and SCA) that has been repeated to cover the PRNG changes, I agree that we can sign this off at V2S directly.

andreaskurth commented 8 months ago

Thanks for the detailed analysis, @vogelpi! I agree with signing off at V2S, too.