[fuse_ctrl] Generate partitions mmap #47
Conversation
|
andrea-caforio
force-pushed
the
fuse_ctrl_partitions
branch
5 times, most recently
from
40ddc68 to
24e06ae
Compare
andrea-caforio
force-pushed
the
fuse_ctrl_partitions
branch
from
24e06ae to
4f45f29
Compare
andrea-caforio
force-pushed
the
fuse_ctrl_partitions
branch
from
4f45f29 to
e3e50ae
Compare
| { | ||
| name: "FIELD_ENTROPY_0", | ||
| inv_default: "<random>", | ||
| size: "8" |
There was a problem hiding this comment.
Can we inline the documentation for each field? You can probably use desc: variables. The documentation should match the Caliptra spec.
| variant: "Unbuffered", | ||
| size: "64", // in bytes | ||
| absorb: true, | ||
| secret: false, | ||
| sw_digest: true, |
There was a problem hiding this comment.
@anjpar @ekarabu, when a partition is set to sw_digest: true, I believe there is no hardware digest checking taking place. We should document in the guidelines that the ROM is expected to check the digest before consuming the values.
Alternatively, you may want to add a hash digest field to this partition so that ROM can compare the hash after loading the data into SRAM. If you opt for the hash approach, you can use either SHA256 or SHA384.
This is a defense in depth recommendation. Without this, we are relying on the OTP ECC integrity checks.
There was a problem hiding this comment.
This comment also applies to other SW OTP partitions that contain critical values.
Another option I forgot to mention is that you can use multibit encodings for critical fields. If all fields are hardened, then the digest check becomes optional.
| name: "UDS_SEED", | ||
| size: "48" | ||
| } | ||
| name: "MANUF_TOKEN", |
There was a problem hiding this comment.
nit: It may be good to clarify this a bit more. Is this an unlock token? If so, can we call it MANUF_UNLOCK_TOKEN? The same applies for all the tokens below.
For cases where we have authorization tokens, it would be good to encode that in the name.
This will make the programming interface a bit more ergonomic.
| read_lock: "CSR", | ||
| key_sel: "NoKey", | ||
| // This is a strike counter, hence we need to disable ECC integrity for this to work. | ||
| // Integrity is handled at a higher level by SW as described below. |
There was a problem hiding this comment.
Integrity is handled at a higher level by SW as described below.
The description below is missing.
| bkout_type: false, | ||
| items: [ | ||
| { | ||
| name: "FMC_KEY_MANIFEST_SVN", |
There was a problem hiding this comment.
Multi-bit encoding for redundancy is recommended. So 32-bits may result in 16 SVN versions. We should check if this is sufficient.
Merge branch 'main' into user/ekabulut/lowRISC_FC_0115
andrea-caforio
force-pushed
the
fuse_ctrl_partitions
branch
from
e3e50ae to
b7bc735
Compare
Regenerate partitions and assign the fuses (as documented here).