diff --git a/BLOCKFILE b/BLOCKFILE index e81e83ed71eba7..277ae0ddc17dd3 100644 --- a/BLOCKFILE +++ b/BLOCKFILE @@ -92,19 +92,19 @@ hw/ip/otbn/data/otbn.hjson hw/ip/entropy_src/data/entropy_src.hjson hw/ip/aes/data/aes.hjson hw/ip/i2c/data/i2c.hjson -hw/ip/otp_ctrl/data/otp_ctrl.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_rma.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked0.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked1.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked0.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_creator_sw_cfg.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_hw_cfg.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_raw.hjson -hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked1.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_prod.hjson -hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked2.hjson +hw/top_earlgrey/data/otp/otp_ctrl.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_rma.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked0.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked1.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked0.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_creator_sw_cfg.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_hw_cfg.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_raw.hjson +hw/top_earlgrey/data/otp/otp_ctrl_mmap.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked1.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_prod.hjson +hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked2.hjson hw/ip/rv_core_ibex/data/rv_core_ibex.hjson hw/ip/pwm/data/pwm.hjson hw/ip/aon_timer/data/aon_timer.hjson diff --git a/SUMMARY.md b/SUMMARY.md index 59681731fce83b..d75a662e5f1f66 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -417,7 +417,7 @@ - [Device Software](./sw/device/README.md) - [Build & Test Rules](./rules/opentitan/README.md) - [FPGA Bitstreams](./hw/bitstream/README.md) - - [OTP Build and Test Infrastructure](./hw/ip/otp_ctrl/data/README.md) + - [OTP Preload Image Generator](./util/design/README.md#otp_preload_image_generator) - [Device Libraries](./sw/device/lib/README.md) - [DIF Library](./sw/device/lib/dif/README.md) - [ADC Checklist](sw/device/lib/dif/dif_adc_ctrl.md) diff --git a/hw/bitstream/README.md b/hw/bitstream/README.md index 40452865e50313..45058b1168e696 100644 --- a/hw/bitstream/README.md +++ b/hw/bitstream/README.md @@ -35,7 +35,7 @@ opentitan_test( name = "individualize_sw_cfg_functest", srcs = ["individualize_sw_cfg_functest.c"], fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_unlocked0_manuf_initialized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked0_manuf_initialized", tags = ["manuf"], ), exec_env = { @@ -98,4 +98,4 @@ opentitan_test( ## Read More -* [OTP Build and Test Infrastructure](../ip/otp_ctrl/data/README.md) +* [OTP Preload Image Generator](../../util/design/README.md#otp_preload_image_generator) diff --git a/hw/bitstream/vivado/BUILD b/hw/bitstream/vivado/BUILD index 05cbb012179281..37ce2a4871d4fb 100644 --- a/hw/bitstream/vivado/BUILD +++ b/hw/bitstream/vivado/BUILD @@ -24,7 +24,7 @@ _CW310_TESTROM = "//sw/device/lib/testing/test_rom:test_rom_fpga_cw310_scr_vmem" _CW340_TESTROM = _CW310_TESTROM -_OTP_RMA = "//hw/ip/otp_ctrl/data:img_rma" +_OTP_RMA = "//hw/top_earlgrey/data/otp:img_rma" _CW310_TESTROM_PATH = "{}/$(location {})".format(_PREFIX, _CW310_TESTROM) diff --git a/hw/dv/tools/dvsim/sim.mk b/hw/dv/tools/dvsim/sim.mk index 60ad58967d7610..08175c624602ea 100644 --- a/hw/dv/tools/dvsim/sim.mk +++ b/hw/dv/tools/dvsim/sim.mk @@ -101,13 +101,13 @@ ifneq (${sw_images},) echo "Building SW image \"$${bazel_label}\"."; \ bazel_airgapped_opts=""; \ bazel_opts="${sw_build_opts} --define DISABLE_VERILATOR_BUILD=true"; \ - bazel_opts+=" --//hw/ip/otp_ctrl/data:img_seed=${seed}"; \ + bazel_opts+=" --//util/design/data:img_seed=${seed}"; \ if [[ "${build_seed}" != "None" ]]; then \ - bazel_opts+=" --//hw/ip/otp_ctrl/data:lc_seed=${build_seed}"; \ - bazel_opts+=" --//hw/ip/otp_ctrl/data:otp_seed=${build_seed}"; \ + bazel_opts+=" --//util/design/data:lc_seed=${build_seed}"; \ + bazel_opts+=" --//util/design/data:otp_seed=${build_seed}"; \ fi; \ if [[ -n $${BAZEL_OTP_DATA_PERM_FLAG} ]]; then \ - bazel_opts+=" --//hw/ip/otp_ctrl/data:data_perm=$${BAZEL_OTP_DATA_PERM_FLAG}"; \ + bazel_opts+=" --//util/design/data:data_perm=$${BAZEL_OTP_DATA_PERM_FLAG}"; \ fi; \ if [[ $${OT_AIRGAPPED} != true ]]; then \ echo "Building \"$${bazel_label}\" on network connected machine."; \ diff --git a/hw/ip/otp_ctrl/data/BUILD b/hw/ip/otp_ctrl/data/BUILD index 7cbac51afed3e0..c8cacec5b985db 100644 --- a/hw/ip/otp_ctrl/data/BUILD +++ b/hw/ip/otp_ctrl/data/BUILD @@ -2,68 +2,13 @@ # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 -load("@bazel_skylib//rules:common_settings.bzl", "int_flag", "string_flag") -load("@rules_pkg//pkg:mappings.bzl", "pkg_files") +package(default_visibility = ["//visibility:public"]) + load( "//rules:autogen.bzl", "autogen_hjson_c_header", "autogen_hjson_rust_header", ) -load("//rules:const.bzl", "CONST", "EARLGREY_ALERTS", "EARLGREY_LOC_ALERTS") -load( - "//rules:otp.bzl", - "OTP_SIGVERIFY_FAKE_KEYS", - "STD_OTP_OVERLAYS", - "otp_alert_classification", - "otp_alert_digest", - "otp_hex", - "otp_image", - "otp_json", - "otp_partition", - "otp_per_class_bytes", - "otp_per_class_ints", - "otp_per_class_lists", -) - -package(default_visibility = ["//visibility:public"]) - -# These configurations expose the OTP image generation tool's command line -# arguments to enable dvsim to pass this through Bazel to the underlying OTP -# image generation script. This is required to enable dvsim to invoke OTP image -# generation as part of the Bazel build process, while still enabling the use of -# multiple seeds needed to achieve DV coverage. -int_flag( - name = "img_seed", - build_setting_default = 0, -) - -string_flag( - name = "lc_seed", - # Default must match value in hw/ip/lc_ctrl/data/lc_ctrl.hjson. - build_setting_default = "40182201019264397688411770949626922549663256047001778394918990008320537410392", -) - -string_flag( - name = "otp_seed", - # Default must match value in hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson. - build_setting_default = "36021179872380457113239299468132194022238108125576166239904535336103582949069", -) - -string_flag( - name = "data_perm", - build_setting_default = "", -) - -# This package must be kept in sync with get_otp_images() from //rules:otp.bzl. -# That is, each OTP image referenced by the macro should have a definition in -# this BUILD file. - -filegroup( - name = "all_files", - srcs = glob(["**"]), -) - -exports_files(["otp_ctrl_img.h.tpl"]) autogen_hjson_c_header( name = "otp_ctrl_c_regs", @@ -81,543 +26,7 @@ autogen_hjson_rust_header( node = "core", ) -exports_files(["otp_ctrl_mmap.hjson"]) - -otp_json( - name = "otp_json_creator_sw_cfg", - partitions = [ - otp_partition( - name = "CREATOR_SW_CFG", - items = { - # Disable SPX+ signature verification. See the definition of - # `kSigverifySpxDisabledOtp` in - # sw/device/silicon_creator/lib/sigverify/spx_verify.h. - "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x8d6c8c17), - # Enable use of entropy for countermeasures. See the definition - # of `hardened_bool_t` in sw/device/lib/base/hardened.h. - "CREATOR_SW_CFG_RNG_EN": otp_hex(CONST.HARDENED_TRUE), - # ROM execution is enabled if this item is set to a non-zero - # value. - "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), - # Value to write to the cpuctrl CSR in `rom_init()`. - # See: - # https://ibex-core.readthedocs.io/en/latest/03_reference/cs_registers.html#cpu-control-register-cpuctrl - "CREATOR_SW_CFG_CPUCTRL": otp_hex(0x1), - "CREATOR_SW_CFG_JITTER_EN": otp_hex(CONST.MUBI4_FALSE), - # Value of the min_security_version_rom_ext field of the - # default boot data. - "CREATOR_SW_CFG_MIN_SEC_VER_ROM_EXT": otp_hex(0x0), - # Value of the min_security_version_bl0 field of the default - # boot data. - "CREATOR_SW_CFG_MIN_SEC_VER_BL0": otp_hex(0x0), - # Enable the default boot data in PROD and PROD_END life cycle - # states. See the definition of `hardened_bool_t` in - # sw/device/lib/base/hardened.h. - "CREATOR_SW_CFG_DEFAULT_BOOT_DATA_IN_PROD_EN": otp_hex(CONST.HARDENED_TRUE), - # Enable AST initialization. - "CREATOR_SW_CFG_AST_INIT_EN": otp_hex(CONST.MUBI4_TRUE), - # TODO: This enables a busyloop in the ROM to give time to - # trigger an RMA lifecycle transition via JTAG. The current - # value of 10 cycles is useful for test code which verifies - # the path through the ROM. This value is not useful for a - # real chip. - "CREATOR_SW_CFG_RMA_SPIN_EN": otp_hex(CONST.HARDENED_TRUE), - "CREATOR_SW_CFG_RMA_SPIN_CYCLES": "10", - # Entropy source health check default values. This needs to be - # populated when `CREATOR_SW_CFG_RNG_EN` is set to true. - "CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS": otp_hex(0x0), - "CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS": otp_hex(0x0), - "CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS": otp_hex(0xffffffff), - "CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS": otp_hex(0x0), - "CREATOR_SW_CFG_RNG_ALERT_THRESHOLD": otp_hex(0xfffd0002), - "CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST": otp_hex(0x8264cf75), - }, - ), - ], -) - -# CREATOR_SW_CFG configuration for TEST_UNLOCKED lifecycle device states. -# Configures OTP values required to enable ROM execution. All other values are -# configured with the `otp_json_creator_sw_cfg` rule. -otp_json( - name = "otp_json_creator_sw_cfg_test_unlocked", - partitions = [ - otp_partition( - name = "CREATOR_SW_CFG", - items = { - # ROM execution is enabled if this item is set to a non-zero - # value. - "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), - }, - ), - ], -) - -otp_json( - name = "otp_json_owner_sw_cfg", - partitions = [ - otp_partition( - name = "OWNER_SW_CFG", - items = { - # Enable bootstrap. See `hardened_bool_t` in - # sw/device/lib/base/hardened.h. - "OWNER_SW_CFG_ROM_BOOTSTRAP_DIS": otp_hex(CONST.HARDENED_FALSE), - # Set to 0x739 to use the OTP hash measurement of the software - # readable OTP partitions as the key manager attestation binding - # value. - "OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN": otp_hex(0x0), - # Report errors without any redaction. - "OWNER_SW_CFG_ROM_ERROR_REPORTING": otp_hex(CONST.SHUTDOWN.REDACT.NONE), - # Set the enables to kAlertEnableNone. - # See `alert_enable_t` in - # sw/device/silicon_creator/lib/drivers/alert.h - "OWNER_SW_CFG_ROM_ALERT_CLASS_EN": otp_per_class_bytes( - A = CONST.ALERT.NONE, - B = CONST.ALERT.NONE, - C = CONST.ALERT.NONE, - D = CONST.ALERT.NONE, - ), - # Set the escalation policies to kAlertEscalateNone. - # See `alert_escalate_t` in - # sw/device/silicon_creator/lib/drivers/alert.h - "OWNER_SW_CFG_ROM_ALERT_ESCALATION": otp_per_class_bytes( - A = CONST.ALERT.ESC_NONE, - B = CONST.ALERT.ESC_NONE, - C = CONST.ALERT.ESC_NONE, - D = CONST.ALERT.ESC_NONE, - ), - # Set the classifications to kAlertClassX. - # See `alert_class_t` in - # sw/device/silicon_creator/lib/drivers/alert.h - "OWNER_SW_CFG_ROM_ALERT_CLASSIFICATION": otp_alert_classification( - alert_list = EARLGREY_ALERTS, - # The ordering is "prod, prod_end, dev, rma" - default = "X, X, X, X", - ), - - # Set the classifications to kAlertClassX. See `alert_class_t` in - # sw/device/silicon_creator/lib/drivers/alert.h - "OWNER_SW_CFG_ROM_LOCAL_ALERT_CLASSIFICATION": otp_alert_classification( - alert_list = EARLGREY_LOC_ALERTS, - # The ordering is "prod, prod_end, dev, rma" - default = "X, X, X, X", - ), - # Set the alert accumulation thresholds to 0 per class. - "OWNER_SW_CFG_ROM_ALERT_ACCUM_THRESH": otp_per_class_ints( - A = 0, - B = 0, - C = 0, - D = 0, - ), - # Set the alert timeout cycles to 0 per class. - "OWNER_SW_CFG_ROM_ALERT_TIMEOUT_CYCLES": otp_per_class_ints( - A = 0, - B = 0, - C = 0, - D = 0, - ), - # Set the alert phase cycles to 0,10,10,0xFFFFFFFF for classes - # A and B, and to all zeros for classes C and D. - "OWNER_SW_CFG_ROM_ALERT_PHASE_CYCLES": otp_per_class_lists( - A = "0x0, 0xa, 0xa, 0xffffffff", - B = "0x0, 0xa, 0xa, 0xffffffff", - C = "0x0, 0x0, 0x0, 0x0", - D = "0x0, 0x0, 0x0, 0x0", - ), - # By default, ROM_EXT's bootstrap feature should be disabled. - "OWNER_SW_CFG_ROM_EXT_BOOTSTRAP_EN": otp_hex(CONST.HARDENED_FALSE), - # Disable SRAM readback for both ret-ram and main sram. - "OWNER_SW_CFG_ROM_SRAM_READBACK_EN": otp_hex(CONST.MUBI4_FALSE << 4 | CONST.MUBI4_FALSE), - "OWNER_SW_CFG_ROM_PRESERVE_RESET_REASON_EN": otp_hex(CONST.HARDENED_FALSE), - "OWNER_SW_CFG_ROM_RESET_REASON_CHECK_VALUE": otp_hex(CONST.HARDENED_FALSE << 16 | CONST.HARDENED_FALSE), - "OWNER_SW_CFG_ROM_FLASH_ECC_EXC_HANDLER_EN": otp_hex(CONST.HARDENED_TRUE), - # By default, the sensor_ctrl should disable all sensors and mark - # alerts as recoverable. - "OWNER_SW_CFG_ROM_SENSOR_CTRL_ALERT_CFG": [ - otp_hex(0x69696969), - otp_hex(0x69696969), - otp_hex(0x69696969), - ], - }, - ), - ], -) - -otp_json( - name = "otp_json_hw_cfg0", - partitions = [ - otp_partition( - name = "HW_CFG0", - items = { - "DEVICE_ID": "", - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_hw_cfg1", - partitions = [ - otp_partition( - name = "HW_CFG1", - items = { - # Enable code execution from SRAM in PROD state. - "EN_SRAM_IFETCH": True, - # Cryptolib and chip-level tests require access to the CSRNG - # software interfaces. - "EN_CSRNG_SW_APP_READ": True, - # Use legacy behavior and disable late debug enable. - "DIS_RV_DM_LATE_DEBUG": True, - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_secret0", - partitions = [ - otp_partition( - name = "SECRET0", - items = { - "TEST_UNLOCK_TOKEN": "", - "TEST_EXIT_TOKEN": "", - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_fixed_secret0", - partitions = [ - otp_partition( - name = "SECRET0", - items = { - # These match their cSHAKE-128 (w/ "LC_CTRL" customization string) - # preimage counterpart of: 0x1111_1111_1111_1111_1111_1111_1111_1111, - # which is hardcoded into the test that use this overlay. - # The script that generated this token is: - # //sw/host/tests/manuf/manuf_cp_device_info_flash_wr:gen_test_exit_token - "TEST_UNLOCK_TOKEN": "0xde0a1f1e0d6a649fd35fadb75ec82674", - "TEST_EXIT_TOKEN": "0xde0a1f1e0d6a649fd35fadb75ec82674", - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_secret1", - partitions = [ - otp_partition( - name = "SECRET1", - items = { - "FLASH_ADDR_KEY_SEED": "", - "FLASH_DATA_KEY_SEED": "", - "SRAM_DATA_KEY_SEED": "", - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_secret2", - partitions = [ - otp_partition( - name = "SECRET2", - items = { - "RMA_TOKEN": "", - "CREATOR_ROOT_KEY_SHARE0": "", - "CREATOR_ROOT_KEY_SHARE1": "", - }, - lock = True, - ), - ], -) - -otp_json( - name = "otp_json_secret2_unlocked", - partitions = [ - otp_partition( - name = "SECRET2", - items = { - "RMA_TOKEN": "", - "CREATOR_ROOT_KEY_SHARE0": "", - "CREATOR_ROOT_KEY_SHARE1": "", - }, - lock = False, - ), - ], -) - -otp_json( - name = "otp_json_fixed_secret2", - partitions = [ - otp_partition( - name = "SECRET2", - items = { - # We aren't testing keymgr for ROM_EXT tests and we want - # reproducible bitstreams for all tests. - "RMA_TOKEN": "0x1faf9056acde66561685549803a28bec", - "CREATOR_ROOT_KEY_SHARE0": "1111111111111111111111111111111111111111111111111111111111111111", - "CREATOR_ROOT_KEY_SHARE1": "2222222222222222222222222222222222222222222222222222222222222222", - }, - lock = True, - ), - ], -) - -# OTP LC STATE-SPECIFIC CONFIGS -otp_json( - name = "otp_json_raw", - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = 0, - state = "RAW", - ), - ], - seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", -) - -[ - otp_json( - name = "otp_json_test_unlocked{}".format(i), - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = (i * 2) + 1, - state = "TEST_UNLOCKED{}".format(i), - ), - ], - seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", - ) - for i in range(0, 8) -] - -[ - otp_json( - name = "otp_json_test_locked{}".format(i), - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = (i + 1) * 2, - state = "TEST_LOCKED{}".format(i), - ), - ], - seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", - ) - for i in range(0, 7) -] - -otp_json( - name = "otp_json_dev", - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = "5", - state = "DEV", - ), - ], - seed = "85452983286950371191603618368782861611109037138182535346147818831008789508651", -) - -otp_json( - name = "otp_json_prod", - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = 5, - state = "PROD", - ), - ], - seed = "113517944176559405110937879233240229311794601727326023435899657066678782830485", -) - -otp_json( - name = "otp_json_prod_end", - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = 5, - state = "PROD_END", - ), - ], - seed = "113517944176559405110937879233240229311794601727326023435899657066678782830485", -) - -otp_json( - name = "otp_json_rma", - partitions = [ - otp_partition( - name = "LIFE_CYCLE", - count = 8, - state = "RMA", - ), - ], - seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", -) - -# Create an overlay for the alert_handler digest. -otp_alert_digest( - name = "otp_json_alert_digest_cfg", - otp_img = ":otp_json_owner_sw_cfg", -) - -# The RAW OTP image only contains the LIFE_CYCLE partition, which is set to RAW -# state. All other partitions are left with default values to ensure the state -# of OTP is representative of post-silicon scenarios. -otp_image( - name = "img_raw", - src = ":otp_json_raw", -) - -[ - # TEST_UNLOCKED images are expected to only have the SECRET0 partition - # configured, as well as ROM execution enabled in the CREATOR_SW partition. - # All other partitions are left with default values to ensure the state of - # OTP is representative of post-silicon scenarios. - otp_image( - name = "img_test_unlocked{}".format(i), - src = ":otp_json_test_unlocked{}".format(i), - overlays = [ - ":otp_json_secret0", - ":otp_json_creator_sw_cfg_test_unlocked", - ] + OTP_SIGVERIFY_FAKE_KEYS, - ) - for i in range(0, 8) -] - -[ - otp_image( - name = "img_test_locked{}".format(i), - src = ":otp_json_test_locked{}".format(i), - overlays = [ - ":otp_json_secret0", - ":otp_json_creator_sw_cfg_test_unlocked", - ], - ) - for i in range(0, 7) -] - -# Represents a TEST_UNLOCKED1 state OTP image emulating the state of the device -# after the test tokens have been applied and before running individualization. -# The following partitions are missing to ensure the image is initialized with -# values that would be present prior to the final individualization -# manufacturing stage: SECRET1, SECRET2, HW_CFG0/1. -# The following partitions are expected to be configured in previous -# manufacturing stages: SECRET0, CREATOR_SW, OWNER_SW. -otp_image( - name = "img_test_unlocked1_initial", - src = ":otp_json_test_unlocked1", - overlays = [ - ":otp_json_secret0", - ":otp_json_creator_sw_cfg", - ":otp_json_owner_sw_cfg", - ":otp_json_alert_digest_cfg", - ] + OTP_SIGVERIFY_FAKE_KEYS, -) - -otp_image( - name = "img_dev", - src = ":otp_json_dev", - overlays = STD_OTP_OVERLAYS, -) - -otp_image( - name = "img_prod", - src = ":otp_json_prod", - overlays = STD_OTP_OVERLAYS, -) - -otp_image( - name = "img_prod_end", - src = ":otp_json_prod_end", - overlays = STD_OTP_OVERLAYS, -) - -otp_image( - name = "img_rma", - src = ":otp_json_rma", - overlays = STD_OTP_OVERLAYS, -) - -# Create an execution-disabling overlay -otp_json( - name = "otp_json_exec_disabled", - partitions = [ - otp_partition( - name = "CREATOR_SW_CFG", - items = {"CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0x0)}, - ), - ], -) - -otp_image( - name = "img_exec_disabled", - src = ":otp_json_rma", - overlays = STD_OTP_OVERLAYS + [":otp_json_exec_disabled"], -) - -# Create a bootstrap-disabling overlay -otp_json( - name = "otp_json_bootstrap_disabled", - partitions = [ - otp_partition( - name = "OWNER_SW_CFG", - items = {"OWNER_SW_CFG_ROM_BOOTSTRAP_DIS": otp_hex(CONST.HARDENED_TRUE)}, - ), - ], -) - -otp_image( - name = "img_bootstrap_disabled", - src = ":otp_json_rma", - overlays = STD_OTP_OVERLAYS + [":otp_json_bootstrap_disabled"], -) - filegroup( - name = "otp_imgs", - srcs = [ - ":img_dev", - ":img_prod", - ":img_raw", - ":img_rma", - ":img_test_locked0", - ":img_test_locked1", - ":img_test_locked2", - ":img_test_locked3", - ":img_test_locked4", - ":img_test_locked5", - ":img_test_locked6", - ":img_test_unlocked0", - ":img_test_unlocked1", - ":img_test_unlocked1_initial", - ":img_test_unlocked2", - ":img_test_unlocked3", - ":img_test_unlocked4", - ":img_test_unlocked5", - ":img_test_unlocked6", - ":img_test_unlocked7", - ], -) - -pkg_files( - name = "package", - srcs = [":otp_imgs"], - prefix = "earlgrey/otp", -) - -# Partition used to set a fixed seed value in `otp_image_consts` targets. -otp_json( - name = "otp_json_baseline", - seed = "85452983286950371191603618368782861611109037138182535346147818831008789508651", + name = "all_files", + srcs = glob(["**"]), ) diff --git a/hw/ip/otp_ctrl/data/README.md b/hw/ip/otp_ctrl/data/README.md deleted file mode 100644 index 2e4b56925e93b9..00000000000000 --- a/hw/ip/otp_ctrl/data/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# OTP Build and Test Infrastructure - -OTP image configurations are defined using hjson objects. Currently there are -two ways to build images: - -1. Pre-built OTP image overlays defined in hjson. These is the approach - currently used in most DV test cases. -2. Dynamically built OTP image overlays defined in [Bazel](#bazel). This is the - approach currently used in FPGA and Silicon Validation (SiVal) targets. - -## Bazel - -See `//hw/ip/otp_ctrl/data/BUILD` for detailed references on the rules -described below. - -### OTP HJSON Map - -OTP image overlays are first defined using the `otp_json` Bazel rule. The -following example shows the definition of a `SECRET2` partition configuration: - -```python -otp_json( - name = "otp_json_secret2_unlocked", - partitions = [ - otp_partition( - name = "SECRET2", - items = { - "RMA_TOKEN": "", - "CREATOR_ROOT_KEY_SHARE0": "", - "CREATOR_ROOT_KEY_SHARE1": "", - }, - lock = False, - ), - ], -) -``` - -See `//rules/otp.bzl` for additional documentation on additional parameters -available in the `otp_json` rule. - -### OTP Image - -An OTP image is a collection of OTP JSON files used to create an OTP image. -An OTP can have multiple `otp_json` dependencies. Each dependency has the -ability of override the values of the previous dependency, so the order in -which these are listed is important. - -```python -# Represents a device in DEV state with the SECRET0 and SECRET1 partitions in -# locked state. SECRET2 partition is unlocked. -otp_image( - name = "img_dev_individualized", - src = ":otp_json_dev", - overlays = [ - ":otp_json_secret0", - ":otp_json_secret1", - ] + STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS, -) -``` - -In this example, the `src` attribute points to the baseline OTP JSON -configuration, and the list of overlay dependencies are applied in order -of precedence in the `overlays` attribute. - -The `STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS` definition imported from -`//rules:otp.bzl` declares a list of `otp_json` targets that are used -as overlays. There are other list of predefined overlays that are used -throughout the code base. - -### FPGA Integration - -See [FPGA bitstreams](../../../bitstream/README.md) documentation for more details. diff --git a/hw/top_earlgrey/BUILD b/hw/top_earlgrey/BUILD index 872e7410a6649c..3bbfd761e8082b 100644 --- a/hw/top_earlgrey/BUILD +++ b/hw/top_earlgrey/BUILD @@ -91,7 +91,7 @@ fpga_cw310( base_bitstream = "//hw/bitstream:bitstream", exec_env = "fpga_cw310_test_rom", openocd_adapter_config = "//third_party/openocd:jtag_olimex_cfg", - otp = "//hw/ip/otp_ctrl/data:img_rma", + otp = "//hw/top_earlgrey/data/otp:img_rma", otp_mmi = "//hw/bitstream:otp_mmi", param = { "interface": "cw310", @@ -156,7 +156,7 @@ fpga_cw310( ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:test_key_0_ecdsa_p256": "test_key_0"}, exec_env = "fpga_hyper310_rom_with_fake_keys", manifest = "//sw/device/silicon_creator/rom_ext:manifest", - otp = "//hw/ip/otp_ctrl/data:img_rma", + otp = "//hw/top_earlgrey/data/otp:img_rma", otp_mmi = "//hw/bitstream/hyperdebug:otp_mmi", param = { "interface": "hyper310", @@ -212,7 +212,7 @@ fpga_cw310( # binary. ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, exec_env = "fpga_cw310_sival", - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, tags = ["cw310_sival"], ) @@ -231,7 +231,7 @@ fpga_cw310( "//sw/device/lib/arch:boot_stage_owner", "//sw/device/lib/arch:fpga_cw310", ], - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a", rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_prod_private_key_0": "prod_key_0"}, tags = ["cw310_sival_rom_ext"], @@ -296,7 +296,7 @@ fpga_cw340( base = ":fpga_cw340", base_bitstream = "//hw/bitstream/cw340:bitstream", exec_env = "fpga_cw340_test_rom", - otp = "//hw/ip/otp_ctrl/data:img_rma", + otp = "//hw/top_earlgrey/data/otp:img_rma", otp_mmi = "//hw/bitstream/cw340:otp_mmi", rom = "//sw/device/lib/testing/test_rom:test_rom", rom_mmi = "//hw/bitstream/cw340:rom_mmi", @@ -317,7 +317,7 @@ fpga_cw340( ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:test_key_0_ecdsa_p256": "test_key_0"}, exec_env = "fpga_cw340_rom_with_fake_keys", manifest = "//sw/device/silicon_creator/rom_ext:manifest", - otp = "//hw/ip/otp_ctrl/data:img_rma", + otp = "//hw/top_earlgrey/data/otp:img_rma", otp_mmi = "//hw/bitstream/cw340:otp_mmi", rom = "//sw/device/silicon_creator/rom:mask_rom", rom_mmi = "//hw/bitstream/cw340:rom_mmi", @@ -368,7 +368,7 @@ fpga_cw340( # binary. ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, exec_env = "fpga_cw340_sival", - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, tags = ["cw340_sival"], ) @@ -387,7 +387,7 @@ fpga_cw340( "//sw/device/lib/arch:boot_stage_owner", "//sw/device/lib/arch:fpga_cw340", ], - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a", rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_prod_private_key_0": "prod_key_0"}, tags = ["cw340_sival_rom_ext"], @@ -489,7 +489,7 @@ sim_verilator( "//sw/device/lib/arch:sim_verilator", ], linker_script = "//sw/device/lib/testing/test_framework:ottf_ld_silicon_creator_slot_a", - otp = "//hw/ip/otp_ctrl/data:img_rma", + otp = "//hw/top_earlgrey/data/otp:img_rma", rom_scramble_config = "//hw/top_earlgrey/data:autogen/top_earlgrey.gen.hjson", test_cmd = "testing-not-supported", ) @@ -549,10 +549,10 @@ sim_dv( "//sw/device/lib/arch:sim_dv", ], linker_script = "//sw/device/lib/testing/test_framework:ottf_ld_silicon_creator_slot_a", - otp = "//hw/ip/otp_ctrl/data:img_rma", - otp_data_perm = "//hw/ip/otp_ctrl/data:data_perm", - otp_mmap = "//hw/ip/otp_ctrl/data:otp_ctrl_mmap.hjson", - otp_seed = "//hw/ip/otp_ctrl/data:otp_seed", + otp = "//hw/top_earlgrey/data/otp:img_rma", + otp_data_perm = "//util/design/data:data_perm", + otp_mmap = "//hw/top_earlgrey/data/otp:otp_ctrl_mmap.hjson", + otp_seed = "//util/design/data:otp_seed", rom_scramble_config = "//hw/top_earlgrey/data:autogen/top_earlgrey.gen.hjson", ) diff --git a/hw/top_earlgrey/data/otp/BUILD b/hw/top_earlgrey/data/otp/BUILD new file mode 100644 index 00000000000000..3bb3b66d572c87 --- /dev/null +++ b/hw/top_earlgrey/data/otp/BUILD @@ -0,0 +1,567 @@ +# Copyright lowRISC contributors (OpenTitan project). +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +load("@rules_pkg//pkg:mappings.bzl", "pkg_files") +load("//rules:const.bzl", "CONST", "EARLGREY_ALERTS", "EARLGREY_LOC_ALERTS") +load( + "//rules:otp.bzl", + "OTP_SIGVERIFY_FAKE_KEYS", + "STD_OTP_OVERLAYS", + "otp_alert_classification", + "otp_alert_digest", + "otp_hex", + "otp_image", + "otp_json", + "otp_partition", + "otp_per_class_bytes", + "otp_per_class_ints", + "otp_per_class_lists", +) + +package(default_visibility = ["//visibility:public"]) + +# This package must be kept in sync with get_otp_images() from //rules:otp.bzl. +# That is, each OTP image referenced by the macro should have a definition in +# this BUILD file. + +exports_files(["otp_ctrl_mmap.hjson"]) + +otp_json( + name = "otp_json_creator_sw_cfg", + partitions = [ + otp_partition( + name = "CREATOR_SW_CFG", + items = { + # Disable SPX+ signature verification. See the definition of + # `kSigverifySpxDisabledOtp` in + # sw/device/silicon_creator/lib/sigverify/spx_verify.h. + "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x8d6c8c17), + # Enable use of entropy for countermeasures. See the definition + # of `hardened_bool_t` in sw/device/lib/base/hardened.h. + "CREATOR_SW_CFG_RNG_EN": otp_hex(CONST.HARDENED_TRUE), + # ROM execution is enabled if this item is set to a non-zero + # value. + "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), + # Value to write to the cpuctrl CSR in `rom_init()`. + # See: + # https://ibex-core.readthedocs.io/en/latest/03_reference/cs_registers.html#cpu-control-register-cpuctrl + "CREATOR_SW_CFG_CPUCTRL": otp_hex(0x1), + "CREATOR_SW_CFG_JITTER_EN": otp_hex(CONST.MUBI4_FALSE), + # Value of the min_security_version_rom_ext field of the + # default boot data. + "CREATOR_SW_CFG_MIN_SEC_VER_ROM_EXT": otp_hex(0x0), + # Value of the min_security_version_bl0 field of the default + # boot data. + "CREATOR_SW_CFG_MIN_SEC_VER_BL0": otp_hex(0x0), + # Enable the default boot data in PROD and PROD_END life cycle + # states. See the definition of `hardened_bool_t` in + # sw/device/lib/base/hardened.h. + "CREATOR_SW_CFG_DEFAULT_BOOT_DATA_IN_PROD_EN": otp_hex(CONST.HARDENED_TRUE), + # Enable AST initialization. + "CREATOR_SW_CFG_AST_INIT_EN": otp_hex(CONST.MUBI4_TRUE), + # TODO: This enables a busyloop in the ROM to give time to + # trigger an RMA lifecycle transition via JTAG. The current + # value of 10 cycles is useful for test code which verifies + # the path through the ROM. This value is not useful for a + # real chip. + "CREATOR_SW_CFG_RMA_SPIN_EN": otp_hex(CONST.HARDENED_TRUE), + "CREATOR_SW_CFG_RMA_SPIN_CYCLES": "10", + # Entropy source health check default values. This needs to be + # populated when `CREATOR_SW_CFG_RNG_EN` is set to true. + "CREATOR_SW_CFG_RNG_REPCNT_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_REPCNTS_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_ADAPTP_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_ADAPTP_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_BUCKET_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_MARKOV_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_MARKOV_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_EXTHT_HI_THRESHOLDS": otp_hex(0xffffffff), + "CREATOR_SW_CFG_RNG_EXTHT_LO_THRESHOLDS": otp_hex(0x0), + "CREATOR_SW_CFG_RNG_ALERT_THRESHOLD": otp_hex(0xfffd0002), + "CREATOR_SW_CFG_RNG_HEALTH_CONFIG_DIGEST": otp_hex(0x8264cf75), + }, + ), + ], +) + +# CREATOR_SW_CFG configuration for TEST_UNLOCKED lifecycle device states. +# Configures OTP values required to enable ROM execution. All other values are +# configured with the `otp_json_creator_sw_cfg` rule. +otp_json( + name = "otp_json_creator_sw_cfg_test_unlocked", + partitions = [ + otp_partition( + name = "CREATOR_SW_CFG", + items = { + # ROM execution is enabled if this item is set to a non-zero + # value. + "CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0xffffffff), + }, + ), + ], +) + +otp_json( + name = "otp_json_owner_sw_cfg", + partitions = [ + otp_partition( + name = "OWNER_SW_CFG", + items = { + # Enable bootstrap. See `hardened_bool_t` in + # sw/device/lib/base/hardened.h. + "OWNER_SW_CFG_ROM_BOOTSTRAP_DIS": otp_hex(CONST.HARDENED_FALSE), + # Set to 0x739 to use the OTP hash measurement of the software + # readable OTP partitions as the key manager attestation binding + # value. + "OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN": otp_hex(0x0), + # Report errors without any redaction. + "OWNER_SW_CFG_ROM_ERROR_REPORTING": otp_hex(CONST.SHUTDOWN.REDACT.NONE), + # Set the enables to kAlertEnableNone. + # See `alert_enable_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_CLASS_EN": otp_per_class_bytes( + A = CONST.ALERT.NONE, + B = CONST.ALERT.NONE, + C = CONST.ALERT.NONE, + D = CONST.ALERT.NONE, + ), + # Set the escalation policies to kAlertEscalateNone. + # See `alert_escalate_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_ESCALATION": otp_per_class_bytes( + A = CONST.ALERT.ESC_NONE, + B = CONST.ALERT.ESC_NONE, + C = CONST.ALERT.ESC_NONE, + D = CONST.ALERT.ESC_NONE, + ), + # Set the classifications to kAlertClassX. + # See `alert_class_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_ALERT_CLASSIFICATION": otp_alert_classification( + alert_list = EARLGREY_ALERTS, + # The ordering is "prod, prod_end, dev, rma" + default = "X, X, X, X", + ), + + # Set the classifications to kAlertClassX. See `alert_class_t` in + # sw/device/silicon_creator/lib/drivers/alert.h + "OWNER_SW_CFG_ROM_LOCAL_ALERT_CLASSIFICATION": otp_alert_classification( + alert_list = EARLGREY_LOC_ALERTS, + # The ordering is "prod, prod_end, dev, rma" + default = "X, X, X, X", + ), + # Set the alert accumulation thresholds to 0 per class. + "OWNER_SW_CFG_ROM_ALERT_ACCUM_THRESH": otp_per_class_ints( + A = 0, + B = 0, + C = 0, + D = 0, + ), + # Set the alert timeout cycles to 0 per class. + "OWNER_SW_CFG_ROM_ALERT_TIMEOUT_CYCLES": otp_per_class_ints( + A = 0, + B = 0, + C = 0, + D = 0, + ), + # Set the alert phase cycles to 0,10,10,0xFFFFFFFF for classes + # A and B, and to all zeros for classes C and D. + "OWNER_SW_CFG_ROM_ALERT_PHASE_CYCLES": otp_per_class_lists( + A = "0x0, 0xa, 0xa, 0xffffffff", + B = "0x0, 0xa, 0xa, 0xffffffff", + C = "0x0, 0x0, 0x0, 0x0", + D = "0x0, 0x0, 0x0, 0x0", + ), + # By default, ROM_EXT's bootstrap feature should be disabled. + "OWNER_SW_CFG_ROM_EXT_BOOTSTRAP_EN": otp_hex(CONST.HARDENED_FALSE), + # Disable SRAM readback for both ret-ram and main sram. + "OWNER_SW_CFG_ROM_SRAM_READBACK_EN": otp_hex(CONST.MUBI4_FALSE << 4 | CONST.MUBI4_FALSE), + "OWNER_SW_CFG_ROM_PRESERVE_RESET_REASON_EN": otp_hex(CONST.HARDENED_FALSE), + "OWNER_SW_CFG_ROM_RESET_REASON_CHECK_VALUE": otp_hex(CONST.HARDENED_FALSE << 16 | CONST.HARDENED_FALSE), + "OWNER_SW_CFG_ROM_FLASH_ECC_EXC_HANDLER_EN": otp_hex(CONST.HARDENED_TRUE), + # By default, the sensor_ctrl should disable all sensors and mark + # alerts as recoverable. + "OWNER_SW_CFG_ROM_SENSOR_CTRL_ALERT_CFG": [ + otp_hex(0x69696969), + otp_hex(0x69696969), + otp_hex(0x69696969), + ], + }, + ), + ], +) + +otp_json( + name = "otp_json_hw_cfg0", + partitions = [ + otp_partition( + name = "HW_CFG0", + items = { + "DEVICE_ID": "", + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_hw_cfg1", + partitions = [ + otp_partition( + name = "HW_CFG1", + items = { + # Enable code execution from SRAM in PROD state. + "EN_SRAM_IFETCH": True, + # Cryptolib and chip-level tests require access to the CSRNG + # software interfaces. + "EN_CSRNG_SW_APP_READ": True, + # Use legacy behavior and disable late debug enable. + "DIS_RV_DM_LATE_DEBUG": True, + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_secret0", + partitions = [ + otp_partition( + name = "SECRET0", + items = { + "TEST_UNLOCK_TOKEN": "", + "TEST_EXIT_TOKEN": "", + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_fixed_secret0", + partitions = [ + otp_partition( + name = "SECRET0", + items = { + # These match their cSHAKE-128 (w/ "LC_CTRL" customization string) + # preimage counterpart of: 0x1111_1111_1111_1111_1111_1111_1111_1111, + # which is hardcoded into the test that use this overlay. + # The script that generated this token is: + # //sw/host/tests/manuf/manuf_cp_device_info_flash_wr:gen_test_exit_token + "TEST_UNLOCK_TOKEN": "0xde0a1f1e0d6a649fd35fadb75ec82674", + "TEST_EXIT_TOKEN": "0xde0a1f1e0d6a649fd35fadb75ec82674", + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_secret1", + partitions = [ + otp_partition( + name = "SECRET1", + items = { + "FLASH_ADDR_KEY_SEED": "", + "FLASH_DATA_KEY_SEED": "", + "SRAM_DATA_KEY_SEED": "", + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_secret2", + partitions = [ + otp_partition( + name = "SECRET2", + items = { + "RMA_TOKEN": "", + "CREATOR_ROOT_KEY_SHARE0": "", + "CREATOR_ROOT_KEY_SHARE1": "", + }, + lock = True, + ), + ], +) + +otp_json( + name = "otp_json_secret2_unlocked", + partitions = [ + otp_partition( + name = "SECRET2", + items = { + "RMA_TOKEN": "", + "CREATOR_ROOT_KEY_SHARE0": "", + "CREATOR_ROOT_KEY_SHARE1": "", + }, + lock = False, + ), + ], +) + +otp_json( + name = "otp_json_fixed_secret2", + partitions = [ + otp_partition( + name = "SECRET2", + items = { + # We aren't testing keymgr for ROM_EXT tests and we want + # reproducible bitstreams for all tests. + "RMA_TOKEN": "0x1faf9056acde66561685549803a28bec", + "CREATOR_ROOT_KEY_SHARE0": "1111111111111111111111111111111111111111111111111111111111111111", + "CREATOR_ROOT_KEY_SHARE1": "2222222222222222222222222222222222222222222222222222222222222222", + }, + lock = True, + ), + ], +) + +# OTP LC STATE-SPECIFIC CONFIGS +otp_json( + name = "otp_json_raw", + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = 0, + state = "RAW", + ), + ], + seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", +) + +[ + otp_json( + name = "otp_json_test_unlocked{}".format(i), + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = (i * 2) + 1, + state = "TEST_UNLOCKED{}".format(i), + ), + ], + seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", + ) + for i in range(0, 8) +] + +[ + otp_json( + name = "otp_json_test_locked{}".format(i), + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = (i + 1) * 2, + state = "TEST_LOCKED{}".format(i), + ), + ], + seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", + ) + for i in range(0, 7) +] + +otp_json( + name = "otp_json_dev", + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = "5", + state = "DEV", + ), + ], + seed = "85452983286950371191603618368782861611109037138182535346147818831008789508651", +) + +otp_json( + name = "otp_json_prod", + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = 5, + state = "PROD", + ), + ], + seed = "113517944176559405110937879233240229311794601727326023435899657066678782830485", +) + +otp_json( + name = "otp_json_prod_end", + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = 5, + state = "PROD_END", + ), + ], + seed = "113517944176559405110937879233240229311794601727326023435899657066678782830485", +) + +otp_json( + name = "otp_json_rma", + partitions = [ + otp_partition( + name = "LIFE_CYCLE", + count = 8, + state = "RMA", + ), + ], + seed = "52408960416235844780753299194502148156786072650816676092165912261205302331741", +) + +# Create an overlay for the alert_handler digest. +otp_alert_digest( + name = "otp_json_alert_digest_cfg", + otp_img = ":otp_json_owner_sw_cfg", +) + +# The RAW OTP image only contains the LIFE_CYCLE partition, which is set to RAW +# state. All other partitions are left with default values to ensure the state +# of OTP is representative of post-silicon scenarios. +otp_image( + name = "img_raw", + src = ":otp_json_raw", +) + +[ + # TEST_UNLOCKED images are expected to only have the SECRET0 partition + # configured, as well as ROM execution enabled in the CREATOR_SW partition. + # All other partitions are left with default values to ensure the state of + # OTP is representative of post-silicon scenarios. + otp_image( + name = "img_test_unlocked{}".format(i), + src = ":otp_json_test_unlocked{}".format(i), + overlays = [ + ":otp_json_secret0", + ":otp_json_creator_sw_cfg_test_unlocked", + ] + OTP_SIGVERIFY_FAKE_KEYS, + ) + for i in range(0, 8) +] + +[ + otp_image( + name = "img_test_locked{}".format(i), + src = ":otp_json_test_locked{}".format(i), + overlays = [ + ":otp_json_secret0", + ":otp_json_creator_sw_cfg_test_unlocked", + ], + ) + for i in range(0, 7) +] + +# Represents a TEST_UNLOCKED1 state OTP image emulating the state of the device +# after the test tokens have been applied and before running individualization. +# The following partitions are missing to ensure the image is initialized with +# values that would be present prior to the final individualization +# manufacturing stage: SECRET1, SECRET2, HW_CFG0/1. +# The following partitions are expected to be configured in previous +# manufacturing stages: SECRET0, CREATOR_SW, OWNER_SW. +otp_image( + name = "img_test_unlocked1_initial", + src = ":otp_json_test_unlocked1", + overlays = [ + ":otp_json_secret0", + ":otp_json_creator_sw_cfg", + ":otp_json_owner_sw_cfg", + ":otp_json_alert_digest_cfg", + ] + OTP_SIGVERIFY_FAKE_KEYS, +) + +otp_image( + name = "img_dev", + src = ":otp_json_dev", + overlays = STD_OTP_OVERLAYS, +) + +otp_image( + name = "img_prod", + src = ":otp_json_prod", + overlays = STD_OTP_OVERLAYS, +) + +otp_image( + name = "img_prod_end", + src = ":otp_json_prod_end", + overlays = STD_OTP_OVERLAYS, +) + +otp_image( + name = "img_rma", + src = ":otp_json_rma", + overlays = STD_OTP_OVERLAYS, +) + +# Create an execution-disabling overlay +otp_json( + name = "otp_json_exec_disabled", + partitions = [ + otp_partition( + name = "CREATOR_SW_CFG", + items = {"CREATOR_SW_CFG_ROM_EXEC_EN": otp_hex(0x0)}, + ), + ], +) + +otp_image( + name = "img_exec_disabled", + src = ":otp_json_rma", + overlays = STD_OTP_OVERLAYS + [":otp_json_exec_disabled"], +) + +# Create a bootstrap-disabling overlay +otp_json( + name = "otp_json_bootstrap_disabled", + partitions = [ + otp_partition( + name = "OWNER_SW_CFG", + items = {"OWNER_SW_CFG_ROM_BOOTSTRAP_DIS": otp_hex(CONST.HARDENED_TRUE)}, + ), + ], +) + +otp_image( + name = "img_bootstrap_disabled", + src = ":otp_json_rma", + overlays = STD_OTP_OVERLAYS + [":otp_json_bootstrap_disabled"], +) + +filegroup( + name = "otp_imgs", + srcs = [ + ":img_dev", + ":img_prod", + ":img_raw", + ":img_rma", + ":img_test_locked0", + ":img_test_locked1", + ":img_test_locked2", + ":img_test_locked3", + ":img_test_locked4", + ":img_test_locked5", + ":img_test_locked6", + ":img_test_unlocked0", + ":img_test_unlocked1", + ":img_test_unlocked1_initial", + ":img_test_unlocked2", + ":img_test_unlocked3", + ":img_test_unlocked4", + ":img_test_unlocked5", + ":img_test_unlocked6", + ":img_test_unlocked7", + ], +) + +pkg_files( + name = "package", + srcs = [":otp_imgs"], + prefix = "earlgrey/otp", +) + +# Partition used to set a fixed seed value in `otp_image_consts` targets. +otp_json( + name = "otp_json_baseline", + seed = "85452983286950371191603618368782861611109037138182535346147818831008789508651", +) diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_creator_sw_cfg.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_creator_sw_cfg.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_creator_sw_cfg.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_creator_sw_cfg.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_hw_cfg.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_hw_cfg.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_hw_cfg.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_hw_cfg.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_owner_sw_cfg.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_owner_sw_cfg.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_owner_sw_cfg.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_owner_sw_cfg.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_prod.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_prod.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_prod.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_prod.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_raw.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_raw.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_raw.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_raw.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_rma.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_rma.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_rma.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_rma.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked0.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked0.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked0.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked0.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked1.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked1.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_test_locked1.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_test_locked1.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked0.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked0.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked0.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked0.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked1.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked1.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked1.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked1.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked2.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked2.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_img_test_unlocked2.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_img_test_unlocked2.hjson diff --git a/hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson b/hw/top_earlgrey/data/otp/otp_ctrl_mmap.hjson similarity index 100% rename from hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson rename to hw/top_earlgrey/data/otp/otp_ctrl_mmap.hjson diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD b/hw/top_earlgrey/data/otp/sival_skus/BUILD similarity index 100% rename from hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD rename to hw/top_earlgrey/data/otp/sival_skus/BUILD diff --git a/hw/top_earlgrey/dv/chip_sim_cfg.hjson b/hw/top_earlgrey/dv/chip_sim_cfg.hjson index 4a03f59d24ffeb..feee83d98c5e33 100644 --- a/hw/top_earlgrey/dv/chip_sim_cfg.hjson +++ b/hw/top_earlgrey/dv/chip_sim_cfg.hjson @@ -230,7 +230,7 @@ "{tool}_dpi_build_opts"] // Setup for generating OTP images. - gen_otp_images_cfg_dir: "{proj_root}/hw/ip/otp_ctrl/data" + gen_otp_images_cfg_dir: "{proj_root}/hw/top_earlgrey/data/otp" gen_otp_images_cmd: "{proj_root}/util/design/gen-otp-img.py" gen_otp_images_cmd_opts: ["--quiet", "--img-seed {seed}", diff --git a/release/BUILD b/release/BUILD index 069506ef4e8d76..4919aeb0b9ee83 100644 --- a/release/BUILD +++ b/release/BUILD @@ -14,7 +14,7 @@ pkg_tar( "//hw:package", "//hw/bitstream:package", "//hw/bitstream/vivado:package", - "//hw/ip/otp_ctrl/data:package", + "//hw/top_earlgrey/data/otp:package", "//sw/device/examples/hello_world:package", "//sw/device/lib/testing/test_rom:package", "//sw/device/silicon_creator/rom:package", diff --git a/rules/lc.bzl b/rules/lc.bzl index 3f27e8381fd3bb..10e39887a10e3f 100644 --- a/rules/lc.bzl +++ b/rules/lc.bzl @@ -55,7 +55,7 @@ lc_raw_unlock_token = rule( doc = "Life-cycle state definition file in Hjson format.", ), "lc_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:lc_seed", + default = "//util/design/data:lc_seed", doc = "Configuration override seed used to randomize LC netlist constants.", ), "_tool": attr.label( diff --git a/rules/opentitan/legacy.bzl b/rules/opentitan/legacy.bzl index 6458665d4bec1b..d47f25197dcc13 100644 --- a/rules/opentitan/legacy.bzl +++ b/rules/opentitan/legacy.bzl @@ -97,15 +97,15 @@ scramble_flash_vmem = rv_rule( "otp": attr.label(allow_single_file = True), "otp_mmap": attr.label( allow_single_file = True, - default = "//hw/ip/otp_ctrl/data:otp_ctrl_mmap.hjson", + default = "//hw/top_earlgrey/data/otp:otp_ctrl_mmap.hjson", doc = "OTP memory map configuration HJSON file.", ), "otp_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:otp_seed", + default = "//util/design/data:otp_seed", doc = "Configuration override seed used to randomize OTP netlist constants.", ), "otp_data_perm": attr.label( - default = "//hw/ip/otp_ctrl/data:data_perm", + default = "//util/design/data:data_perm", doc = "Option to indicate OTP VMEM file bit layout.", ), "_tool": attr.label( diff --git a/rules/otp.bzl b/rules/otp.bzl index de2cbdb58666f1..78b09d4c089e5b 100644 --- a/rules/otp.bzl +++ b/rules/otp.bzl @@ -44,35 +44,35 @@ load("//rules/opentitan:toolchain.bzl", "LOCALTOOLS_TOOLCHAIN") def get_otp_images(): """Returns a list of (otp_name, img_target) tuples. - Each tuple corresponds to an OTP image defined in //hw/ip/otp_ctrl/data. The + Each tuple corresponds to an OTP image defined in //util/design/data. The otp_name is a short, unique suffix of the image target, e.g. "rma". The img_target is the full path of the OTP image target. """ img_targets = [ - "//hw/ip/otp_ctrl/data:img_dev", - "//hw/ip/otp_ctrl/data:img_rma", - "//hw/ip/otp_ctrl/data:img_test_locked0", - "//hw/ip/otp_ctrl/data:img_test_locked1", - "//hw/ip/otp_ctrl/data:img_test_locked2", - "//hw/ip/otp_ctrl/data:img_test_locked3", - "//hw/ip/otp_ctrl/data:img_test_locked4", - "//hw/ip/otp_ctrl/data:img_test_locked5", - "//hw/ip/otp_ctrl/data:img_test_locked6", - "//hw/ip/otp_ctrl/data:img_test_unlocked0", - "//hw/ip/otp_ctrl/data:img_test_unlocked1", - "//hw/ip/otp_ctrl/data:img_test_unlocked1_initial", - "//hw/ip/otp_ctrl/data:img_test_unlocked2", - "//hw/ip/otp_ctrl/data:img_test_unlocked3", - "//hw/ip/otp_ctrl/data:img_test_unlocked4", - "//hw/ip/otp_ctrl/data:img_test_unlocked5", - "//hw/ip/otp_ctrl/data:img_test_unlocked6", - "//hw/ip/otp_ctrl/data:img_test_unlocked7", - "//hw/ip/otp_ctrl/data:img_prod", - "//hw/ip/otp_ctrl/data:img_prod_end", - "//hw/ip/otp_ctrl/data:img_exec_disabled", - "//hw/ip/otp_ctrl/data:img_bootstrap_disabled", - "//hw/ip/otp_ctrl/data:img_raw", + "//hw/top_earlgrey/data/otp:img_dev", + "//hw/top_earlgrey/data/otp:img_rma", + "//hw/top_earlgrey/data/otp:img_test_locked0", + "//hw/top_earlgrey/data/otp:img_test_locked1", + "//hw/top_earlgrey/data/otp:img_test_locked2", + "//hw/top_earlgrey/data/otp:img_test_locked3", + "//hw/top_earlgrey/data/otp:img_test_locked4", + "//hw/top_earlgrey/data/otp:img_test_locked5", + "//hw/top_earlgrey/data/otp:img_test_locked6", + "//hw/top_earlgrey/data/otp:img_test_unlocked0", + "//hw/top_earlgrey/data/otp:img_test_unlocked1", + "//hw/top_earlgrey/data/otp:img_test_unlocked1_initial", + "//hw/top_earlgrey/data/otp:img_test_unlocked2", + "//hw/top_earlgrey/data/otp:img_test_unlocked3", + "//hw/top_earlgrey/data/otp:img_test_unlocked4", + "//hw/top_earlgrey/data/otp:img_test_unlocked5", + "//hw/top_earlgrey/data/otp:img_test_unlocked6", + "//hw/top_earlgrey/data/otp:img_test_unlocked7", + "//hw/top_earlgrey/data/otp:img_prod", + "//hw/top_earlgrey/data/otp:img_prod_end", + "//hw/top_earlgrey/data/otp:img_exec_disabled", + "//hw/top_earlgrey/data/otp:img_bootstrap_disabled", + "//hw/top_earlgrey/data/otp:img_raw", ] out = [] @@ -274,23 +274,23 @@ otp_image = rule( ), "mmap_def": attr.label( allow_single_file = True, - default = "//hw/ip/otp_ctrl/data:otp_ctrl_mmap.hjson", + default = "//hw/top_earlgrey/data/otp:otp_ctrl_mmap.hjson", doc = "OTP Controller memory map file in Hjson format.", ), "img_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:img_seed", + default = "//util/design/data:img_seed", doc = "Configuration override seed used to randomize field values in an OTP image.", ), "lc_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:lc_seed", + default = "//util/design/data:lc_seed", doc = "Configuration override seed used to randomize LC netlist constants.", ), "otp_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:otp_seed", + default = "//util/design/data:otp_seed", doc = "Configuration override seed used to randomize OTP netlist constants.", ), "data_perm": attr.label( - default = "//hw/ip/otp_ctrl/data:data_perm", + default = "//util/design/data:data_perm", doc = "Post-processing option to trigger permuting bit positions in memfile.", ), "verbose": attr.bool( @@ -352,19 +352,19 @@ otp_image_consts = rule( ), "mmap_def": attr.label( allow_single_file = True, - default = "//hw/ip/otp_ctrl/data:otp_ctrl_mmap.hjson", + default = "//hw/top_earlgrey/data/otp:otp_ctrl_mmap.hjson", doc = "OTP Controller memory map file in Hjson format.", ), "img_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:img_seed", + default = "//util/design/data:img_seed", doc = "Configuration override seed used to randomize field values in an OTP image.", ), "lc_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:lc_seed", + default = "//util/design/data:lc_seed", doc = "Configuration override seed used to randomize LC netlist constants.", ), "otp_seed": attr.label( - default = "//hw/ip/otp_ctrl/data:otp_seed", + default = "//util/design/data:otp_seed", doc = "Configuration override seed used to randomize OTP netlist constants.", ), "c_template": attr.label( @@ -395,19 +395,19 @@ OTP_SIGVERIFY_FAKE_KEYS = [ # Additional overlays can be applied on top to further customize the OTP. # This set overlays does not include any of the SECRET[0-2] partitions. STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS = OTP_SIGVERIFY_FAKE_KEYS + [ - "//hw/ip/otp_ctrl/data:otp_json_creator_sw_cfg", - "//hw/ip/otp_ctrl/data:otp_json_owner_sw_cfg", - "//hw/ip/otp_ctrl/data:otp_json_alert_digest_cfg", - "//hw/ip/otp_ctrl/data:otp_json_hw_cfg0", - "//hw/ip/otp_ctrl/data:otp_json_hw_cfg1", + "//hw/top_earlgrey/data/otp:otp_json_creator_sw_cfg", + "//hw/top_earlgrey/data/otp:otp_json_owner_sw_cfg", + "//hw/top_earlgrey/data/otp:otp_json_alert_digest_cfg", + "//hw/top_earlgrey/data/otp:otp_json_hw_cfg0", + "//hw/top_earlgrey/data/otp:otp_json_hw_cfg1", ] # This is a set of overlays to generate a generic, standard OTP image. # Additional overlays can be applied on top to further customize the OTP. STD_OTP_OVERLAYS = STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS + [ - "//hw/ip/otp_ctrl/data:otp_json_secret0", - "//hw/ip/otp_ctrl/data:otp_json_secret1", - "//hw/ip/otp_ctrl/data:otp_json_secret2_unlocked", + "//hw/top_earlgrey/data/otp:otp_json_secret0", + "//hw/top_earlgrey/data/otp:otp_json_secret1", + "//hw/top_earlgrey/data/otp:otp_json_secret2_unlocked", ] def otp_hex(v): diff --git a/sw/device/silicon_creator/manuf/README.md b/sw/device/silicon_creator/manuf/README.md index 253e305601f3a7..55a231e6138cb9 100644 --- a/sw/device/silicon_creator/manuf/README.md +++ b/sw/device/silicon_creator/manuf/README.md @@ -16,7 +16,7 @@ ## Manufacturing Stages The following section describes the EarlGrey manufacturing stages with respect -to the state of OTP. See `//hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD` +to the state of OTP. See `//hw/top_earlgrey/data/otp/sival_skus/BUILD` for more details. ### `MANUF_EMPTY` diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD index 825022bfaf72c0..ffe873eacb8dc4 100644 --- a/sw/device/silicon_creator/manuf/base/BUILD +++ b/sw/device/silicon_creator/manuf/base/BUILD @@ -136,7 +136,7 @@ opentitan_test( binaries = {":sram_cp_provision": "sram_cp_provision"}, changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_unlocked0_manuf_empty", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked0_manuf_empty", tags = ["manuf"], test_cmd = _CP_PROVISIONING_CMD_ARGS, test_harness = _CP_PROVISIONING_HARNESS, @@ -164,7 +164,7 @@ opentitan_test( }, changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data:img_raw", + otp = "//hw/top_earlgrey/data/otp:img_raw", tags = ["manuf"], test_cmd = """ --provisioning-sram-elf={sram_cp_provision} @@ -396,7 +396,7 @@ filegroup( changes_otp = True, data = config["ca_data"], needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_locked0_manuf_initialized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_locked0_manuf_initialized", owner_slot_b = OWNER_SLOTS["b"], rom_ext_slot_a = SLOTS["a"], rom_ext_slot_b = SLOTS["b"], diff --git a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl index a2d7c98dc76af3..6b43499dec6778 100644 --- a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl +++ b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl @@ -12,7 +12,7 @@ load( # individualization binaries that configure OTP with the constants defined in # these bazel targets. EARLGREY_OTP_CFGS = { - "sival": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_consts", + "sival": "//hw/top_earlgrey/data/otp/sival_skus:otp_consts", } | EXT_EARLGREY_OTP_CFGS # A dictionary of SKU configurations that will be used to generate FT diff --git a/sw/device/silicon_creator/manuf/lib/BUILD b/sw/device/silicon_creator/manuf/lib/BUILD index 88782edcb016a8..0dc5e25fdc359f 100644 --- a/sw/device/silicon_creator/manuf/lib/BUILD +++ b/sw/device/silicon_creator/manuf/lib/BUILD @@ -145,7 +145,7 @@ opentitan_test( }, fpga = fpga_params( changes_otp = True, - otp = "//hw/ip/otp_ctrl/data:img_test_unlocked1", + otp = "//hw/top_earlgrey/data/otp:img_test_unlocked1", tags = ["manuf"], ), deps = [ @@ -209,7 +209,7 @@ opentitan_test( }, fpga = fpga_params( changes_otp = True, - otp = "//hw/ip/otp_ctrl/data:img_test_unlocked1", + otp = "//hw/top_earlgrey/data/otp:img_test_unlocked1", tags = ["manuf"], test_cmd = """ --bootstrap={firmware} @@ -273,7 +273,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_individualized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_individualized", tags = [ "lc_dev", "manuf", diff --git a/sw/device/silicon_creator/manuf/tests/BUILD b/sw/device/silicon_creator/manuf/tests/BUILD index 9c48ed497413ad..ff733016252fbd 100644 --- a/sw/device/silicon_creator/manuf/tests/BUILD +++ b/sw/device/silicon_creator/manuf/tests/BUILD @@ -79,7 +79,7 @@ _MANUF_TEST_LOCKED_KEY = None changes_otp = True, lc_state = lc_state, # will be expanded in test_cmd needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data:img_{}".format(lc_state.lower()), + otp = "//hw/top_earlgrey/data/otp:img_{}".format(lc_state.lower()), tags = ["manuf"], test_cmd = ( "" if ( @@ -118,7 +118,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data:img_raw", + otp = "//hw/top_earlgrey/data/otp:img_raw", tags = ["manuf"], test_harness = "//sw/host/tests/manuf/manuf_cp_unlock_raw", ), @@ -140,7 +140,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data:img_raw", + otp = "//hw/top_earlgrey/data/otp:img_raw", tags = ["manuf"], test_harness = "//sw/host/tests/manuf/manuf_cp_volatile_unlock_raw", ), @@ -158,10 +158,10 @@ opentitan_test( [ otp_image( name = "otp_img_rom_exec_disabled_test_unlocked{}".format(i), - src = "//hw/ip/otp_ctrl/data:otp_json_test_unlocked{}".format(i), + src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked{}".format(i), overlays = [ - "//hw/ip/otp_ctrl/data:otp_json_fixed_secret0", - "//hw/ip/otp_ctrl/data:otp_json_exec_disabled", + "//hw/top_earlgrey/data/otp:otp_json_fixed_secret0", + "//hw/top_earlgrey/data/otp:otp_json_exec_disabled", ] + OTP_SIGVERIFY_FAKE_KEYS, visibility = ["//visibility:public"], ) @@ -451,7 +451,7 @@ opentitan_test( otp_image( name = "otp_img_otp_ctrl_functest", - src = "//hw/ip/otp_ctrl/data:otp_json_test_unlocked0", + src = "//hw/top_earlgrey/data/otp:otp_json_test_unlocked0", visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/BUILD b/sw/device/silicon_creator/rom/e2e/BUILD index c266c65ca7b923..752056248de5df 100644 --- a/sw/device/silicon_creator/rom/e2e/BUILD +++ b/sw/device/silicon_creator/rom/e2e/BUILD @@ -401,7 +401,7 @@ opentitan_test( "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data:img_dev", + otp = "//hw/top_earlgrey/data/otp:img_dev", # TODO(lowRISC/opentitan#13603): Remove this "manual" tag when the # bitstream target can fetch pre-spliced bitstream from GCP. tags = ["manual"], diff --git a/sw/device/silicon_creator/rom/e2e/boot_data_recovery/BUILD b/sw/device/silicon_creator/rom/e2e/boot_data_recovery/BUILD index e1867d78cfbf0f..12532a22d0a8f8 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_data_recovery/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_data_recovery/BUILD @@ -110,7 +110,7 @@ BOOT_DATA_RECOVERY_CASES = [ case["lc_state"], case["default_boot_data"], ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(case["lc_state"]), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(case["lc_state"]), overlays = STD_OTP_OVERLAYS + [":boot_data_recovery_creator_sw_cfg_{}_{}".format( case["lc_state"], case["default_boot_data"], diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_bad_manifest/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_bad_manifest/BUILD index 5776abadc0be5b..f0eb5b888c680c 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_bad_manifest/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_bad_manifest/BUILD @@ -206,7 +206,7 @@ BOOT_POLICY_BAD_MANIFEST_CASES = [ lc_state, sec_ver, ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_sec_ver_{}".format(sec_ver)], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_big_image/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_big_image/BUILD index bd43dd46720ed7..3059b8c3db5c0b 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_big_image/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_big_image/BUILD @@ -39,7 +39,7 @@ BOOT_POLICY_BIG_IMAGE_CASES = [ "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data:img_{}".format(lc_state), + otp = "//hw/top_earlgrey/data/otp:img_{}".format(lc_state), tags = maybe_skip_in_ci(lc_state_val), ), local_defines = ["ARRAY_SIZE={}".format(t["array_size"])], diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/BUILD index 8d9a03bc2761e7..5eda84085cd7fe 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/BUILD @@ -140,14 +140,14 @@ otp_json( otp_image( name = "otp_img_boot_policy_flash_ecc_error", - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [":otp_json_flash_data_cfg_default_scr_and_ecc_enabled"], visibility = ["//visibility:private"], ) otp_image( name = "otp_img_flash_exc_handler_disabled", - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [ ":otp_json_flash_data_cfg_default_scr_and_ecc_enabled", ":otp_json_flash_exc_handler_disabled", diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_newer/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_newer/BUILD index 318f36ac62a162..452b0717ebfbfc 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_newer/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_newer/BUILD @@ -106,7 +106,7 @@ BOOT_POLICY_NEWER_CASES = [ [ otp_image( name = "otp_img_boot_policy_newer_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS, ) for lc_state, _ in get_lc_items() diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_rollback/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_rollback/BUILD index 20b7612e06ac58..76105139a85289 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_rollback/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_rollback/BUILD @@ -79,7 +79,7 @@ otp_json( [ otp_image( name = "otp_img_boot_policy_rollback_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_boot_policy_rollback"], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/boot_policy_valid/BUILD b/sw/device/silicon_creator/rom/e2e/boot_policy_valid/BUILD index b690786d78ba2f..dc54b0b33af1a0 100644 --- a/sw/device/silicon_creator/rom/e2e/boot_policy_valid/BUILD +++ b/sw/device/silicon_creator/rom/e2e/boot_policy_valid/BUILD @@ -51,7 +51,7 @@ BOOT_POLICY_VALID_CASES = [ [ otp_image( name = "otp_img_boot_policy_valid_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS, ) for lc_state, _ in get_lc_items() diff --git a/sw/device/silicon_creator/rom/e2e/bootstrap/BUILD b/sw/device/silicon_creator/rom/e2e/bootstrap/BUILD index 3fe5f8613bab66..f2403e0f42806c 100644 --- a/sw/device/silicon_creator/rom/e2e/bootstrap/BUILD +++ b/sw/device/silicon_creator/rom/e2e/bootstrap/BUILD @@ -56,7 +56,7 @@ otp_json( # lifecycle state in order to test the transition from PROD to RMA. otp_image( name = "otp_img_bootstrap_rma", - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [ ":otp_json_bootstrap_rma", ], @@ -103,7 +103,7 @@ opentitan_test( binaries = { "//sw/device/silicon_creator/rom/e2e:new_empty_test_slot_a": "firmware", }, - otp = "//hw/ip/otp_ctrl/data:img_bootstrap_disabled", + otp = "//hw/top_earlgrey/data/otp:img_bootstrap_disabled", test_harness = "//sw/host/tests/rom/e2e_bootstrap_disabled", ), manifest = None, diff --git a/sw/device/silicon_creator/rom/e2e/epmp_init/BUILD b/sw/device/silicon_creator/rom/e2e/epmp_init/BUILD index 887c6c3effadef..83e8eec4a075f7 100644 --- a/sw/device/silicon_creator/rom/e2e/epmp_init/BUILD +++ b/sw/device/silicon_creator/rom/e2e/epmp_init/BUILD @@ -33,7 +33,7 @@ package(default_visibility = ["//visibility:public"]) "//hw/top_earlgrey:sim_verilator": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data:img_" + lc_state, + otp = "//hw/top_earlgrey/data/otp:img_" + lc_state, tags = maybe_skip_in_ci(lc_state_val), ), local_defines = [ @@ -46,7 +46,7 @@ package(default_visibility = ["//visibility:public"]) manifest = "//sw/device/silicon_creator/rom_ext:manifest", verilator = verilator_params( timeout = "eternal", - otp = "//hw/ip/otp_ctrl/data:img_" + lc_state, + otp = "//hw/top_earlgrey/data/otp:img_" + lc_state, rom = "//sw/device/silicon_creator/rom:mask_rom", ), deps = [ diff --git a/sw/device/silicon_creator/rom/e2e/immutable_rom_ext_section/BUILD b/sw/device/silicon_creator/rom/e2e/immutable_rom_ext_section/BUILD index 221d5061f680f4..0c454b43286851 100644 --- a/sw/device/silicon_creator/rom/e2e/immutable_rom_ext_section/BUILD +++ b/sw/device/silicon_creator/rom/e2e/immutable_rom_ext_section/BUILD @@ -193,7 +193,7 @@ IMMUTABLE_PARTITION_TEST_CASES = [ s["name"], ), testonly = True, - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [ ":otp_json_immutable_rom_ext_{}_{}".format( t["name"], diff --git a/sw/device/silicon_creator/rom/e2e/jtag_inject/BUILD b/sw/device/silicon_creator/rom/e2e/jtag_inject/BUILD index b2946d1e6b153f..23d425aa7e1cfc 100644 --- a/sw/device/silicon_creator/rom/e2e/jtag_inject/BUILD +++ b/sw/device/silicon_creator/rom/e2e/jtag_inject/BUILD @@ -25,8 +25,8 @@ package(default_visibility = ["//visibility:public"]) [ otp_image( name = "img_{}_exec_disabled".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_" + lc_state, - overlays = STD_OTP_OVERLAYS + ["//hw/ip/otp_ctrl/data:otp_json_exec_disabled"], + src = "//hw/top_earlgrey/data/otp:otp_json_" + lc_state, + overlays = STD_OTP_OVERLAYS + ["//hw/top_earlgrey/data/otp:otp_json_exec_disabled"], visibility = ["//visibility:private"], ) for lc_state, _ in get_lc_items() diff --git a/sw/device/silicon_creator/rom/e2e/keymgr/BUILD b/sw/device/silicon_creator/rom/e2e/keymgr/BUILD index 53f592056d25e1..2422b66ddc5266 100644 --- a/sw/device/silicon_creator/rom/e2e/keymgr/BUILD +++ b/sw/device/silicon_creator/rom/e2e/keymgr/BUILD @@ -58,7 +58,7 @@ rom_e2e_keymgr_init_configs = [ [ otp_image( name = "otp_img_keymgr_{}".format(config["name"]), - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":otp_json_keymgr_{}".format(config["name"])], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/presigned_images/BUILD b/sw/device/silicon_creator/rom/e2e/presigned_images/BUILD index 4d923e12689893..6c1cae4f1dc2e8 100644 --- a/sw/device/silicon_creator/rom/e2e/presigned_images/BUILD +++ b/sw/device/silicon_creator/rom/e2e/presigned_images/BUILD @@ -23,7 +23,7 @@ vmem_file( scramble_flash_vmem( name = "rom_e2e_self_hash_sim_dv_scr_vmem64", src = ":rom_e2e_self_hash_sim_dv_vmem64", - otp = "//hw/ip/otp_ctrl/data:img_test_unlocked0", + otp = "//hw/top_earlgrey/data/otp:img_test_unlocked0", ) [ diff --git a/sw/device/silicon_creator/rom/e2e/release/BUILD b/sw/device/silicon_creator/rom/e2e/release/BUILD index 3c90f1f6ef4584..35a74c4a21cb7e 100644 --- a/sw/device/silicon_creator/rom/e2e/release/BUILD +++ b/sw/device/silicon_creator/rom/e2e/release/BUILD @@ -18,7 +18,7 @@ package(default_visibility = ["//visibility:public"]) otp_image( name = "otp_img_sigverify_spx_prod", - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [ "//sw/device/silicon_creator/rom/e2e/sigverify_spx:otp_json_sigverify_spx_enabled_true", ], diff --git a/sw/device/silicon_creator/rom/e2e/reset_reason/BUILD b/sw/device/silicon_creator/rom/e2e/reset_reason/BUILD index 1d2f84c29dc820..05914b239a9a23 100644 --- a/sw/device/silicon_creator/rom/e2e/reset_reason/BUILD +++ b/sw/device/silicon_creator/rom/e2e/reset_reason/BUILD @@ -39,7 +39,7 @@ otp_json( # OTP images that enable the watchdog. otp_image( name = "otp_img_reset_reason", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":otp_json_reset_reason"], ) @@ -131,7 +131,7 @@ RESET_CORRUPTION_SCENARIOS = [ [ otp_image( name = "otp_img_reset_reason_{}".format(t["name"]), - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [ ":otp_json_reset_reason_{}".format(t["name"]), ], diff --git a/sw/device/silicon_creator/rom/e2e/retention_ram/BUILD b/sw/device/silicon_creator/rom/e2e/retention_ram/BUILD index 5ae205a0049eb7..5c62ac7b424c64 100644 --- a/sw/device/silicon_creator/rom/e2e/retention_ram/BUILD +++ b/sw/device/silicon_creator/rom/e2e/retention_ram/BUILD @@ -41,7 +41,7 @@ otp_json( otp_image( name = "otp_img_reset_ret_ram", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":otp_json_reset_ret_ram_overlay"], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/rom_e2e_bootstrap_entry/BUILD b/sw/device/silicon_creator/rom/e2e/rom_e2e_bootstrap_entry/BUILD index 0f89cce2d33499..4af2aef407cc31 100644 --- a/sw/device/silicon_creator/rom/e2e/rom_e2e_bootstrap_entry/BUILD +++ b/sw/device/silicon_creator/rom/e2e/rom_e2e_bootstrap_entry/BUILD @@ -27,7 +27,7 @@ package(default_visibility = ["//visibility:public"]) [ otp_image( name = "otp_img_e2e_bootstrap_entry_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS, ) for lc_state, _ in get_lc_items() diff --git a/sw/device/silicon_creator/rom/e2e/rom_ext_upgrade_interrupt/BUILD b/sw/device/silicon_creator/rom/e2e/rom_ext_upgrade_interrupt/BUILD index c85c7a233348ac..c56773eec8f7d2 100644 --- a/sw/device/silicon_creator/rom/e2e/rom_ext_upgrade_interrupt/BUILD +++ b/sw/device/silicon_creator/rom/e2e/rom_ext_upgrade_interrupt/BUILD @@ -51,7 +51,7 @@ otp_json( [ otp_image( name = "otp_img_rom_ext_upgrade_interrupt_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_rom_ext_upgrade_interrupt"], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/shutdown_alert/BUILD b/sw/device/silicon_creator/rom/e2e/shutdown_alert/BUILD index 3a729c57aea8d3..500d49ec191154 100644 --- a/sw/device/silicon_creator/rom/e2e/shutdown_alert/BUILD +++ b/sw/device/silicon_creator/rom/e2e/shutdown_alert/BUILD @@ -59,7 +59,7 @@ ALERT_LC_STATES = get_lc_items( "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data:img_{}".format(lc_state), + otp = "//hw/top_earlgrey/data/otp:img_{}".format(lc_state), tags = maybe_skip_in_ci(lc_state_val), ), local_defines = [ @@ -156,7 +156,7 @@ otp_alert_digest( [ otp_image( name = "otp_img_shutdown_alert_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [ ":shutdown_alert_owner_sw_cfg", ":shutdown_alert_digest_cfg", diff --git a/sw/device/silicon_creator/rom/e2e/shutdown_output/BUILD b/sw/device/silicon_creator/rom/e2e/shutdown_output/BUILD index e11ff80051f575..13db37171ed0b6 100644 --- a/sw/device/silicon_creator/rom/e2e/shutdown_output/BUILD +++ b/sw/device/silicon_creator/rom/e2e/shutdown_output/BUILD @@ -42,7 +42,7 @@ package(default_visibility = ["//visibility:public"]) [ otp_image( name = "otp_img_shutdown_output_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS, ) for lc_state, _ in get_lc_items() diff --git a/sw/device/silicon_creator/rom/e2e/shutdown_redact/BUILD b/sw/device/silicon_creator/rom/e2e/shutdown_redact/BUILD index 46fea51132fe5d..0dad5bb3c6d394 100644 --- a/sw/device/silicon_creator/rom/e2e/shutdown_redact/BUILD +++ b/sw/device/silicon_creator/rom/e2e/shutdown_redact/BUILD @@ -67,7 +67,7 @@ REDACT.update({"INVALID": 0x0}) lc_state, redact.lower(), ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_{}_overlay".format(redact.lower())], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/shutdown_watchdog/BUILD b/sw/device/silicon_creator/rom/e2e/shutdown_watchdog/BUILD index afb8cf2e367d95..3bdd977604a6a0 100644 --- a/sw/device/silicon_creator/rom/e2e/shutdown_watchdog/BUILD +++ b/sw/device/silicon_creator/rom/e2e/shutdown_watchdog/BUILD @@ -82,7 +82,7 @@ SHUTDOWN_WATCHDOG_CASES = [ t["lc_state"], t["bite_threshold"], ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(t["lc_state"]), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(t["lc_state"]), overlays = STD_OTP_OVERLAYS + [ ":otp_json_shutdown_watchdog_{}_{}".format( t["lc_state"], diff --git a/sw/device/silicon_creator/rom/e2e/sigverify_always/BUILD b/sw/device/silicon_creator/rom/e2e/sigverify_always/BUILD index a44af4cf94ee07..9f26b6cd7bdc24 100644 --- a/sw/device/silicon_creator/rom/e2e/sigverify_always/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sigverify_always/BUILD @@ -39,7 +39,7 @@ package(default_visibility = ["//visibility:public"]) [otp_image( name = "otp_img_sigverify_always_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS, ) for lc_state, _ in get_lc_items()] diff --git a/sw/device/silicon_creator/rom/e2e/sigverify_key_type/BUILD b/sw/device/silicon_creator/rom/e2e/sigverify_key_type/BUILD index 0860fcbd3d66fa..10e17a51ee43bf 100644 --- a/sw/device/silicon_creator/rom/e2e/sigverify_key_type/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sigverify_key_type/BUILD @@ -125,7 +125,7 @@ otp_json( [ otp_image( name = "otp_img_sigverify_key_type_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [ ":otp_json_enable_spx", ], diff --git a/sw/device/silicon_creator/rom/e2e/sigverify_key_validity/BUILD b/sw/device/silicon_creator/rom/e2e/sigverify_key_validity/BUILD index 3eacfa4f567d88..1670a4c5b34166 100644 --- a/sw/device/silicon_creator/rom/e2e/sigverify_key_validity/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sigverify_key_validity/BUILD @@ -197,7 +197,7 @@ KEY_VALIDITY_TESTS = [ test["name"], lc_state, ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [ ":otp_json_sigverify_key_validity_{}".format(test["name"]), ], diff --git a/sw/device/silicon_creator/rom/e2e/sigverify_spx/BUILD b/sw/device/silicon_creator/rom/e2e/sigverify_spx/BUILD index a03832f4683164..94f1f17c14c2b3 100644 --- a/sw/device/silicon_creator/rom/e2e/sigverify_spx/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sigverify_spx/BUILD @@ -136,7 +136,7 @@ opentitan_binary( lc_state, t["name"], ), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [ ":otp_json_sigverify_spx_{}".format(t["name"]), ], diff --git a/sw/device/silicon_creator/rom/e2e/sigverify_usage_constraints/BUILD b/sw/device/silicon_creator/rom/e2e/sigverify_usage_constraints/BUILD index 2faf80c74c7cc7..6dffdc4b1a992b 100644 --- a/sw/device/silicon_creator/rom/e2e/sigverify_usage_constraints/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sigverify_usage_constraints/BUILD @@ -79,7 +79,7 @@ otp_json( [ otp_image( name = "otp_img_sigverify_usage_constraints_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_set_usage_constraint_params_overlay"], visibility = ["//visibility:private"], ) diff --git a/sw/device/silicon_creator/rom/e2e/sram/BUILD b/sw/device/silicon_creator/rom/e2e/sram/BUILD index 598768e68282ad..bde5756517cf7d 100644 --- a/sw/device/silicon_creator/rom/e2e/sram/BUILD +++ b/sw/device/silicon_creator/rom/e2e/sram/BUILD @@ -38,7 +38,7 @@ otp_json( # OTP images that enable the watchdog. otp_image( name = "otp_img_readback_enable", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":otp_json_readback_enable"], ) diff --git a/sw/device/silicon_creator/rom/e2e/watchdog/BUILD b/sw/device/silicon_creator/rom/e2e/watchdog/BUILD index f3140c27aaff8e..c70853d8adaf3b 100644 --- a/sw/device/silicon_creator/rom/e2e/watchdog/BUILD +++ b/sw/device/silicon_creator/rom/e2e/watchdog/BUILD @@ -50,7 +50,7 @@ otp_json( [ otp_image( name = "otp_img_watchdog_enable_{}".format(lc_state), - src = "//hw/ip/otp_ctrl/data:otp_json_{}".format(lc_state), + src = "//hw/top_earlgrey/data/otp:otp_json_{}".format(lc_state), overlays = STD_OTP_OVERLAYS + [":otp_json_watchdog_enable"], ) for lc_state, _ in get_lc_items() @@ -109,7 +109,7 @@ WATCHDOG_TEST_CASES = { ] WATCHDOG_OTP = { - "disable": "//hw/ip/otp_ctrl/data:img_{}", + "disable": "//hw/top_earlgrey/data/otp:img_{}", "enable": ":otp_img_watchdog_enable_{}", } diff --git a/sw/device/silicon_creator/rom_ext/e2e/BUILD b/sw/device/silicon_creator/rom_ext/e2e/BUILD index 1ffb09d8d3612c..7c06de521cf845 100644 --- a/sw/device/silicon_creator/rom_ext/e2e/BUILD +++ b/sw/device/silicon_creator/rom_ext/e2e/BUILD @@ -31,7 +31,7 @@ otp_json( otp_image( name = "otp_img_secret2_locked_rma", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [ ":otp_json_secret2_locked", ], diff --git a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD index 9058ca970a5289..dd6b9c068b3a95 100644 --- a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD +++ b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD @@ -46,7 +46,7 @@ otp_json_immutable_rom_ext( otp_image( name = "otp_img_with_nop_imm_romext_enabled", testonly = True, - src = "//hw/ip/otp_ctrl/data:otp_json_prod", + src = "//hw/top_earlgrey/data/otp:otp_json_prod", overlays = STD_OTP_OVERLAYS + [ "//sw/device/silicon_creator/rom_ext/e2e:otp_json_secret2_locked", ":otp_json_with_nop_imm_romext_enabled", diff --git a/sw/device/tests/BUILD b/sw/device/tests/BUILD index e21e86f5d6708e..645ee18077436b 100644 --- a/sw/device/tests/BUILD +++ b/sw/device/tests/BUILD @@ -731,7 +731,7 @@ opentitan_test( {"//hw/top_earlgrey:fpga_cw310_sival": None}, ), fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", ), verilator = verilator_params(tags = ["broken"]), deps = [ @@ -748,7 +748,7 @@ opentitan_test( "//hw/top_earlgrey:sim_verilator": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", # TODO(lowrisc/opentitan#19620): fpga doesn't support lowering main clk frequency tags = ["broken"], ), @@ -1658,7 +1658,7 @@ _FLASH_CTRL_INFO_ACCESS_LC_STATES = get_lc_items( "//hw/top_earlgrey:fpga_cw310_sival": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data:img_{}".format(lc_state), + otp = "//hw/top_earlgrey/data/otp:img_{}".format(lc_state), ), deps = [ "//hw/top_earlgrey/sw/autogen:top_earlgrey", @@ -1689,13 +1689,13 @@ test_suite( name = "flash_ctrl_info_access_lc_{}_personalized".format(lc_state), srcs = ["flash_ctrl_info_access_lc.c"], dv = dv_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_{}_manuf_personalized".format(lc_state), + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_{}_manuf_personalized".format(lc_state), ), exec_env = { "//hw/top_earlgrey:fpga_cw310_sival": None, }, fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_{}_manuf_personalized".format(lc_state), + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_{}_manuf_personalized".format(lc_state), ), deps = [ "//hw/top_earlgrey/sw/autogen:top_earlgrey", @@ -1842,7 +1842,7 @@ opentitan_test( fpga = fpga_params( changes_otp = True, needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", tags = [ "broken", "lc_dev", @@ -2159,7 +2159,7 @@ otp_json( otp_image( name = "otp_ctrl_descrambling_otp_image", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":otp_ctrl_descrambling_otp_json"], visibility = ["//visibility:private"], ) @@ -4865,7 +4865,7 @@ otp_json( otp_image( name = "power_virus_systemtest_otp_img_rma", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":power_virus_systemtest_otp_overlay"], visibility = ["//visibility:private"], ) @@ -4888,7 +4888,7 @@ opentitan_test( }, ), fpga = fpga_params( - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", test_cmd = """ --bootstrap="{firmware}" """, @@ -5012,7 +5012,7 @@ otp_json( otp_image( name = "flash_scrambling_smoketest_otp_img_rma", - src = "//hw/ip/otp_ctrl/data:otp_json_rma", + src = "//hw/top_earlgrey/data/otp:otp_json_rma", overlays = STD_OTP_OVERLAYS + [":flash_scrambling_smoketest_otp_overlay"], visibility = ["//visibility:private"], ) @@ -5032,12 +5032,12 @@ opentitan_test( ) _SIVAL_OTP_IMAGE = { - "test_unlocked1": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_unlocked1_manuf_individualized", - "test_locked0": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_locked0_manuf_initialized", - "dev": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_personalized", - "prod": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", - "prod_end": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_end_manuf_personalized", - "rma": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_rma_manuf_personalized", + "test_unlocked1": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_unlocked1_manuf_individualized", + "test_locked0": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_test_locked0_manuf_initialized", + "dev": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized", + "prod": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized", + "prod_end": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_end_manuf_personalized", + "rma": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_rma_manuf_personalized", } _RV_DM_JTAG_LC_STATES = get_lc_items( @@ -5063,7 +5063,7 @@ _RV_DM_TEST_CONFIGURATIONS = [ "name": "dev_rv_dm_delayed_enabled", "lc_state": "dev", "rv_dm_delayed_en": "--rv-dm-delayed-enable", - "otp": "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", + "otp": "//hw/top_earlgrey/data/otp/sival_skus:otp_img_dev_manuf_personalized_enable_rv_dm_late_debug_enable", }, { "name": "rma", @@ -5634,7 +5634,7 @@ opentitan_test( }, fpga = fpga_params( needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data:img_test_unlocked0", + otp = "//hw/top_earlgrey/data/otp:img_test_unlocked0", # TODO(#22823): Remove "broken" tag once the test is fixed. tags = ["broken"], test_cmd = """ @@ -6670,7 +6670,7 @@ opentitan_test( fpga = fpga_params( timeout = "moderate", needs_jtag = True, - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_rma_manuf_personalized", + otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_rma_manuf_personalized", test_cmd = " ".join([ "--bootstrap=\"{firmware}\"", "--firmware-elf=\"{firmware:elf}\"", diff --git a/sw/device/tests/README.md b/sw/device/tests/README.md index b9039c1736f31e..9d4c87d06b9d57 100644 --- a/sw/device/tests/README.md +++ b/sw/device/tests/README.md @@ -45,6 +45,6 @@ For instructions on how to write a chip-level test, refer to the [on-device test ## Read More * [Build & Test Rules](../../../rules/opentitan/README.md) -* [On-Device Test Framework (OTTF)](../lib//testing/test_framework/README.md) -* [OTP Build and Test Infrastructure](../../../hw/ip/otp_ctrl/data/README.md) +* [On-Device Test Framework (OTTF)](../lib/testing/test_framework/README.md) +* [OTP Preload Image Generator](../../../util/design/README.md#otp_preload_image_generator) * [FPGA Bitstreams](../../../hw/bitstream/README.md) diff --git a/sw/device/tests/doc/sival/README.md b/sw/device/tests/doc/sival/README.md index 0dfe80d14a86d1..06a9b10cc700bd 100644 --- a/sw/device/tests/doc/sival/README.md +++ b/sw/device/tests/doc/sival/README.md @@ -218,7 +218,8 @@ bazel test --define DISABLE_VERILATOR_BUILD=true \ * [Build & Test Rules](../../../../../rules/opentitan/README.md) * [FPGA Bitstreams](../../../../../hw/bitstream/README.md) * [On-Device Test Framework](../../../lib/testing/test_framework/README.md) -* [OTP Build and Test Infrastructure](../../../../../hw/ip/otp_ctrl/data/README.md) +* [OTP Preload Image Generator](../../../../../util/design/README.md#otp_preload_image_generator) +.md) * [ROM\_EXT for Silicon Validation](../../../silicon_creator/rom_ext/doc/si_val.md) * [Signing Guide](../../../../../signing/README.md) * [SiVal Developer Guide](./devguide.md) diff --git a/sw/device/tests/doc/sival/devguide.md b/sw/device/tests/doc/sival/devguide.md index 015320d9cc6ea1..5180817349644d 100644 --- a/sw/device/tests/doc/sival/devguide.md +++ b/sw/device/tests/doc/sival/devguide.md @@ -79,7 +79,7 @@ Silicon bring-up and validation activities have to be planned in a way that minimizes the number of OTP configurations given that there may be limited availability of samples during early post-silicon stages. -`//hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD` contains the OTP +`//hw/top_earlgrey/data/otp/sival_skus/BUILD` contains the OTP configurations used in Silicon Validation (SiVal) for the EarlGrey design. ### `:otp_img_test_unlocked0_manuf_empty` @@ -187,7 +187,7 @@ Configuration: ```python { rom = "//sw/device/silicon_creator/rom:mask_rom", - otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized", + otp = "//hw/top_earlgrey/otp/data/sival_skus:otp_img_prod_manuf_personalized", } ``` diff --git a/util/design/README.md b/util/design/README.md index 613217136bcb2f..f960ac0a414c93 100644 --- a/util/design/README.md +++ b/util/design/README.md @@ -1,8 +1,6 @@ # Design-related Tooling Scripts -## Life Cycle and OTP Tools - -### OTP Memory Map Translation Script +## OTP Memory Map Translation Script The `gen-otp-mmap.py` script is used to translate the OTP memory map definition Hjson file into documentation and SV package collateral. The memory map definition file for top_earlgrey is currently located at `hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson`. @@ -24,7 +22,7 @@ $ ./util/design/gen-otp-mmap.py The seed value used for generating OTP-related random netlist constants can optionally be overridden with the `--seed` switch when calling the script directly. Otherwise that seed value is taken from the Hjson file, or generated on-the-fly if the Hjson file does not contain a seed. -### Life Cycle State Encoding Generator +## Life Cycle State Encoding Generator The `gen-lc-state-enc.py` script is used to generate the redundant life cycle state encoding and print the constants and type definitions into the life cycle state package. The life cycle definition file for top_earlgrey is currently located at `hw/ip/lc_ctrl/data/lc_ctrl_state.hjson`. @@ -46,11 +44,81 @@ $ ./util/design/gen-lc-state-enc.py The seed value used for generating life-cycle-state-related random netlist constants can optionally be overridden with the `--seed` switch when calling the script directly. Otherwise that seed value is taken from the Hjson file, or generated on-the-fly if the Hjson file does not contain a seed. -### OTP Preload Image Generator +## OTP Preload Image Generator The OTP preload image generation tool builds on top of the memory map and life cycle state generation Python classes in order to transform a memory image configuration into a memory hexfile that can be used for OTP preloading in simulation and FPGA emulation runs. The generated hexfile is compatible with the Verilog `$readmemh` command. +OTP image configurations are defined using hjson objects. Currently there are +two ways to build images: + +1. Pre-built OTP image overlays defined in hjson. These is the approach + currently used in most DV test cases. +2. Dynamically built OTP image overlays defined in [Bazel](#bazel). This is the + approach currently used in FPGA and Silicon Validation (SiVal) targets. + +### Bazel + +#### OTP HJSON Map + +OTP image overlays are first defined using the `otp_json` Bazel rule. The +following example shows the definition of a `SECRET2` partition configuration: + +```python +otp_json( + name = "otp_json_secret2_unlocked", + partitions = [ + otp_partition( + name = "SECRET2", + items = { + "RMA_TOKEN": "", + "CREATOR_ROOT_KEY_SHARE0": "", + "CREATOR_ROOT_KEY_SHARE1": "", + }, + lock = False, + ), + ], +) +``` + +See `//rules/otp.bzl` for additional documentation on additional parameters +available in the `otp_json` rule. + +#### OTP Image + +An OTP image is a collection of OTP JSON files used to create an OTP image. +An OTP can have multiple `otp_json` dependencies. Each dependency has the +ability of override the values of the previous dependency, so the order in +which these are listed is important. + +```python +# Represents a device in DEV state with the SECRET0 and SECRET1 partitions in +# locked state. SECRET2 partition is unlocked. +otp_image( + name = "img_dev_individualized", + src = ":otp_json_dev", + overlays = [ + ":otp_json_secret0", + ":otp_json_secret1", + ] + STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS, +) +``` + +In this example, the `src` attribute points to the baseline OTP JSON +configuration, and the list of overlay dependencies are applied in order +of precedence in the `overlays` attribute. + +The `STD_OTP_OVERLAYS_WITHOUT_SECRET_PARTITIONS` definition imported from +`//rules:otp.bzl` declares a list of `otp_json` targets that are used +as overlays. There are other list of predefined overlays that are used +throughout the code base. + +### FPGA Integration + +See [FPGA bitstreams](../../hw/bitstream/README.md) documentation for more details. + +### DV Flow + The OTP memory image configuration file is basically an Hjson file that lists the names and corresponding values of items defined in the OTP memory map definition. Further, since the life cycle state is stored in OTP, the image generator script also supports generating the correct life cycle state encodings. To that end, the desired life cycle state name can be declared in the image configuration file, and the generator script looks up and assigns the correct netlist constants. @@ -99,14 +167,14 @@ The following snippet shows a memory image configuration that puts the device in } ``` -Common example configuration files that can be used for simulation and emulation are checked in under `hw/ip/otp_ctrl/data`, e.g. `hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson` which provisions all buffered partitions and puts the device into the `DEV` life cycle. +Common example configuration files that can be used for simulation and emulation are checked in under `hw/top_earlgrey/data/otp`, e.g. `hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson` which provisions all buffered partitions and puts the device into the `DEV` life cycle. Note that the preload image generator script automatically scrambles secret partitions, computes digests of locked partitions using the PRESENT cipher, and computes the OTP ECC bits. The OTP preload image generator expects at least one main image configuration file to be specified with the `--img-cfg` switch, for example: ```console $ cd ${PROJ_ROOT} -$ ./util/design/gen-otp-img.py --img-cfg hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson \ +$ ./util/design/gen-otp-img.py --img-cfg hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson \ --out otp-img.mem ``` @@ -152,7 +220,7 @@ For example, this can be used to patch in additional software configuration data The generator script call would then look as follows: ```console $ cd ${PROJ_ROOT} -$ ./util/design/gen-otp-img.py --img-cfg hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson \ +$ ./util/design/gen-otp-img.py --img-cfg hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson \ --add-cfg otp_ctrl_img_sw_cfg.hjson \ --out otp-img.mem ``` diff --git a/util/design/data/BUILD b/util/design/data/BUILD index c8dcacd88fdb58..c5c76acb8c01c4 100644 --- a/util/design/data/BUILD +++ b/util/design/data/BUILD @@ -2,6 +2,35 @@ # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 +load("@bazel_skylib//rules:common_settings.bzl", "int_flag", "string_flag") + package(default_visibility = ["//visibility:public"]) exports_files(glob(["**"])) + +# These configurations expose the OTP image generation tool's command line +# arguments to enable dvsim to pass this through Bazel to the underlying OTP +# image generation script. This is required to enable dvsim to invoke OTP image +# generation as part of the Bazel build process, while still enabling the use of +# multiple seeds needed to achieve DV coverage. +int_flag( + name = "img_seed", + build_setting_default = 0, +) + +string_flag( + name = "lc_seed", + # Default must match value in hw/ip/lc_ctrl/data/lc_ctrl.hjson. + build_setting_default = "40182201019264397688411770949626922549663256047001778394918990008320537410392", +) + +string_flag( + name = "otp_seed", + # Default must match value in hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson. + build_setting_default = "36021179872380457113239299468132194022238108125576166239904535336103582949069", +) + +string_flag( + name = "data_perm", + build_setting_default = "", +) diff --git a/util/design/gen-otp-img.py b/util/design/gen-otp-img.py index 1660a04478c6b9..eabf39b22ea41f 100755 --- a/util/design/gen-otp-img.py +++ b/util/design/gen-otp-img.py @@ -17,11 +17,11 @@ from lib.OtpMemImg import OtpMemImg # Get the memory map definition. -MMAP_DEFINITION_FILE = 'hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson' +MMAP_DEFINITION_FILE = 'hw/top_earlgrey/data/otp/otp_ctrl_mmap.hjson' # Life cycle state and ECC poly definitions. LC_STATE_DEFINITION_FILE = 'hw/ip/lc_ctrl/data/lc_ctrl_state.hjson' # Default image file definition (can be overridden on the command line). -IMAGE_DEFINITION_FILE = 'hw/ip/otp_ctrl/data/otp_ctrl_img_dev.hjson' +IMAGE_DEFINITION_FILE = 'hw/top_earlgrey/data/otp/otp_ctrl_img_dev.hjson' # Default output path (can be overridden on the command line). Note that # "BITWIDTH" will be replaced with the architecture's bitness. MEMORY_MEM_FILE = 'otp-img.BITWIDTH.vmem' diff --git a/util/design/gen-otp-mmap.py b/util/design/gen-otp-mmap.py index a7f4bac4c8c2f4..983e87e7bc8441 100755 --- a/util/design/gen-otp-mmap.py +++ b/util/design/gen-otp-mmap.py @@ -33,7 +33,7 @@ ''' # memory map source -MMAP_DEFINITION_FILE = "hw/ip/otp_ctrl/data/otp_ctrl_mmap.hjson" +MMAP_DEFINITION_FILE = "hw/top_earlgrey/data/otp/otp_ctrl_mmap.hjson" # documentation tables to generate PARTITIONS_TABLE_FILE = "hw/ip/otp_ctrl/doc/otp_ctrl_partitions.md" DIGESTS_TABLE_FILE = "hw/ip/otp_ctrl/doc/otp_ctrl_digests.md"