[cryptolib,silicon_creator] Deduplicate ibex random function

This commit makes two changes:
- the ibex_rnd32_read() function is moved from cryptolib to
  silicon_creator, the users are fixed
- the rnd_uint32() function is changed to return either mcycle
  OR rnd32(), depending on the boot stage and OTP setting.

Regarding the second change, it was previoulsy returning
`mcycle + rnd32()` but not waiting for random data depending on
an OTP setting. There is no good reason for that because if it waits
for data from the EDN, all the health checks are already done by the
csrng, meaning that adding `mcycle` does not add any value to a
random variable. Also if the OTP is *not* set, it causes a read
to known-invalid register using the fact that it will be 0 in this
cases.

Signed-off-by: Amaury Pouly <[email protected]>

Author: pamaury

sw/device/lib/crypto/drivers/BUILD

@@ -121,14 +121,14 @@ cc_library(
     ],
     deps = [
         ":entropy",
-        ":rv_core_ibex",
         "//hw/top:dt_kmac",
         "//hw/top:kmac_c_regs",
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:bitfield",
         "//sw/device/lib/base:hardened",
         "//sw/device/lib/base:macros",
         "//sw/device/lib/crypto/impl:status",
+        "//sw/device/silicon_creator/lib/drivers:ibex",
     ],
 )
 
@@ -213,8 +213,8 @@ cc_library(
         "//sw/device/lib/base:macros",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/crypto/drivers:entropy",
-        "//sw/device/lib/crypto/drivers:rv_core_ibex",
         "//sw/device/lib/crypto/impl:status",
+        "//sw/device/silicon_creator/lib/drivers:ibex",
     ],
 )
 
@@ -238,6 +238,7 @@ dual_cc_library(
         shared = [
             "//sw/device/lib/base:hardened",
             "//sw/device/lib/crypto/impl:status",
+            "//sw/device/silicon_creator/lib/drivers:ibex",
         ],
     ),
 )
@@ -250,14 +251,11 @@ opentitan_test(
         timeout = "long",
     ),
     deps = [
-        ":rv_core_ibex",
-        "//hw/top:rv_core_ibex_c_regs",
-        "//sw/device/lib/base:bitfield",
-        "//sw/device/lib/base:csr",
         "//sw/device/lib/base:status",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:check",
         "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/silicon_creator/lib/drivers:ibex",
     ],
 )
 

sw/device/lib/crypto/drivers/hmac.c

@@ -12,8 +12,8 @@
 #include "sw/device/lib/base/hardened_memory.h"
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/crypto/drivers/entropy.h"
-#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/silicon_creator/lib/drivers/ibex.h"
 
 #include "hw/top/hmac_regs.h"  // Generated.
 

sw/device/lib/crypto/drivers/kmac.c

@@ -9,8 +9,8 @@
 #include "sw/device/lib/base/bitfield.h"
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/crypto/drivers/entropy.h"
-#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/silicon_creator/lib/drivers/ibex.h"
 
 #include "hw/top/kmac_regs.h"  // Generated.
 

sw/device/lib/crypto/drivers/rv_core_ibex.c

@@ -11,6 +11,7 @@
 #include "sw/device/lib/base/hardened.h"
 #include "sw/device/lib/base/macros.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/silicon_creator/lib/drivers/ibex.h"
 
 #include "hw/top/rv_core_ibex_regs.h"
 
@@ -56,19 +57,6 @@ hardened_bool_t ibex_check_security_config(void) {
   return kHardenedBoolTrue;
 }
 
-/**
- * Blocks until data is ready in the RND register.
- */
-static void wait_rnd_valid(void) {
-  while (true) {
-    uint32_t reg = abs_mmio_read32(rv_core_ibex_base() +
-                                   RV_CORE_IBEX_RND_STATUS_REG_OFFSET);
-    if (bitfield_bit32_read(reg, RV_CORE_IBEX_RND_STATUS_RND_DATA_VALID_BIT)) {
-      return;
-    }
-  }
-}
-
 status_t ibex_disable_icache(hardened_bool_t *icache_enabled) {
   // Check if the instruction cache is already disabled.
   uint32_t csr;
@@ -98,12 +86,6 @@ void ibex_restore_icache(hardened_bool_t icache_enabled) {
   }
 }
 
-uint32_t ibex_rnd32_read(void) {
-  wait_rnd_valid();
-  return abs_mmio_read32(rv_core_ibex_base() +
-                         RV_CORE_IBEX_RND_DATA_REG_OFFSET);
-}
-
 OT_ALWAYS_INLINE void ibex_clear_rf(void) {
 #ifdef OT_PLATFORM_RV32
   // ibex_clear_rf() below cannot clear x8 (frame pointer). To avoid that

sw/device/lib/crypto/drivers/rv_core_ibex.h

@@ -44,16 +44,6 @@ void ibex_restore_icache(hardened_bool_t icache_enabled);
 OT_WARN_UNUSED_RESULT
 hardened_bool_t ibex_check_security_config(void);
 
-/**
- * Get random data from the EDN0 interface.
- *
- * Important: this function will hang if the entropy complex is not
- * initialized. Callers are responsible for checking first.
- *
- * @return 32 bits of randomness from EDN0.
- */
-uint32_t ibex_rnd32_read(void);
-
 /**
  * Write a random value into x5...x7 and x9...x31.
  *

sw/device/lib/crypto/drivers/rv_core_ibex_test.c

@@ -2,12 +2,11 @@
 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
 // SPDX-License-Identifier: Apache-2.0
 
-#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
-
 #include "sw/device/lib/base/status.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
+#include "sw/device/silicon_creator/lib/drivers/ibex.h"
 
 #include "hw/top/rv_core_ibex_regs.h"
 

sw/device/lib/crypto/impl/BUILD

@@ -347,7 +347,7 @@ cc_library(
         "//sw/device/lib/base:hardened_memory",
         "//sw/device/lib/crypto/drivers:entropy",
         "//sw/device/lib/crypto/drivers:hmac",
-        "//sw/device/lib/crypto/drivers:rv_core_ibex",
+        "//sw/device/silicon_creator/lib/drivers:ibex",
     ],
 )
 

sw/device/lib/crypto/impl/hmac.c

@@ -7,11 +7,11 @@
 #include "sw/device/lib/base/hardened_memory.h"
 #include "sw/device/lib/crypto/drivers/entropy.h"
 #include "sw/device/lib/crypto/drivers/hmac.h"
-#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
 #include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/silicon_creator/lib/drivers/ibex.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('h', 'm', 'c')

sw/device/silicon_creator/lib/drivers/BUILD

@@ -612,7 +612,6 @@ dual_cc_library(
             "//sw/device/lib/base:hardened",
             "//hw/top:entropy_src_c_regs",
             "//hw/top:otp_ctrl_c_regs",
-            "//hw/top:rv_core_ibex_c_regs",
             "//sw/device/lib/base:crc32",
         ],
         host = [
@@ -624,6 +623,7 @@ dual_cc_library(
             ":lifecycle",
             "//sw/device/lib/base:macros",
             "//sw/device/silicon_creator/lib:error",
+            "//sw/device/silicon_creator/lib/drivers:ibex",
         ],
     ),
 )

sw/device/silicon_creator/lib/drivers/ibex.c

@@ -22,6 +22,25 @@ static inline uint32_t rv_core_ibex_base(void) {
   return dt_rv_core_ibex_reg_block(kRvCoreIbexDt, kDtRvCoreIbexRegBlockCfg);
 }
 
+/**
+ * Blocks until data is ready in the RND register.
+ */
+static void wait_rnd_valid(void) {
+  while (true) {
+    uint32_t reg = abs_mmio_read32(rv_core_ibex_base() +
+                                   RV_CORE_IBEX_RND_STATUS_REG_OFFSET);
+    if (bitfield_bit32_read(reg, RV_CORE_IBEX_RND_STATUS_RND_DATA_VALID_BIT)) {
+      return;
+    }
+  }
+}
+
+uint32_t ibex_rnd32_read(void) {
+  wait_rnd_valid();
+  return abs_mmio_read32(rv_core_ibex_base() +
+                         RV_CORE_IBEX_RND_DATA_REG_OFFSET);
+}
+
 uint32_t ibex_fpga_version(void) {
   const uint32_t kBase = rv_core_ibex_base();
   return abs_mmio_read32(kBase + RV_CORE_IBEX_FPGA_INFO_REG_OFFSET);