Skip to content

[crypto/entropy] Make the entropy source ready for use#29615

Open
siemen11 wants to merge 4 commits intolowRISC:earlgrey_1.0.0from
siemen11:entropy_src_config
Open

[crypto/entropy] Make the entropy source ready for use#29615
siemen11 wants to merge 4 commits intolowRISC:earlgrey_1.0.0from
siemen11:entropy_src_config

Conversation

@siemen11
Copy link
Copy Markdown
Contributor

@siemen11 siemen11 commented Mar 29, 2026

This PR does the following:

  • Open the entropy init and check to the user. The user HAS to use this function since the ROM_EXT does NOT enable FIPS mode at plan of record. While it was originally planned for the ROM_EXT to drive this config, the entropy driver was not using correct thresholds while the ROM_EXT is now frozen. Hence, we need to move this to the firmware.
  • Add in basic fault injection protection by rereading the registers.
  • Prevent infinite timeouts by adding a timeout to all polling to improve reliability.
  • Set FIPS thresholds for the entropy source, leave the EDN config unchanged
  • Adapt all tests to use the new user exposed entropy functions with FIPS thresholds

@siemen11 siemen11 requested a review from a team as a code owner March 29, 2026 11:32
@siemen11 siemen11 requested review from andrea-caforio, cfrantz, johannheyszl, moidx, nasahlpa, pamaury and vsukhoml and removed request for a team and pamaury March 29, 2026 11:32
@siemen11 siemen11 added the CherryPick:master This PR should be cherry-picked to master label Mar 29, 2026
@siemen11 siemen11 requested a review from timothytrippel March 29, 2026 12:05
@siemen11
Copy link
Copy Markdown
Contributor Author

siemen11 commented Mar 29, 2026

A question: the entropy_complex_init now changed to new FIPS thresholds. Does this have an impact in provisioning or silicon_creator?

@siemen11 siemen11 force-pushed the entropy_src_config branch 5 times, most recently from 0912e5f to d33fd99 Compare March 30, 2026 09:26
@siemen11 siemen11 added the CI:Rerun Rerun failed CI jobs label Mar 30, 2026
vsukhoml
vsukhoml reviewed Mar 30, 2026
View reviewed changes
@siemen11 siemen11 force-pushed the entropy_src_config branch from d33fd99 to 9cca2bb Compare March 31, 2026 07:58
siemen11 added 3 commits March 31, 2026 17:54
@siemen11
[crypto/entropy] Open entropy init and check to users
d73a37a 
Originally, the idea was to call entropy_complex_init in the ROM_EXT to
instantiate the RNG in a final FIPS state. However, the ROM_EXT is in
its frozen final version and the entropy_complex_init still has dummy
threshold values. Hence, the entropy_complex_init should be called from
firmware instead. However, the entropy_complex_init is only a driver
function returning a regular status_t, it is not an impl function with
an otcrypto_status_t. Hence, it is not opened up to the user. Instead,
make a wrapper to the functions needed by the user and add them in the
include folder.
Switch all functests to use the wrapper instead (since ideally to ingest
impl functions).

Collateral: looks like the driver was some glue for missing Bazel
dependencies, add rv_core_ibex to the random_order function.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
@siemen11
[crypto/entropy] Add FI protection
512702d 
The TODOs in entropy specified to ensure fault protection. With the
entropy source configure, reread the registers to ensure the
configuration written is the expected one. Remove the TODOs. The entropy
check is presumed to be called multiple times, hence it does not need
additional protection.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
@siemen11
[crypto/entropy] Avoid infinite polls
0898d6f 
Add timeouts to all polling of registers. This is just to add
reliability in situations where the chips experiences a malfunction.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
@siemen11 siemen11 force-pushed the entropy_src_config branch from 9cca2bb to fce0466 Compare March 31, 2026 15:59
@siemen11 siemen11 added CI:Rerun Rerun failed CI jobs and removed CherryPick:master This PR should be cherry-picked to master CI:Rerun Rerun failed CI jobs labels Mar 31, 2026
@github-actions github-actions bot removed the CI:Rerun Rerun failed CI jobs label Apr 1, 2026
johannheyszl
johannheyszl reviewed Apr 1, 2026
View reviewed changes
johannheyszl
johannheyszl reviewed Apr 1, 2026
View reviewed changes
johannheyszl
johannheyszl approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@johannheyszl johannheyszl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @siemen11 this lgtm - important we can call this from user

@siemen11
[crypto/entropy] Set FIPS thresholds
596adca 
Set the entropy source driver to align with certified
NIST SP 800-90B requirements.

Specific changes include:

- NIST 800-90B Health Test Thresholds: Increased the `fips_test_window_size` to 2048 bits to comply with
        FIPS standards for binary noise sources.
- Bypass Register Configuration: Updated the `SET_FIPS_THRESH` and `VERIFY_FIPS_THRESH` macros to
        write and verify both the `FIPS_THRESH` and `BYPASS_THRESH` fields
        simultaneously.

Note: CSRNG `FIPS_FORCE_ENABLE` and EDN continuous polling rates remain at
their defaults to ensure the FIFO does not run empty with, for exmaple, the OTBN during the initial TRNG FIPS warm-up phase.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
@siemen11 siemen11 force-pushed the entropy_src_config branch from fce0466 to 596adca Compare April 1, 2026 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz cfrantz approved these changes

@nasahlpa nasahlpa Awaiting requested review from nasahlpa

@moidx moidx Awaiting requested review from moidx

@andrea-caforio andrea-caforio Awaiting requested review from andrea-caforio

@timothytrippel timothytrippel Awaiting requested review from timothytrippel

+2 more reviewers

@vsukhoml vsukhoml vsukhoml approved these changes

@johannheyszl johannheyszl johannheyszl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@siemen11 @cfrantz @vsukhoml @johannheyszl