[crypto] Prepare for alert management#29618
Open
siemen11 wants to merge 6 commits intolowRISC:earlgrey_1.0.0from
Open
[crypto] Prepare for alert management#29618siemen11 wants to merge 6 commits intolowRISC:earlgrey_1.0.0from
siemen11 wants to merge 6 commits intolowRISC:earlgrey_1.0.0from
Conversation
siemen11
requested review from
andrea-caforio,
engdoreis,
johannheyszl and
nasahlpa
and removed request for
a team and
engdoreis
siemen11
force-pushed
the
cryptolib_config
branch
from
72ad894 to
c491773
Compare
siemen11
force-pushed
the
cryptolib_config
branch
2 times, most recently
from
144c22c to
cc84ac4
Compare
Add alert drivers to read and init the sensors and alerts. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
The security_config files will be used for general configuration, rename it. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Make otcrypto_security_config_check return a otcrypto_status_t. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
The library requires an init function that does the following: - Check the security configuration - Set up alert management - Perform (some) KATs for FIPS - Set up the entropy source Leave this function empty for now. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Create a last function to be called when exiting from the crypto library back to the user giving potentially an OTCRYPTO_OK (not to be used on giving errors). This function is left empty for now, but will be responsiible for reading out alerts at the end. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Ensure otcrypto_eval_exit is the last function called before exiting an API on an OTCRYPTO_OK. Collateral: for the unittests, otcrypto_security_config_check was not working since kDeviceType is unknown for such tests, hence hide it behind #if defined(OPENTITAN_IS_EARLGREY). Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
siemen11
force-pushed
the
cryptolib_config
branch
from
cc84ac4 to
1ff72a7
Compare
johannheyszl
approved these changes
Apr 1, 2026
Contributor
johannheyszl
left a comment
johannheyszl
left a comment
There was a problem hiding this comment.
Great addition of missing pieces @siemen11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The cryptolib has to ensure that no output is given when an alert is fired.
This PR prepares the cryptolib for this functionality by implementing the following: