Skip to content

[Crypto] Reduce dependencies of crypto #29646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
siemen11 wants to merge 3 commits into
base: earlgrey_1.0.0
Choose a base branch
from
Open

[Crypto] Reduce dependencies of crypto #29646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d97f958
[crypto] Remove runtime dep
siemen11 Apr 1, 2026
dc25f1f
[crypto] Remove silicon_creator dep
siemen11 Apr 1, 2026
baf038d
[crypto] Remove arch dependency
siemen11 Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion sw/device/lib/crypto/drivers/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,6 @@ cc_library(
"//sw/device/lib/base:macros",
"//sw/device/lib/base:memory",
"//sw/device/lib/base:status",
"//sw/device/lib/runtime:log",
],
)

Expand Down
1 change: 0 additions & 1 deletion sw/device/lib/crypto/drivers/entropy_kat.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
#include "sw/device/lib/base/bitfield.h"
#include "sw/device/lib/base/memory.h"
#include "sw/device/lib/crypto/drivers/entropy.h"
#include "sw/device/lib/runtime/log.h"

#include "csrng_regs.h" // Generated
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
Expand Down
4 changes: 2 additions & 2 deletions sw/device/lib/crypto/impl/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,10 +259,10 @@ cc_library(
deps = [
":integrity",
":status",
"//sw/device/lib/arch:device",
"//hw/top_earlgrey/ip_autogen/clkmgr:clkmgr_c_regs",
"//hw/top_earlgrey/sw/autogen:top_earlgrey",
"//sw/device/lib/base:hardened_memory",
"//sw/device/lib/crypto/drivers:rv_core_ibex",
"//sw/device/silicon_creator/lib/drivers:clkmgr",
],
)

Expand Down
1 change: 0 additions & 1 deletion sw/device/lib/crypto/impl/rsa/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ cc_library(
":rsa_datatypes",
"//sw/device/lib/base:hardened_memory",
"//sw/device/lib/crypto/drivers:otbn",
"//sw/device/lib/runtime:log",
"//sw/otbn/crypto:run_rsa",
],
)
Expand Down
1 change: 0 additions & 1 deletion sw/device/lib/crypto/impl/rsa/run_rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@

#include "sw/device/lib/base/hardened_memory.h"
#include "sw/device/lib/crypto/drivers/otbn.h"
#include "sw/device/lib/runtime/log.h"

// Module ID for status codes.
#define MODULE_ID MAKE_MODULE_ID('r', 'm', 'e')
Expand Down
51 changes: 23 additions & 28 deletions sw/device/lib/crypto/impl/security_config.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,40 +4,35 @@

#include "sw/device/lib/crypto/include/security_config.h"

#include "sw/device/lib/arch/device.h"
#include "sw/device/lib/base/hardened.h"
#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
#include "sw/device/silicon_creator/lib/drivers/clkmgr.h"

#include "clkmgr_regs.h"
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"

status_t otcrypto_security_config_check(
otcrypto_key_security_level_t security_level) {
// Only check the security config on silicon as some of the countermeasures
// might not be available in other targets.
if (kDeviceType == kDeviceSilicon) {
if (launder32(security_level) != kOtcryptoKeySecurityLevelLow) {
#if defined(OPENTITAN_IS_EARLGREY)
// Check if the jittery clock is enabled on OpenTitan EarlGrey.
hardened_bool_t jittery_clk_en = clkmgr_check_jittery_clk_en();
if (launder32(jittery_clk_en) == kHardenedBoolFalse) {
return OTCRYPTO_FATAL_ERR;
}
HARDENED_CHECK_EQ(jittery_clk_en, kHardenedBoolTrue);
#endif

// Check if the dummy instructions and the data independent timing is
// enabled in ibex.
hardened_bool_t ibex_secure_config = ibex_check_security_config();
if (launder32(ibex_secure_config) == kHardenedBoolFalse) {
return OTCRYPTO_FATAL_ERR;
}
HARDENED_CHECK_EQ(ibex_secure_config, kHardenedBoolTrue);
} else {
// Do not check the device config when security level is low.
HARDENED_CHECK_EQ(security_level, kOtcryptoKeySecurityLevelLow);
}
} else {
HARDENED_CHECK_NE(launder32(kDeviceType), kDeviceSilicon);
// Check if the jittery clock is enabled on OpenTitan EarlGrey.
uint32_t jittery_clk_en = abs_mmio_read32(TOP_EARLGREY_CLKMGR_AON_BASE_ADDR +
CLKMGR_JITTER_ENABLE_REG_OFFSET);
if (launder32(jittery_clk_en) != kMultiBitBool4True) {
return OTCRYPTO_FATAL_ERR;
}
HARDENED_CHECK_EQ(jittery_clk_en, kMultiBitBool4True);

return OTCRYPTO_OK;
// Check if the dummy instructions and the data independent timing is
// enabled in ibex.
hardened_bool_t ibex_secure_config = ibex_check_security_config();
if (launder32(ibex_secure_config) == kHardenedBoolFalse) {
return OTCRYPTO_FATAL_ERR;
}
HARDENED_CHECK_EQ(ibex_secure_config, kHardenedBoolTrue);
}
else {
// Do not check the device config when security level is low.
HARDENED_CHECK_EQ(security_level, kOtcryptoKeySecurityLevelLow);
Comment on lines +24 to +34
Copy link
Copy Markdown
Contributor

@andrea-caforio andrea-caforio Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you move this chunk into the macro #IF?

Copy link
Copy Markdown
Contributor Author

@siemen11 siemen11 Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to take over the role of kDeviceType == kDeviceSilicon

}
#endif
return OTCRYPTO_OK;
}
Loading