[ot] docs/opentitan: earlgrey: Update Keymgr status in docs

Also document the final known limitations and TODOs for the `keymgr` in
the prologue.

Signed-off-by: Alex Jones <[email protected]>

Author: AlexJones0

docs/opentitan/earlgrey.md

@@ -13,6 +13,9 @@
 
 ### Near feature-complete devices
 
+* Key manager
+  * Almost feature complete
+  * Missing entropy reseeding, and support for KMAC masking (when available)
 * AES
   * missing side-loading
 * Alert controller
@@ -89,7 +92,6 @@ any useful feature (only allow guest test code to execute as expected).
 Some just use generic `UNIMP` devices to define a memory region.
 
 * Analog Sensor Top
-* Key manager
 * Pattern Generator
 * Pinmux
 * PWM

hw/opentitan/ot_keymgr.c

@@ -24,6 +24,14 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
+ *
+ * Known limitations:
+ *  - Entropy reseeding is not currently supported; the value in the shadowed
+ *    `RESEED_INTERVAL_THRESHOLD` register is ignored.
+ *  - Currently the keymgr is designed without KMAC masking. If KMAC masking
+ *    is enabled, a small amount of logic (KMAC data / key integrity checks)
+ *    needs to be updated to use both key shares correctly.
+ *  - Some faults may not be modelled completely accurately (i.e., untested).
  */
 
 #include "qemu/osdep.h"