Skip to content

Commit

Permalink
[DOC] Clarify timing requirements for cptra_pwrgood and cptra_rst_b (#…
Browse files Browse the repository at this point in the history 
…571)

* Clarify timing requirements for assertion of cptra_pwrgood and deassertion of cptra_rst_b

* Revise constraint on powerup so delay from clock->cptra_pwrgood typically falls in doc'd bound

* MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-doc-pwrgood' with updated timestamp and hash after successful run
  • Loading branch information
@calebofearth
calebofearth authored Aug 20, 2024
1 parent 5ca1be7 commit 817349b
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 10 deletions.
2 changes: 1 addition & 1 deletion .github/workflow_metadata/pr_hash
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
164f167bb9dc6b7c538a7e8850b47e3d537587463c9b1c88c224f6aee560611d0472442fd6334167385285f768e4ee26
7fda014d9c945100c76479d6339a609816bee2b05c7749596d7ad3955555f36606325f7d0e8e9c7df09cb9f954e6094a
2 changes: 1 addition & 1 deletion .github/workflow_metadata/pr_timestamp
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1722925272
1723748145
15 changes: 8 additions & 7 deletions docs/CaliptraIntegrationSpecification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,7 +271,7 @@ The Boot FSM detects that the SoC is bringing Caliptra out of reset. Part of thi

![](./images/Caliptra_mbox_boot_FSM.png)

The boot FSM first waits for the SoC to assert cptra\_pwrgood and deassert cptra\_rst\_b. The SoC should wait a minimum of 10 clocks after asserting cptra\_pwrgood before deasserting cptra\_rst\_b.
The boot FSM first waits for the SoC to assert cptra\_pwrgood and deassert cptra\_rst\_b. The SoC first provides a stable clock to Caliptra. After a minimum of 10 clock cycles have elapsed on the stable clock, the SoC asserts cptra\_pwrgood. The SoC waits for a minimum of 10 clocks after asserting cptra\_pwrgood before deasserting cptra\_rst\_b.
In the BOOT\_FUSE state, Caliptra signals to the SoC that it is ready for fuses. After the SoC is done writing fuses, it sets the fuse done register and the FSM advances to BOOT\_DONE.

BOOT\_DONE enables Caliptra reset deassertion through a two flip-flop synchronizer.
Expand Down Expand Up @@ -626,14 +626,15 @@ For additional information, see [Caliptra assets and threats](https://github.com
| Fuses | SoCs that intend to undergo FIPS 140-3 zeroization shall expose zeroization API as described in zeroization requirements in architecture specification. SoC shall apply appropriate authentication for this API to protect against denial of service and side channel attacks. | Test on silicon | FIPS 140-3 certification |
| Security State | SoC shall drive security state wires in accordance with the SoC's security state. | Statement of conformance | Required for Caliptra threat model |
| Security State | If SoC is under debug, then SoC shall drive debug security state to Caliptra. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC shall start input clock before caliptra\_pwrgood assertion. | Statement of conformance | Functional |
| Resets and Clocks | SoC shall start input clock before cptra\_pwrgood assertion. The clock must operate for a minimum of 10 clock cycles before SoC asserts cptra\_pwrgood. | Statement of conformance | Functional |
| Resets and Clocks | After asserting cptra\_pwrgood, SoC shall wait for a minimum of 10 clock cycles before deasserting cptra\_rst\_b. | Statement of conformance | Functional |
| Resets and Clocks | SoC reset logic shall assume reset assertions are asynchronous and deassertions are synchronous. | Statement of conformance | Functional |
| Resets and Clocks | SoC shall ensure Caliptra's powergood is tied to SoC’s own powergood or any other reset that triggers SoC’s cold boot flow. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC shall ensure Caliptra clock is derived from an on-die oscillator circuit. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC shall ensure that any programmable Caliptra clock controls are restricted to the SoC Manager. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock stop attacks. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock glitching attacks. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock overclocking attacks. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC shall ensure Caliptra clock is derived from an on-die oscillator circuit. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC shall ensure that any programmable Caliptra clock controls are restricted to the SoC Manager. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock stop attacks. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock glitching attacks. | Statement of conformance | Required for Caliptra threat model |
| Resets and Clocks | SoC should defend against external clock overclocking attacks. | Statement of conformance | Required for Caliptra threat model |
| TRNG | SoC shall either provision Caliptra with a dedicated TRNG or shared TRNG. It is highly recommended to use dedicated ITRNG | Statement of conformance | Required for Caliptra threat model and Functional |
| TRNG | SoC shall provision the Caliptra embedded TRNG with an entropy source if that is used (vs. SoC-shared TRNG API support). | Statement of conformance | Functional |
| TRNG | If the TRNG is shared, then upon TRNG\_REQ, SoC shall use immutable logic or code to program Caliptra's TRNG registers. | Statement of conformance | Required for Caliptra threat model and Functional |
Expand Down
2 changes: 1 addition & 1 deletion ...tput/verification_ip/interface_packages/soc_ifc_ctrl_pkg/src/soc_ifc_ctrl_transaction.svh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class soc_ifc_ctrl_transaction extends uvmf_transaction_base;
rand bit [63:0] generic_input_val ;

//Constraints for the transaction variables:
constraint wait_cycles_c { wait_cycles dist {[1:25] := 80, [25:100] := 15, [100:500] := 5}; }
constraint wait_cycles_c { wait_cycles dist {[1:9] :/ 80, [10:99] :/ 15, [100:500] :/ 5}; }
constraint generic_tie_zero_c { generic_input_val == 64'h0; }
constraint debug_locked_c {security_state.debug_locked == 1'b1;} //reset sequence tied this off, doing it here instead
constraint device_lifecycle_const_c { if (device_lifecycle_set_static) {security_state.device_lifecycle == device_lifecycle_static; } }
Expand Down

0 comments on commit 817349b

Please sign in to comment.