ot_flash: Add keymgr secret retrieval and lc_ctrl connections #178
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlexJones0
force-pushed
the
eg-flash-connections
branch
2 times, most recently
from
03c4ba3 to
d37fd9f
Compare
AlexJones0
force-pushed
the
eg-flash-connections
branch
from
d37fd9f to
80b090f
Compare
AlexJones0
force-pushed
the
eg-flash-connections
branch
2 times, most recently
from
e7bf9e6 to
9e90673
Compare
jwnrt
approved these changes
Sep 9, 2025
jwnrt
reviewed
Sep 9, 2025
AlexJones0
force-pushed
the
eg-flash-connections
branch
2 times, most recently
from
cc5c306 to
9b33fd1
Compare
jwnrt
approved these changes
Sep 9, 2025
rivos-eblot
reviewed
Sep 10, 2025
To work around issues seen in some OpenTitan flash testing where SW relies on the bus stalling reads to the FIFOs after initialisation before checking that the initialisation has completed, reduce the initialisation delay to 10 microseconds, and add an explanatory TODO comment about the behaviour of reading from `R_RD_FIFO` and some of the complications of emulating this within QEMU. Signed-off-by: Alex Jones <[email protected]>
AlexJones0
force-pushed
the
eg-flash-connections
branch
from
9b33fd1 to
9e7dbff
Compare
Fill out more of the flash controller initialization logic, now implementing the retrieval of the keymgr (owner and creator) seeds from flash during initialization, which is the first instance of a hardware request being used through the flash controller model. These keys are loaded into the flash controller and stored until they are requested by the keymgr, though this is not hooked up to the keymgr currently. Also performs a few more sanity checks with some errors: check that we aren't already initialized (or initializing) when we try to initialize. Signed-off-by: Alex Jones <[email protected]>
This commit primarily focuses on adding the LC broadcast signal connections to the flash now that it can support many of these signals. It also does a bit of cleanup, re-organising the many signals coming from the lifecycle manager. Since both the OTP and Flash need the `OT_LC_ESCALATE_EN` and `LC_SEED_HW_RD_EN` signals, these are passed through IRQ splitters. Signed-off-by: Alex Jones <[email protected]>
To bring the flash controller more in line with other modernized QEMU IP, add an `ot_id` property which is added as context to all traces and logs. This is primarily useful if you have multiple instances of a block (e.g. if we had a future top with multiple flash controllers) or if you want to rename a device, but is added regardless to be consistent with other OpenTitan QEMU devices. All traces are updated to start with the ID, and all of the qemu masked logs and errors also include the ID. Signed-off-by: Alex Jones <[email protected]>
Also add more detailed documentation to the prelude of the flash controller source file that goes into more detail about what is still not implemented, and what may not be a goal for emulation. Signed-off-by: Alex Jones <[email protected]>
With the changes to add lc_ctrl connections and info page qualification support, this test is now passing in all of its different lc_ctrl lifecycle state variations. Signed-off-by: Alex Jones <[email protected]>
AlexJones0
force-pushed
the
eg-flash-connections
branch
from
9e7dbff to
417815e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is the third of a series of 3 PRs to improve the OpenTitan Flash Controller emulation and make it more feature complete, with a focus on the features that are needed to support keymgr integration.
This PR focuses on using the previously added HW operations to implement a method via which a keymgr device could retrieve secrets (e.g. the owner seed or creator seed on Earlgrey) stored in the flash. As part of this work, the flash controller is connected to the lifecycle controller, and a subset of the broadcast signals are implemented. Some small fixes required for tests are also applied. At this point, the documentation is also updated accordingly to match the latest updates.
See the commit messages for more details about each change.
Note that the keymgr is currently not implemented on Earlgrey, so this method to read keymgr secrets is not yet exercised, but should be utilized in a future PR as part of the keymgr implementation. All flash_ctrl tests that run in
sim_qemu_rom_with_fake_keysare now passing inearlgrey_1.0.0, except forflash_ctrl_idle_low_power_test(gated on pwrmgr/rstmgr/NMIs).