forked from lowRISC/opentitan
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[hmac] Error Handling: Discard Msg if sha_en:=0
First version of HMAC silently discarded the incoming message if the message FIFO was full. The reasone was the FIFO was connected to the register interface, which doesn't have back-pressure mechanism. So, the consequences of the behavior was the hash digest could be wrong if the feeder sends the data faster than what HMAC can consume. Livestream mode was introduced to address the issue above. With `prim_packer` module and the window feature in reggen, now the message FIFO is connected through TL-UL window port not the register interface port. Window port is another TL-UL port that can back-pressure the requester (yes it has ready signal now). The consequences? Now the feeder (software or DMA later) can be stuck at requesting new data until HMAC consumes previous data. It becomes important that the HMAC IP now shouldn't hang, which has a chance to create a hang condition to the entire SoC system. One particular case was what @cindychip found in lowRISC#523. She tried to send a message into the HMAC message FIFO while HMAC is turned off, aka sha_en := 0. This case, HMAC accepts the message and let the message FIFO full and eventually back-pressuring the host. As the host is back-pressured, it cannot clear the hang condition! (maybe watchdog eventually can do) So, the design is changed to clear this issue. Now HMAC discards the incoming message if HMAC is not enabled. One more step taken in this issue is to create `ERR_CODE` register. It might be OK to create another interrupt line named as `new_msg_sha_disabled` or something similar. It, however, could be beneficial to combine any error message into one error message code and let the software knows what was the reason after getting the alert/ interrupt. So, HMAC stores error code while generating the interrupt. It also adds a logic to detect the condition of the software that sets `hash_start` when `sha_en` is 0. This ensures the earliest catch of wrong software behavior. Next PR will also merge `fifo_full` interrupt into `hmac_err`.
- Loading branch information
Eunchan Kim
committed
Oct 23, 2019
1 parent
a40dc02
commit 14a4312
Showing
3 changed files
with
82 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters