Skip to content

ot_otp: perform partition descrambling in DAI #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 23, 2025
Merged

ot_otp: perform partition descrambling in DAI #252

merged 6 commits into from
Oct 23, 2025

Conversation

@luismarques
Copy link

@luismarques luismarques commented Oct 22, 2025

The descrambling for the token loading path will be done in a separate PR.

rivos-eblot
rivos-eblot requested changes Oct 22, 2025
View reviewed changes
@luismarques luismarques force-pushed the ot_otp_eg_descrambling branch from bad7426 to 16c16db Compare October 22, 2025 16:26
@AlexJones0 AlexJones0 force-pushed the ot_otp_eg_descrambling branch from 16c16db to d735823 Compare October 22, 2025 19:56
AlexJones0 and others added 6 commits October 22, 2025 21:00
@AlexJones0
[ot] hw/opentitan: ot_otp_eg: Load OTP scrambling keys
8836d1e 
Load the OTP scrambling keys from hex-string configured properties.
These keys are used for decoding the scrambled data stored in secret
partitions (`SECRET0`, `SECRET1`, etc.)

Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@AlexJones0
[ot] hw/opentitan: ot_otp_dj: Load OTP scrambling keys
d63f688 
Load the OTP scrambling keys from hex-string configured properties.
These keys are used for decoding the scrambled data stored in secret
partitions (`SECRET0`, `SECRET1`, etc.)

Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@AlexJones0
[ot] scripts/opentitan: cfggen.py: Load OTP scrambling keys from SV
bdbc72c 
Parse the hard-coded OTP scrambling key constants out of the relevant SV
partition SV files into the generated OT configuration files, so that
they can be used in the OTP.

Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@luismarques @AlexJones0
[ot] hw/opentitan: ot_otp_eg: perform partition descrambling in DAI
fef9f6a 
Unscramble DAI reads from secret partitions, which are scrambled with a
scrambling key (configured per-partition as a netlist constant) via a
simple Present block cipher.

Co-authored-by: Alex Jones <alex.jones@lowrisc.org>
Signed-off-by: Luís Marques <luismarques@lowrisc.org>
Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@AlexJones0
[ot] hw/opentitan: ot_otp_dj: perform partition descrambling in DAI
6accf86 
Unscramble DAI reads from secret partitions, which are scrambled with a
scrambling key (configured per-partition as a netlist constant) via a
simple Present block cipher.

Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@AlexJones0
[ot] docs/config: opentitan: Regenerate default config files
c70a4cd 
These files need to include the new OTP scrambling keys, so regenerate
them from the latest commits on the `master` branch (for Darjeeling) and
the `earlgrey_1.0.0` branch (for Earlgrey).

Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
@AlexJones0 AlexJones0 force-pushed the ot_otp_eg_descrambling branch from d735823 to c70a4cd Compare October 22, 2025 20:01
@AlexJones0
Copy link

AlexJones0 commented Oct 22, 2025

This should be working on Earlgrey going via cfggen.py to load the constants (at least, //sw/device/tests:otp_ctrl_descrambling_test_sim_qemu_rom_with_fake_keys passes when lowRISC/opentitan#28541 is merged upstream).

I've tried to add the support for Darjeeling as well, but don't have an easy way to test it. I can see the keys are being parsed into the configuration file correctly at least. @rivos-eblot would it be possible for you could check the Darjeeling implementation?

@AlexJones0 AlexJones0 changed the title ot_otp_eg: perform partition descrambling in DAI ot_otp: perform partition descrambling in DAI Oct 22, 2025
rivos-eblot
rivos-eblot approved these changes Oct 23, 2025
View reviewed changes
Copy link

@rivos-eblot rivos-eblot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rivos-eblot
Copy link

rivos-eblot commented Oct 23, 2025

. @rivos-eblot would it be possible for you could check the Darjeeling implementation?

I can give it a try, but I do not know how. Let me check if we have some way to test it and get back to you.
Meanwhile, I think it is safe to merge this PR. Thanks.

@luismarques luismarques merged commit 007293e into lowRISC:ot-9.2.0 Oct 23, 2025
7 of 9 checks passed
AlexJones0
AlexJones0 reviewed Oct 23, 2025
View reviewed changes
python/qemu/ot/otp/const.py
except KeyError as exc:
raise ValueError('No scrambling key constants found') from exc
if len(key_values) <= idx:
raise ValueError(f'No such key {name} in the key array') from exc
Copy link

@AlexJones0 AlexJones0 Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I tried to push this change but you had already merged the PR 😅

Suggested change
raise ValueError(f'No such key {name} in the key array') from exc
raise ValueError(f'No such key {name} in the key array')

It'll likely just throw an UnboundLocalError instead of a ValueError on this error case, so not a huge deal.

I'll open a PR to fix this.

@AlexJones0 AlexJones0 mentioned this pull request Oct 23, 2025
Merged
@AlexJones0 AlexJones0 mentioned this pull request Nov 3, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexJones0 AlexJones0 AlexJones0 left review comments

@rivos-eblot rivos-eblot rivos-eblot approved these changes

@jwnrt jwnrt Awaiting requested review from jwnrt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@luismarques @AlexJones0 @rivos-eblot