-
Notifications
You must be signed in to change notification settings - Fork 745
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[otbn] Document key sideload #8650
Conversation
This PR won't pass CI without further changes to the system, but I'd like to focus on the functionality first. This spec proposal writes down what we have discussed earlier, with two deviations:
Note that we don't integrity-protect the key data between the key manager and OTBN at the moment, but we also don't plan to register it in OTBN at all, but to simply pass through the "wires" from key manager. @tjaychen @cdgori @felixmiller Is this design what you were looking for? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The error approach seems fine to me.
It's been so long that I don't remember the specific use case we anticipated here, maybe @felixmiller or @tjaychen remembers?
I'm guessing this is to connect an ECDSA p-384 private key for signing. (Presumably it would also work with p-256, just ignoring the upper bits?)
(But I would think that the case of ECDH to generate a session key would require communication in the other direction, maybe we decided that was out-of-scope here? The sideload mechanism as currently spec'd doesn't really work like that, I guess.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good (and nice and simple) to me.
I think we should probably update the block diagram to show the connection though.
yes that sounds good to me. I think the idea behind not integrity protecting it is because it's assumed there will be software redundancy (all the way to the keymgr level). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to check my understanding the sideload is dealt with externally to OTBN core and just provides a single set of keys that the new WSRs read from and the bits read remain the same throughout the OTBN operation?
Yes.
That's not guaranteed by hardware, but must be taken care of by the software author. Host software can reconfigure the key manager during an OTBN operation to change the keys. However, that wouldn't be wise, as there's no way for host software to know when OTBN actually uses the key it was provided with. |
Also include the new connection to the Key Manger in the block diagram. Fixes lowRISC#8502 Signed-off-by: Philipp Wagner <phw@lowrisc.org>
e9f0450
to
a7cd523
Compare
done. I've also specified that the higher bits of the second part of the key read as zero, and that the actual key data is in the lower 128b. |
I am closing this PR as all this changes have been merged as part of #9350. |
Fixes #8502