Sync with upstream for week ending 2025-06-06 #12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These two instantiations can never decrement and passing the parameter like this checks this is true. Signed-off-by: Rupert Swarbrick <[email protected]>
This can be used by instantiations to assert that the clr_i port is never true (passing that information to the prim_fifo_sync_cnt and then the prim_count inside). The commit is quite large, but that's because there are lots of instantiation sites. If one of these parameters is passed wrongly, the result will be caught immediately at simulation (from the NeverClears_A assertion that's added to prim_fifo_sync or the ClrNeverTrue_A assertion that this turns on inside prim_count). Signed-off-by: Rupert Swarbrick <[email protected]>
The prim_fifo core includes prim_fifo_sync_cnt which contains a prim_count instance. Signed-off-by: Rupert Swarbrick <[email protected]>
Update code from upstream repository https://github.com/lowRISC/ibex.git to revision 0d1b1723253cdf804aad263e805544d54aa5aa57 * [ibex] Pass mvendorid and mimpid also to lockstep core (Robert Schilling) * [dv/formal] Warning fixes (Marno van der Maas) * [dv/formal] Alt LSU undefined in and out (Marno van der Maas) * [dv/formal] Memory protocol rearranged (Marno van der Maas) * [dv/formal] FetchErrRoot proven with engine Hp (Marno van der Maas) * [dv/formal] Helpers for DivInstrStable (Marno van der Maas) * [dv/formal] Performance improvement for divide PC (Marno van der Maas) * [doc] Update cosim.rst to point to current spike cosim branch (Harry Callahan) * [dv,formal] Remove patches, better proof script (mndstrmr) * [dv,formal] constrain CSR values for mvendorid and mimpid (Gary Guo) * [dv,formal] FirstFetchNoInstr helper property for FetchErrRoot (Gary Guo) * [dv,formal] do not assume on MType assertions (Gary Guo) * [dv,formal,doc] Formal README revision (Marno van der Maas) * [dv,formal,nix] Use Nix to setup formal development and test environment (Harry Callahan) * [dv,formal] Add a fusesoc flow for generating the fileset (Harry Callahan) * [dv,formal] Add flow for formal equivalence checking with Sail (Louis-Emile) Signed-off-by: Robert Schilling <[email protected]>
Signed-off-by: Robert Schilling <[email protected]>
Signed-off-by: Hugo McNally <[email protected]>
lowrisc:dv:chip_sim isn't being used anywhere and it is triggering a warning in FuseSoC. Signed-off-by: Hugo McNally <[email protected]>
An empty file list triggers a core file validation error. Signed-off-by: Hugo McNally <[email protected]>
This pwrmgr_pkg sometimes requires lc_ctrl_pkg Signed-off-by: Hugo McNally <[email protected]>
Co-authored-by: Alexander Williams <[email protected]> Signed-off-by: Hugo McNally <[email protected]>
They were all missing prim_subreg_pkg in their dependencies. Signed-off-by: Alexander Williams <[email protected]>
Signed-off-by: Hugo McNally <[email protected]>
… Sampling Signed-off-by: Yogish Sekhar <[email protected]>
…culation/ PR Feedback Signed-off-by: Yogish Sekhar <[email protected]>
On A2, writing any value into the clock jitter configuration register will enable the feature. Hence, filter out this config register in the automatic test vector comparison. Signed-off-by: Pascal Nasahl <[email protected]>
As the FI firmware keeps growing, split the IbexFi part from the FI tests avoiding that we are reaching the memory limit. Signed-off-by: Pascal Nasahl <[email protected]>
Change the HMAC SCA test to work with the testutils instead of the of crypto library. The reason for this is that we want to test closer to the HW. HMAC cryptolib will be tested separately. Signed-off-by: Siemen Dhooghe <[email protected]>
Replace NOPs by ADDI instructions on the registers initialized at 0 and give back the values from these registers. This adaptation allows to better understand which instructions were executed during fault testing. Add the opposite cases for the single branch tests. Signed-off-by: Siemen Dhooghe <[email protected]>
The IbexFi tests are low-level tests targeting to characterize single instructions. Hence, use the `optnone` flag to avoid that the compiler optimizes those functions. Signed-off-by: Pascal Nasahl <[email protected]>
Switch from the `pentest_set_trigger_high/low` trigger function to `PENTEST_ASM_TRIGGER_HIGH` as this trigger is more precise and adds less delay to the trigger window. Also remove the NOPs as the ASM trigger function already has those NOPs. Signed-off-by: Pascal Nasahl <[email protected]>
This commit extends the IbexFi tests such that the register file content is returned to to the host. Signed-off-by: Pascal Nasahl <[email protected]> Co-authored-by: Siemen Dhooghe <[email protected]>
This commit updates the IbexFi test vectors such that they are aligned with the latest changes from the last commit. Signed-off-by: Pascal Nasahl <[email protected]>
Previously, only the private key was generated by the ECDSA SCA test. Switch to full keypair to enhance the testing. Signed-off-by: Pascal Nasahl <[email protected]>
In the main FSM, there is an edge from ReadingLow to ReadingHigh which
is supposed to be taken when we pass the last word to KMAC.
Originally, it was encoded as this:
if (counter_lnt && kmac_rom_rdy_i && kmac_rom_vld_o) begin
state_d = ReadingHigh;
end
which means "if we are sending the last word (so counter_lnt is true)
and the transfer goes through (rdy & vld), then we should jump to the
ReadingHigh state.
We noticed that you never see it when kmac_rom_vld_o is false and
realised that this *can't* happen. The counter_lnt signal says that we
presented the last word to KMAC on the previous cycle (and the valid
signal was definitely high).
The code changed to
if (counter_lnt && kmac_rom_rdy_i) begin
state_d = ReadingHigh;
end
which is slightly simpler and (to make sure we didn't get it wrong),
we added the CounterLntImpliesKmacRomVldO_A assertion. These changes
happened in bbc658e.
Unfortunately, the assertion isn't necessarily true! This is because
it doesn't also assume we're in the ReadingLow state (the only time it
matters). Make the precondition more precise. It is now provable with
Jasper (and the assertion still covers the check we need).
Signed-off-by: Rupert Swarbrick <[email protected]>
It's now clearer that we're saying "we don't use the top bits, and we have an assertion that says they were zero anyway". Signed-off-by: Rupert Swarbrick <[email protected]>
This is analogous to b21d4d7, but catches the other equivalent security assertions in rom_ctrl. Signed-off-by: Rupert Swarbrick <[email protected]>
We're deriving from uvm_driver, which is derived from uvm_component and needs the corresponding "utils" macro. This was prompted by a lint warning from Verissimo. Amusingly, this isn't quite enough: the component utils then call the constructor with a parent argument, so the `uvm_object_new function isn't right! Expect the correct arguments. Signed-off-by: Rupert Swarbrick <[email protected]>
This feels slightly more clear than the code that was there before. I've also added some documentation comments and used `undef to avoid leaking the macros into other files. Signed-off-by: Rupert Swarbrick <[email protected]>
This was inspired by a lint warning from Verissimo about casting the return of the function to void. That was done because the function had a side-effect and could generate an error. But there aren't many call sites (two!), so we can easily move that behaviour to the call site, and this allows us to simplify/shorten things as well. (The diffstat on the commit doesn't look so great, but that's because we have three templated copies of the +5/-1 change in flash_ctrl_scoreboard.sv) Signed-off-by: Rupert Swarbrick <[email protected]>
Signed-off-by: Rupert Swarbrick <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
The script no longer builds the landing site. Also give the most often used command that locally serves the docs. Signed-off-by: James Wainwright <[email protected]>
Previously, each test only could return a single response which then was compared by the automatic testing framework. This commit enables tests to have multiple outputs. Signed-off-by: Pascal Nasahl <[email protected]>
This commit extends the init function of each SCA and FI test such that more information about the SKU config is returned to the host. Signed-off-by: Pascal Nasahl <[email protected]> Co-authored-by: Siemen Dhooghe <[email protected]>
This commit adds the ibex.char_combi test which consists of multiple sub-tests. Signed-off-by: Pascal Nasahl <[email protected]> Co-authored-by: Siemen Dhooghe <[email protected]>
This commit adds the ibex.sca.combi_operations_batch and ibex.sca.combi_operations_batch_fvsr command handlers. Signed-off-by: Pascal Nasahl <[email protected]> Co-authored-by: Siemen Dhooghe <[email protected]>
A new FI test for the Hardened macro with an extra unimp. Signed-off-by: Siemen Dhooghe <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: Rupert Swarbrick <[email protected]>
No functional change, but this avoids violating the Google C++ style guide (which OpenTitan has signed up to). Signed-off-by: Rupert Swarbrick <[email protected]>
Signed-off-by: Rupert Swarbrick <[email protected]>
… warning Signed-off-by: Antonio <[email protected]>
Get's rid of warning // *W,CVMMDG: Virtual method 'sram_ctrl_executable_vseq::req_mem_init' is missing default argument value present in base class 'sram_ctrl_base_vseq', so argument will be garbage if omitted. This will become an error in next release Signed-off-by: Antonio <[email protected]>
…arning Signed-off-by: Antonio <[email protected]>
…m warning Signed-off-by: Antonio <[email protected]>
Signed-off-by: Antonio Martinez Zambrana <[email protected]>
Signed-off-by: Antonio Martinez Zambrana <[email protected]>
…meterizable Signed-off-by: Antonio Martinez Zambrana <[email protected]>
…delines in docs Signed-off-by: Kat Fox <[email protected]>
Signed-off-by: Yogish Sekhar <[email protected]>
This reverts commit 52aa383. Signed-off-by: James Wainwright <[email protected]>
This partially reverts commit 7156d27. Signed-off-by: James Wainwright <[email protected]>
The [Technical Charter approved on 19 March 2025][1] removed the Project Director role. This commit removes mentions of that role from the RFC process document. [1]: https://static.opentitan.org/technical-charter.pdf Signed-off-by: Andreas Kurth <[email protected]>
RyanTorok
approved these changes
Jun 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Of special note is #23555 got merged this week.