Adapt software and emulator to new RTL

- Longer UDS -> 48 bytes to 64
- Longer keys in KV but less keys
- MLDSA bit in KV
- ready_for_fw -> ready_for_mb_processing
- SOC_IFC renaming
- AXI_ID -> AXI_USER

Signed-off-by: Arthur Heymans <arthur.heymans@9elements.com>

api/src/soc_mgr.rs

@@ -33,13 +33,13 @@ pub const NUM_PAUSERS: usize = 5;
 /// impl SocManager for RealSocManager {
 ///     /// Address of the mailbox, remapped for the SoC.
 ///     const SOC_MBOX_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_MBOX_ADDR);
-///     
+///
 ///     /// Address of the SoC interface, remapped for the SoC.
 ///     const SOC_IFC_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_IFC_ADDR);
-///     
+///
 ///     /// Address of the SoC TRNG interface, remapped for the SoC.
 ///     const SOC_IFC_TRNG_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_IFC_TRNG_ADDR);
-///     
+///
 ///     /// Address of the SHA-512 accelerator, remapped for the SoC.
 ///     const SOC_SHA512_ACC_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_SHA512_ACC_ADDR);
 ///
@@ -86,7 +86,7 @@ pub trait SocManager {
         for (idx, apb_pauser) in apb_pausers.iter().enumerate() {
             if self
                 .soc_ifc()
-                .cptra_mbox_axi_id_lock()
+                .cptra_mbox_axi_user_lock()
                 .at(idx)
                 .read()
                 .lock()
@@ -95,11 +95,11 @@ pub trait SocManager {
             }
 
             self.soc_ifc()
-                .cptra_mbox_valid_axi_id()
+                .cptra_mbox_valid_axi_user()
                 .at(idx)
                 .write(|_| *apb_pauser);
             self.soc_ifc()
-                .cptra_mbox_axi_id_lock()
+                .cptra_mbox_axi_user_lock()
                 .at(idx)
                 .write(|w| w.lock(true));
         }
@@ -126,11 +126,18 @@ pub trait SocManager {
         self.soc_ifc()
             .fuse_key_manifest_pk_hash()
             .write(&fuses.key_manifest_pk_hash);
+        self.soc_ifc().fuse_key_manifest_pk_hash_mask().write(&[
+            fuses.key_manifest_pk_hash_mask.into(),
+            0,
+            0,
+            0,
+            0,
+            0,
+            0,
+            0,
+        ]);
         self.soc_ifc()
-            .fuse_key_manifest_pk_hash_mask()
-            .write(|w| w.mask(fuses.key_manifest_pk_hash_mask.into()));
-        self.soc_ifc()
-            .fuse_owner_pk_hash()
+            .cptra_owner_pk_hash()
             .write(&fuses.owner_pk_hash);
         self.soc_ifc()
             .fuse_fmc_key_manifest_svn()
@@ -145,12 +152,6 @@ pub trait SocManager {
         self.soc_ifc()
             .fuse_idevid_manuf_hsm_id()
             .write(&fuses.idevid_manuf_hsm_id);
-        self.soc_ifc()
-            .fuse_life_cycle()
-            .write(|w| w.life_cycle(fuses.life_cycle.into()));
-        self.soc_ifc()
-            .fuse_lms_verify()
-            .write(|w| w.lms_verify(fuses.lms_verify));
         self.soc_ifc()
             .fuse_lms_revocation()
             .write(|_| fuses.fuse_lms_revocation);

api/types/src/lib.rs

@@ -6,9 +6,9 @@
 // * The constant should be easily recognizable in waveforms and debug logs
 // * Every word must be different to ensure that a "stuck word" bug is noticed.
 // * Each byte in a word must be unique to ensure an endianness bug is noticed.
-pub const DEFAULT_UDS_SEED: [u32; 12] = [
+pub const DEFAULT_UDS_SEED: [u32; 16] = [
     0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f, 0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f,
-    0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f,
+    0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f, 0x30313233, 0x34353637, 0x38393a3b, 0x3c3d3e3f,
 ];
 
 pub const DEFAULT_FIELD_ENTROPY: [u32; 8] = [
@@ -154,7 +154,7 @@ impl TryFrom<u32> for U4 {
 
 #[derive(Clone, Debug)]
 pub struct Fuses {
-    pub uds_seed: [u32; 12],
+    pub uds_seed: [u32; 16],
     pub field_entropy: [u32; 8],
     pub key_manifest_pk_hash: [u32; 12],
     pub key_manifest_pk_hash_mask: U4,

drivers/src/fuse_bank.rs

@@ -215,7 +215,7 @@ impl FuseBank<'_> {
     pub fn vendor_ecc_pub_key_revocation(&self) -> VendorPubKeyRevocation {
         let soc_ifc_regs = self.soc_ifc.regs();
         VendorPubKeyRevocation::from_bits_truncate(
-            soc_ifc_regs.fuse_key_manifest_pk_hash_mask().read().mask(),
+            soc_ifc_regs.fuse_key_manifest_pk_hash_mask().read()[0], // TODO how do index work
         )
     }
 
@@ -242,7 +242,7 @@ impl FuseBank<'_> {
     ///
     pub fn owner_pub_key_hash(&self) -> Array4x12 {
         let soc_ifc_regs = self.soc_ifc.regs();
-        Array4x12::read_from_reg(soc_ifc_regs.fuse_owner_pk_hash())
+        Array4x12::read_from_reg(soc_ifc_regs.cptra_owner_pk_hash())
     }
 
     /// Get the rollback disability setting.

drivers/src/key_vault.rs

@@ -44,14 +44,6 @@ pub enum KeyId {
     KeyId21 = 21,
     KeyId22 = 22,
     KeyId23 = 23,
-    KeyId24 = 24,
-    KeyId25 = 25,
-    KeyId26 = 26,
-    KeyId27 = 27,
-    KeyId28 = 28,
-    KeyId29 = 29,
-    KeyId30 = 30,
-    KeyId31 = 31,
 }
 
 impl TryFrom<u8> for KeyId {
@@ -82,14 +74,6 @@ impl TryFrom<u8> for KeyId {
             21 => Ok(Self::KeyId21),
             22 => Ok(Self::KeyId22),
             23 => Ok(Self::KeyId23),
-            24 => Ok(Self::KeyId24),
-            25 => Ok(Self::KeyId25),
-            26 => Ok(Self::KeyId26),
-            27 => Ok(Self::KeyId27),
-            28 => Ok(Self::KeyId28),
-            29 => Ok(Self::KeyId29),
-            30 => Ok(Self::KeyId30),
-            31 => Ok(Self::KeyId31),
             _ => Err(()),
         }
     }
@@ -127,8 +111,8 @@ bitfield! {
     /// Flag indicating if the key can be used as HMAC data
     pub hmac_data, set_hmac_data: 1;
 
-    /// Flag indicating if the key can be used as SHA data
-    pub sha_data, set_sha_data: 2;
+    /// Flag indicating if the key can be used as MLDSA seed
+    pub mldsa_seed, set_mldsa_seed: 2;
 
     /// Flag indicating if the key can be used aas ECC Private Key
     pub ecc_private_key, set_ecc_private_key: 3;
@@ -150,8 +134,8 @@ impl KeyUsage {
         self.set_hmac_data(true);
         *self
     }
-    pub fn set_sha_data_en(&mut self) -> KeyUsage {
-        self.set_sha_data(true);
+    pub fn set_mldsa_seed_en(&mut self) -> KeyUsage {
+        self.set_mldsa_seed(true);
         *self
     }
     pub fn set_ecc_private_key_en(&mut self) -> KeyUsage {
@@ -181,7 +165,7 @@ impl KeyVault {
     ///
     /// Note: The keys that have "use" or "write" lock set will not be erased
     pub fn erase_all_keys(&mut self) {
-        const KEY_IDS: [KeyId; 32] = [
+        const KEY_IDS: [KeyId; 24] = [
             KeyId::KeyId0,
             KeyId::KeyId1,
             KeyId::KeyId2,
@@ -206,14 +190,6 @@ impl KeyVault {
             KeyId::KeyId21,
             KeyId::KeyId22,
             KeyId::KeyId23,
-            KeyId::KeyId24,
-            KeyId::KeyId25,
-            KeyId::KeyId26,
-            KeyId::KeyId27,
-            KeyId::KeyId28,
-            KeyId::KeyId29,
-            KeyId::KeyId30,
-            KeyId::KeyId31,
         ];
 
         for id in KEY_IDS {

drivers/src/kv_access.rs

@@ -138,7 +138,7 @@ impl KvAccess {
                 .write_entry(key.id.into())
                 .hmac_key_dest_valid(key.usage.hmac_key())
                 .hmac_block_dest_valid(key.usage.hmac_data())
-                .sha_block_dest_valid(key.usage.sha_data())
+                .mldsa_seed_dest_valid(key.usage.mldsa_seed())
                 .ecc_pkey_dest_valid(key.usage.ecc_private_key())
                 .ecc_seed_dest_valid(key.usage.ecc_key_gen_seed())
         });

drivers/src/mailbox.rs

@@ -270,7 +270,7 @@ impl<'a> MailboxRecvPeek<'a> {
     /// Returns the value stored in the user register
     pub fn id(&self) -> u32 {
         let mbox = self.mbox.regs();
-        mbox.id().read()
+        mbox.user().read()
     }
 
     /// Returns the value stored in the data length register. This is the total

drivers/src/soc_ifc.rs

@@ -77,12 +77,12 @@ impl SocIfc {
 
     pub fn mbox_valid_pauser(&self) -> [u32; 5] {
         let soc_ifc_regs = self.soc_ifc.regs();
-        soc_ifc_regs.cptra_mbox_valid_axi_id().read()
+        soc_ifc_regs.cptra_mbox_valid_axi_user().read()
     }
 
     pub fn mbox_pauser_lock(&self) -> [bool; 5] {
         let soc_ifc_regs = self.soc_ifc.regs();
-        let pauser_lock = soc_ifc_regs.cptra_mbox_axi_id_lock();
+        let pauser_lock = soc_ifc_regs.cptra_mbox_axi_user_lock();
         [
             pauser_lock.at(0).read().lock(),
             pauser_lock.at(1).read().lock(),
@@ -119,24 +119,26 @@ impl SocIfc {
             .write(|w| w.idevid_csr_ready(true));
     }
 
-    /// Set ready for firmware
+    /// Set ready for Mailbox operations
     ///
     /// # Arguments
     ///
     /// * None
-    pub fn flow_status_set_ready_for_firmware(&mut self) {
+    pub fn flow_status_set_ready_for_mb_processing(&mut self) {
         let soc_ifc = self.soc_ifc.regs_mut();
-        soc_ifc.cptra_flow_status().write(|w| w.ready_for_fw(true));
+        soc_ifc
+            .cptra_flow_status()
+            .write(|w| w.ready_for_mb_processing(true));
     }
 
     /// Get 'ready for firmware' status
     ///
     /// # Arguments
     ///
     /// * None
-    pub fn flow_status_ready_for_firmware(&mut self) -> bool {
+    pub fn flow_status_ready_for_mb_processing(&mut self) -> bool {
         let soc_ifc = self.soc_ifc.regs_mut();
-        soc_ifc.cptra_flow_status().read().ready_for_fw()
+        soc_ifc.cptra_flow_status().read().ready_for_mb_processing()
     }
 
     pub fn fuse_bank(&self) -> FuseBank {

drivers/test-fw/src/bin/keyvault_tests.rs

@@ -20,7 +20,7 @@ use caliptra_registers::kv::KvReg;
 use caliptra_test_harness::test_suite;
 
 #[cfg(not(feature = "fpga_realtime"))]
-const KEY_IDS: [KeyId; 32] = [
+const KEY_IDS: [KeyId; 24] = [
     KeyId::KeyId0,
     KeyId::KeyId1,
     KeyId::KeyId2,
@@ -45,14 +45,6 @@ const KEY_IDS: [KeyId; 32] = [
     KeyId::KeyId21,
     KeyId::KeyId22,
     KeyId::KeyId23,
-    KeyId::KeyId24,
-    KeyId::KeyId25,
-    KeyId::KeyId26,
-    KeyId::KeyId27,
-    KeyId::KeyId28,
-    KeyId::KeyId29,
-    KeyId::KeyId30,
-    KeyId::KeyId31,
 ];
 
 #[cfg(feature = "fpga_realtime")]

drivers/test-fw/src/bin/mldsa87_tests.rs

@@ -392,6 +392,8 @@ const MESSAGE: [u8; 64] = [
     186,
 ];
 
+const KEY_ID: KeyId = KeyId::KeyId1;
+
 fn test_gen_key_pair() {
     let mut trng = unsafe {
         Trng::new(
@@ -411,8 +413,8 @@ fn test_gen_key_pair() {
 
     let mut hmac = unsafe { Hmac::new(HmacReg::new()) };
     let key_out_1 = KeyWriteArgs {
-        id: KeyId::KeyId0,
-        usage: KeyUsage::default().set_ecc_key_gen_seed_en(),
+        id: KEY_ID,
+        usage: KeyUsage::default().set_mldsa_seed_en(),
     };
 
     hmac.hmac(
@@ -424,7 +426,7 @@ fn test_gen_key_pair() {
     )
     .unwrap();
 
-    let seed = KeyReadArgs::new(KeyId::KeyId0);
+    let seed = KeyReadArgs::new(KEY_ID);
     let public_key = ml_dsa87.key_pair(&seed, &mut trng).unwrap();
     assert_eq!(public_key, Mldsa87PubKey::from(PUBKEY));
 }
@@ -443,7 +445,7 @@ fn test_sign() {
     };
 
     let sign_rnd = Mldsa87SignRnd::default(); // Deterministic signing
-    let seed = KeyReadArgs::new(KeyId::KeyId0); // Reuse SEED
+    let seed = KeyReadArgs::new(KEY_ID); // Reuse SEED
 
     let signature = ml_dsa87
         .sign(

drivers/test-fw/src/bin/status_reporter_tests.rs

@@ -40,9 +40,13 @@ fn test_report_idevid_csr_ready() {
 
 fn test_report_ready_for_firmware() {
     let soc_ifc = unsafe { SocIfcReg::new() };
-    SocIfc::new(soc_ifc).flow_status_set_ready_for_firmware();
+    SocIfc::new(soc_ifc).flow_status_set_ready_for_mb_processing();
     let soc_ifc = unsafe { SocIfcReg::new() };
-    assert!(soc_ifc.regs().cptra_flow_status().read().ready_for_fw());
+    assert!(soc_ifc
+        .regs()
+        .cptra_flow_status()
+        .read()
+        .ready_for_mb_processing());
 }
 
 test_suite! {

drivers/tests/drivers_integration_tests/main.rs

@@ -91,13 +91,13 @@ impl DoeTestVectors {
         };
 
         result.expected_test_results.hmac_uds_as_key_out_pub = ecdsa_keygen(&hmac384(
-            swap_word_bytes(&result.doe_output.uds).as_bytes(),
+            swap_word_bytes(&result.doe_output.uds[..12]).as_bytes(),
             "Hello world!".as_bytes(),
         ));
 
         result.expected_test_results.hmac_uds_as_data_out_pub = ecdsa_keygen(&hmac384(
             swap_word_bytes(&caliptra_drivers_test_bin::DOE_TEST_HMAC_KEY).as_bytes(),
-            swap_word_bytes(&result.doe_output.uds).as_bytes(),
+            swap_word_bytes(&result.doe_output.uds[..12]).as_bytes(),
         ));
 
         result
@@ -122,7 +122,8 @@ const DOE_TEST_VECTORS_DEBUG_MODE: DoeTestVectors = DoeTestVectors {
         // The decrypted UDS as stored in the key vault
         uds: [
             0x34aa667c, 0x0a52c71f, 0x977a1de2, 0x701ef611, 0x0de19e21, 0x24b49b9d, 0xdf205ff6,
-            0xa9c04303, 0x0de19e21, 0x24b49b9d, 0xdf205ff6, 0xa9c04303,
+            0xa9c04303, 0x0de19e21, 0x24b49b9d, 0xdf205ff6, 0xa9c04303, 0xde19e21, 0x24b49b9d,
+            0xdf205ff6, 0xa9c04303,
         ],
 
         // The decrypted field entropy as stored in the key vault (with padding)
@@ -196,7 +197,7 @@ fn test_generate_doe_vectors_when_debug_not_locked() {
 
         doe_iv: caliptra_drivers_test_bin::DOE_TEST_IV,
 
-        uds_seed: [0xffff_ffff_u32; 12],
+        uds_seed: [0xffff_ffff_u32; 16],
         field_entropy_seed: [0xffff_ffff_u32; 8],
 
         // In debug mode, this defaults to 0xaaaa_aaaa
@@ -232,7 +233,8 @@ const DOE_TEST_VECTORS: DoeTestVectors = DoeTestVectors {
     doe_output: DoeOutput {
         uds: [
             0x0b21f10f, 0x6963005e, 0x4884d93f, 0x1f91037a, 0x2d37ffe0, 0x3727b5e8, 0xb78b9608,
-            0x7e0e58d2, 0x420ce5ae, 0x4b1f04f8, 0x33b7af81, 0x72156bd8,
+            0x7e0e58d2, 0x420ce5ae, 0x4b1f04f8, 0x33b7af81, 0x72156bd8, 0xf55d652c, 0xfbdb1831,
+            0x58517e56, 0xfe1eab2f,
         ],
         field_entropy: [
             0x3d75d35e, 0xbc44a31e, 0xad27aee5, 0x75cdd170, 0xe51dcaf4, 0x09c096ae, 0xa70ff448,

hw-model/c-binding/examples/api/caliptra_api.c

@@ -22,14 +22,13 @@ int caliptra_init_fuses(struct caliptra_model *model, struct caliptra_fuses *fus
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_UDS_SEED_0, fuses->uds_seed, CALIPTRA_ARRAY_SIZE(fuses->uds_seed));
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_FIELD_ENTROPY_0, fuses->field_entropy, CALIPTRA_ARRAY_SIZE(fuses->field_entropy));
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_0, fuses->key_manifest_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->key_manifest_pk_hash));
-    caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK, fuses->key_manifest_pk_hash_mask);
-    caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash));
+    caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK_0, fuses->key_manifest_pk_hash_mask);
+    caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_CPTRA_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash));
     caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_FMC_KEY_MANIFEST_SVN, fuses->fmc_key_manifest_svn);
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_FMC_KEY_MANIFEST_SVN, fuses->runtime_svn, CALIPTRA_ARRAY_SIZE(fuses->runtime_svn));
     caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_ANTI_ROLLBACK_DISABLE, (uint32_t)fuses->anti_rollback_disable);
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_IDEVID_CERT_ATTR_0, fuses->idevid_cert_attr, CALIPTRA_ARRAY_SIZE(fuses->idevid_cert_attr));
     caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_IDEVID_MANUF_HSM_ID_0, fuses->idevid_manuf_hsm_id, CALIPTRA_ARRAY_SIZE(fuses->idevid_manuf_hsm_id));
-    caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_LIFE_CYCLE, (uint32_t)fuses->life_cycle);
 
     // Write to Caliptra Fuse Done
     caliptra_model_axi_write_u32(model, CALIPTRA_TOP_REG_GENERIC_AND_FUSE_REG_CPTRA_FUSE_WR_DONE, 1);