[ot] hw/opentitan: ot_random_src: rework interface and implementation

Get rid of the generation identifier. This mechanism had initially be implemented to verify
early EarlGrey entropy source constraint, quoting:

  "CSRNG may only be enabled if ENTROPY_SRC is enabled.
   Once disabled, CSRNG may only be re-enabled after ENTROPY_SRC has been disabled and
   re-enabled."

This constraint has been removed in recent EarlGrey implementations while Darjeeling
implementation did not follow this constraint, as it did not make use of the entropy source
IP.

Generation number is therefore removed; get_random_generation API is no longer needed, neither
is the genid argument of get_random_values. Error management can be simplified accordingly.

Signed-off-by: Emmanuel Blot <eblot@rivosinc.com>

Author: rivos-eblot

hw/opentitan/ot_ast_dj.c

@@ -1,7 +1,7 @@
 /*
  * QEMU OpenTitan Darjeeling Analog Sensor Top device
  *
- * Copyright (c) 2023-2024 Rivos, Inc.
+ * Copyright (c) 2023-2025 Rivos, Inc.
  *
  * Author(s):
  *  Emmanuel Blot <eblot@rivosinc.com>
@@ -152,26 +152,12 @@ struct OtASTDjState {
 /* Private implementation */
 /* -------------------------------------------------------------------------- */
 
-static int ot_ast_dj_get_generation(OtRandomSrcIf *dev)
-{
-    (void)dev;
-
-    return -1;
-}
-
-static int ot_ast_dj_get_random(OtRandomSrcIf *dev, int genid,
-                                uint64_t random[OT_RANDOM_SRC_DWORD_COUNT],
-                                bool *fips)
+static int ot_ast_dj_get_random(
+    OtRandomSrcIf *dev, uint64_t random[OT_RANDOM_SRC_DWORD_COUNT], bool *fips)
 {
     OtASTDjState *s = OT_AST_DJ(dev);
     OtASTDjRandom *rnd = &s->random;
 
-    if (genid != -1) {
-        qemu_log_mask(LOG_GUEST_ERROR, "%s: AST gennum mismatch req:%d\n",
-                      __func__, genid);
-        return -2;
-    }
-
     if (!rnd->avail) {
         /* not ready */
         trace_ot_ast_no_entropy(0);
@@ -441,7 +427,6 @@ static void ot_ast_dj_class_init(ObjectClass *klass, void *data)
     set_bit(DEVICE_CATEGORY_MISC, dc->categories);
 
     OtRandomSrcIfClass *rdc = OT_RANDOM_SRC_IF_CLASS(klass);
-    rdc->get_random_generation = &ot_ast_dj_get_generation;
     rdc->get_random_values = &ot_ast_dj_get_random;
 }
 

hw/opentitan/ot_csrng.c

@@ -343,12 +343,10 @@ struct OtCSRNGState {
     bool enabled;
     bool sw_app_granted;
     bool read_int_granted;
-    bool es_available; /* guest warning if entropy power cycling is invalid */
     uint32_t scheduled_cmd;
     unsigned entropy_delay;
     unsigned es_retry_count;
     unsigned state_db_ix;
-    int entropy_gennum;
     int aes_cipher; /* AES handle for tomcrypt */
     OtCSRNGFsmState state;
     OtCSRNGInstance *instances;
@@ -777,18 +775,6 @@ ot_csrng_drng_reseed(OtCSRNGInstance *inst, DeviceState *rand_dev, bool flag0)
     drng->seeded = false;
 
     if (!flag0) {
-        if (!s->es_available) {
-            qemu_log_mask(LOG_GUEST_ERROR,
-                          "%s: Requesting entropy w/o power cycling ES\n",
-                          __func__);
-            /*
-             * Continue anyway as it seems HW does not enforce what is
-             * documented. Force the flag so the warning message is only
-             * shown once (it does not serve any other purpose).
-             */
-            s->es_available = true;
-        }
-
         uint64_t buffer[OT_RANDOM_SRC_DWORD_COUNT];
         memset(buffer, 0, sizeof(buffer));
         unsigned len = drng->material_len * sizeof(uint32_t);
@@ -798,20 +784,21 @@ ot_csrng_drng_reseed(OtCSRNGInstance *inst, DeviceState *rand_dev, bool flag0)
         uint64_t entropy[OT_RANDOM_SRC_DWORD_COUNT];
         int res;
         bool fips;
-        trace_ot_csrng_request_entropy(slot, s->entropy_gennum);
+        trace_ot_csrng_request_entropy(slot);
         OtRandomSrcIfClass *cls = OT_RANDOM_SRC_IF_GET_CLASS(rand_dev);
         OtRandomSrcIf *randif = OT_RANDOM_SRC_IF(rand_dev);
-        res = cls->get_random_values(randif, s->entropy_gennum, entropy, &fips);
-        if (res) {
+        res = cls->get_random_values(randif, entropy, &fips);
+
+        if (res < 0) {
+            s->entropy_delay = 0;
+            trace_ot_csrng_entropy_rejected(slot, "error", res);
+            return CSRNG_CMD_STALLED;
+        }
+
+        if (res > 0) {
             s->entropy_delay = (res > 1) ? (unsigned)res : 0;
-            trace_ot_csrng_entropy_rejected(slot,
-                                            res < 0 ? (res == -2 ? "stalled" :
-                                                                   "error") :
-                                                      "not ready",
-                                            res);
-            return res < 0 ? (res == -2 ? CSRNG_CMD_STALLED :
-                                          CSRNG_CMD_RESEED_CNT_EXCEEDED) :
-                             CSRNG_CMD_RETRY;
+            trace_ot_csrng_entropy_rejected(slot, "not ready", res);
+            return CSRNG_CMD_RETRY;
         }
 
         /* always perform XOR which is a no-op if material_len is zero */
@@ -987,39 +974,11 @@ static void ot_csrng_release_hw_app(OtCSRNGInstance *inst)
 
 static void ot_csrng_handle_enable(OtCSRNGState *s)
 {
-    /*
-     * As per EarlGrey 2.5.2-rc0:
-     * "CSRNG may only be enabled if ENTROPY_SRC is enabled. CSRNG may only be
-     *  disabled if all EDNs are disabled. Once disabled, CSRNG may only be
-     *  re-enabled after ENTROPY_SRC has been disabled and re-enabled."
-     */
-    OtRandomSrcIfClass *cls = OT_RANDOM_SRC_IF_GET_CLASS(s->random_src);
-    OtRandomSrcIf *randif = OT_RANDOM_SRC_IF(s->random_src);
-
     if (ot_csrng_is_ctrl_enabled(s)) {
         xtrace_ot_csrng_info("enabling CSRNG", 0);
-        int gennum = cls->get_random_generation(randif);
-        if (gennum >= 0) {
-            /*
-             * however it is not re-enabling CSRNG w/o cycling the entropy_src
-             * that is prohibited, but to request entropy from it. The check is
-             * therefore deferred to the reseed handling which makes use of the
-             * entropy_src only if flag0 is not set.
-             */
-            s->es_available = gennum > s->entropy_gennum;
-            xtrace_ot_csrng_info("enable: new ES generation", gennum);
-        } else {
-            /*
-             * tracking enablement/disablement order is not supported by the
-             * entropy source (such as on Darjeeling)
-             */
-            s->es_available = true;
-            xtrace_ot_csrng_info("enable: no ES gen tracking", gennum);
-        }
         s->enabled = true;
         s->regs[R_SW_CMD_STS] |= R_SW_CMD_STS_CMD_RDY_MASK;
         s->es_retry_count = ENTROPY_SRC_INITIAL_REQUEST_COUNT;
-        s->entropy_gennum = gennum;
     }
 
     if (ot_csrng_is_ctrl_disabled(s)) {
@@ -1040,8 +999,6 @@ static void ot_csrng_handle_enable(OtCSRNGState *s)
         s->enabled = false;
         s->regs[R_SW_CMD_STS] &= ~R_SW_CMD_STS_CMD_RDY_MASK;
         s->es_retry_count = 0;
-        s->entropy_gennum = cls->get_random_generation(randif);
-        xtrace_ot_csrng_info("disable: last RS generation", s->entropy_gennum);
 
         /* cancel any outstanding asynchronous request */
         qemu_bh_cancel(s->cmd_scheduler);
@@ -2024,8 +1981,6 @@ static void ot_csrng_reset(DeviceState *dev)
     s->regs[R_INT_STATE_READ_ENABLE] = 0x7u;
     s->regs[R_MAIN_SM_STATE] = 0x4eu;
     s->enabled = false;
-    s->es_available = false;
-    s->entropy_gennum = 0;
     s->sw_app_granted = false;
     s->read_int_granted = false;
     s->es_retry_count = 0;

hw/opentitan/ot_entropy_src.c

@@ -473,23 +473,14 @@ static void ot_entropy_src_reset(DeviceState *dev);
 static void ot_entropy_src_update_alerts(OtEntropySrcState *s);
 static void ot_entropy_src_update_filler(OtEntropySrcState *s);
 
-static int ot_entropy_src_get_generation(OtRandomSrcIf *dev)
+static int ot_entropy_src_get_random(
+    OtRandomSrcIf *dev, uint64_t random[OT_RANDOM_SRC_DWORD_COUNT], bool *fips)
 {
     OtEntropySrcState *s = OT_ENTROPY_SRC(dev);
 
-    return ot_entropy_src_is_module_enabled(s) ? -1 : 0;
-}
-
-static int ot_entropy_src_get_random(OtRandomSrcIf *dev, int genid,
-                                     uint64_t random[OT_RANDOM_SRC_DWORD_COUNT],
-                                     bool *fips)
-{
-    OtEntropySrcState *s = OT_ENTROPY_SRC(dev);
-    (void)genid; /* accept any generation identifier */
-
     if (!ot_entropy_src_is_module_enabled(s)) {
         qemu_log_mask(LOG_GUEST_ERROR, "%s: entropy_src is down\n", __func__);
-        return -2;
+        return -1;
     }
 
     bool fips_compliant;
@@ -1653,7 +1644,6 @@ static void ot_entropy_src_class_init(ObjectClass *klass, void *data)
     set_bit(DEVICE_CATEGORY_MISC, dc->categories);
 
     OtRandomSrcIfClass *rdc = OT_RANDOM_SRC_IF_CLASS(klass);
-    rdc->get_random_generation = &ot_entropy_src_get_generation;
     rdc->get_random_values = &ot_entropy_src_get_random;
 }
 

hw/opentitan/trace-events

@@ -83,7 +83,7 @@ ot_csrng_irqs(uint32_t active, uint32_t mask, uint32_t eff) "act:0x%08x msk:0x%0
 ot_csrng_push_command(unsigned slot, const char *cmd, unsigned acmd, char code, unsigned len) "#%u: %s(%u) %clen: %u"
 ot_csrng_read_state_db(unsigned slot, unsigned pos, uint32_t val) "#%u [%u] = 0x%08x"
 ot_csrng_reject_command(unsigned slot, uint32_t command, int res) "#%u: cmd: 0x%08x res: %d"
-ot_csrng_request_entropy(unsigned slot, int gen) "#%u gen %d"
+ot_csrng_request_entropy(unsigned slot) "#%u"
 ot_csrng_reset(void) ""
 ot_csrng_retry_es_init(unsigned retry_count) "rescheduling initial ES request: %u to go"
 ot_csrng_schedule(unsigned slot, const char *kind) "#%u: %s"

include/hw/opentitan/ot_random_src.h

@@ -1,7 +1,9 @@
 /*
  * QEMU OpenTitan Random Source interface
  *
- * Copyright (c) 2023 Rivos, Inc.
+ * Copyright (c) 2023-2024 Rivos, Inc.
+ * Copyright (c) 2025 lowRISC contributors.
+ *
  *
  * Author(s):
  *  Emmanuel Blot <eblot@rivosinc.com>
@@ -48,39 +50,20 @@ typedef struct OtRandomSrcIf OtRandomSrcIf;
 struct OtRandomSrcIfClass {
     InterfaceClass parent_class;
 
-    /*
-     * Tell whether the random source is available, i.e. whether the random
-     * source module has been enabled.
-     *
-     * @dev the random source instance
-     * @return 0 if the random_src is disabled, otherwise:
-     *   * a positive, monotonic increase generation number which indicates the
-     *     number of time the random_src has been cycled (enabled from a
-     *     disable state). This generation identifier should be passed on any
-     *     subsequent #get_random_values request, or
-     *   * a negative number, which indicates that the random source is enabled,
-     *     but the generation number should be simply ignored.
-     */
-    int (*get_random_generation)(OtRandomSrcIf *dev);
-
     /*
      * Fill up a buffer with random values
      *
      * @dev the random source instance
-     * @genid the generation identifier, from #get_random_generation
      * @random the buffer to fill in with random data
      * @fips on success, updated to @true if random data are FIPS-compliant
      * @return 0 on success,
-     *         >=1 if the source is initializing, if >1, indicates the hint on
-     *         how many ns to wait before retrying,
+     *         >=1 if the random source is still initializing or not enough
+     *           entropy is available to fill the output buffer;
+     *           if >1, indicates a hint on how many ns to wait before retrying,
      *         -1 if the random source is not available, i.e. if the module is
      *          not enabled or if the selected route is not the HW one,
-     *         -2 if the generation ID does not match and execution cannot
-     *          process any further, 1 if the random source is still
-     *          initializing or not enough entropy is available to fill the
-     *          output buffer.
      */
-    int (*get_random_values)(OtRandomSrcIf *dev, int genid,
+    int (*get_random_values)(OtRandomSrcIf *dev,
                              uint64_t random[OT_RANDOM_SRC_DWORD_COUNT],
                              bool *fips);
 };