Pre-silicon secure ASIC development based on OpenTitan in Renode
Published:
Topics: Open source tools, Open networking
OpenTitan is a community-driven open source Root of Trust project that provides secure, tested, and transparent building blocks and infrastructure for designing and implementing trusted computing systems. On the basic level, OpenTitan offers a reference Root of Trust SoC design that includes a set of security features and peripherals like a NIST SP 800-90B compliant entropy source or a CSRNG, which can be customized to meet your project’s security requirements.
Support for OpenTitan in Renode was added related to the project’s use in downstream ASIC projects, enabling the testing and validation of OpenTitan SoC variants before they are physically manufactured. Renode’s pre-silicon simulation capabilities for RISC-V platforms like OpenTitan allows users to make the right architectural decisions in their SoC development, as well as develop software so that it’s ready for when their chip hits the market.
Antmicro introduced initial support for OpenTitan in Renode back in 2020 and has been improving it ever since. Many improvements introduced to the OpenTitan platform in Renode 1.13.3 were discussed at the 2022 RISC-V Summit during Antmicro and Google’s presentation on System Co-development for RISC-V Based Secure ML Systems with the Sparrow Project and Renode, but the complete scope of the support for the OpenTitan platform in Renode was never described in detail, which this note will seek to remedy.
Renode for security-first SoCs
The Renode framework allows you to build complex System-on-Chips from a wide range of building blocks, such as CPUs of different architectures - such as ARM and RISC-V - and various communication buses and interfaces. Renode’s goal is to enable running unmodified software to test in real-world applications. For the secure ASIC designs based on OpenTitan we have been working with, this typically means supporting a wide array of peripherals, including multiple security and cryptography modules. Fortunately, Renode makes supporting even complex SoCs simple thanks to great prototyping capabilities and easy extensibility, which was further improved in the course of working with OpenTitan SoC models.
The Renode OpenTitan support targets the standard OpenTitan variant called Earl Grey, a low-power secure microcontroller design aimed at use cases like Platform Integrity Modules or Trusted Platform Modules. For custom needs, however, Renode can easily generate other configurations involving a subset or remix of the available blocks - while in real RTL, this can sometimes be a pretty involved process, in Renode it’s just a matter of changing a few lines of configuration, as we will showcase below.
Comprehensive simulation of OpenTitan
The OpenTitan Earl Grey Renode platform is a pretty interesting platform definition which includes custom building blocks such as KMAC, CSRNG or the OpenTitan Big Number Accelerator (OTBN) to simulate all of its cryptographic features. It is one of the more complex platforms available in Renode and includes the following peripherals:
- Ibex RISC-V Core
- OTBN
- Flash Controller
- UART
- I2C
- SPI host
- GPIO
- AES
- Key Manager
- CSRNG
- HMAC
- KMAC
- RV timer
- Timer AON
- Reset Manager AON
- OTP Controller
- Life Cycle Controller
- PLIC
- Entropy Source
- Alert handler
- System Reset Controller
- Clock Manager
OpenTitan Big Number Accelerator
The otbn
entry in that platform file for the OpenTitan platform instantiates the eponymous hardware accelerator, which deserves particular mention. OTBN is a pretty advanced hardware accelerator for operations on large numbers (up to 256 bit wide), which is very useful as OpenTitan uses asymmetric cryptography extensively.
To ensure the highest possible level of security for the computations, OTBN contains a completely self-contained core that can only access the main system bus through dedicated memories, making it the first core ever simulated in Renode not directly connected to the bus. Building OTBN in Renode also meant working around the specification of the Harvard architecture, such as having a separate data path for data and instructions, where both memory types share the same address space, often resulting in partial or full address overlap. We solved this problem by adding an external MMU block to the core to increase the solution’s flexibility and make the integration with the rest of the framework easier.
The core used in the OTBN peripheral was built on top of the existing Renode RISC-V implementation, and all its dedicated instructions and registers were added in C# code using an existing API. Building a realistic simulation model required changes in the behavior of the x1 register, a general-purpose register in RISC-V, which is implemented as a stack in OTBN. This feature was implemented using one of many Renode’s hook subsystems, which can be programmed with C# or Python to code a custom behavior for non-standard processing units. Hooks can also be used to mock custom designs, allowing you to use Python or C# to streamline the development of your project.
Another unique peripheral you can find in the OpenTitan Renode implementation is the Cryptographically Secure Random Number Generator (CSRNG) peripheral responsible for both deterministic (DRNG) and true random number generation (TRNG) in the platform. It is connected to the Entropy Source, an external physical random noise generator which, as a physical peripheral, outputs numbers based on the instability of the environment’s physical parameters that cannot be objectively predicted, e.g., temperature fluctuations. On a simulated platform, number generation is obviously pseudorandom with several available modes. It can always return a fixed value, use Renode’s built-in PseudorandomNumberGenerator for fully deterministic and repeatable output, or even use a C# Bouncy Castle Crypto package to produce a NIST SP 800-90A compliant series of values to pass the KAT (known answer test).
Renode for prototyping and multiple configurations
When working with prototype hardware, accurate simulation is a moving target, as the platform itself can undergo many changes before its final release. In the case of the OpenTitan project, we wanted to support two slightly different target platforms in Renode:
- device_sim_dv used for formal verification
- device_fpga_cw310 used to run it on an FPGA board.
While the differences between the two are minor, they change the clock configuration, making it impossible to test timer-based peripherals such as AonTimer. To address this, we have introduced a minimalist platform overlay, which overwrites necessary parameters of the original platform to accommodate these changes.
Building such an overlay platform allows you to work with multiple configurations of the same hardware and quickly switch between them with a single line of code, depending on your current needs. It requires no changes to the platform itself, just a list of parameters you want to add or overwrite, e.g.:
using "platforms/cpus/opentitan-earlgrey.repl"
cpu0:
PerformanceInMips: 10
rv_timer:
frequency: 2500000
timer_aon:
frequency: 250000
Of course it is very easy to create custom OpenTitan variants as needed for your own use case, making Renode a great tool for pre-silicon prototyping of OpenTitan based SoCs, as well as post-silicon testing of software. Renode’s usage in security applications is quite widespread, and its deterministic testing of binary-compatible software as well as rapid prototyping capabilities and flexibility, are some of the major reasons for its success in this space.
Develop secure solutions with Antmicro
Renode is a highly modular, scriptable framework that allows you to simulate your target hardware at any stage of its development, including pre-silicon and prototyping. Its modular structure lets you develop complex simulation platforms using interchangeable components in multiple configurations for a faster development cycle.
Antmicro offers comprehensive engineering support for ASIC design and development, prototyping, and much more. We can help build your next secure SoC platform based on OpenTitan or other RISC-V implementations and I/O blocks, with an open-source centric and vendor-neutral approach. If you are interested in commercial help in building pre-silicon development and verification flows, HW/SW co-development, or CI-based testing for your next project, please reach out to us at contact@antmicro.com.