SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Last Update: 2024/07/02
OS:
- Build instructions assume a Linux environment
Lint:
- Synopsys Spyglass
Version S-2021.09-1
- Real Intent AscentLint
Version 2019.A.p15 for RHEL 6.0-64, Rev 116515, Built On 12/18/2020
Simulation:
- Synopsys VCS with Verdi
Version R-2020.12-SP2-7_Full64
- Verilator
Version 5.012
- Mentor Graphics QVIP
Version 2021.2.1
of AHB/APB models
- UVM installation
Version 1.1d
- Mentor Graphics UVM-Frameworks
2022.3
Synthesis:
- Synopsys Fusion Compiler
Version 2022.12-SP3
GCC:
- RISCV Toolchain for generating memory initialization files
Version 2023.04.29
riscv64-unknown-elf-gcc (g) 12.2.0
- G++ Used to compile Verilator objects and test firmware
g++ (GCC) 11.2.0
CDC:
- Questa CDC
2023.3 5624840 linux_x86_64 19-Jul-2023
RDC:
- Real Intent Meridian
2019.A.P16
RDL Compiler:
- systemrdl-compiler==1.27.3
- peakrdl-systemrdl==0.3.0
- peakrdl-regblock==0.21.0
- peakrdl-uvm==2.3.0
- peakrdl-ipxact==3.4.3
- peakrdl-html==2.10.1
- peakrdl-cheader==1.0.0
- peakrdl==1.1.0
Other:
- Playbook (Microsoft Internal workflow management tool)
There is significant configurability when installing the RISCV toolchain. These instructions may be used to create a RISCV installation that will be compatible with the provided Makefile for compiling test C programs.
- Install from this repository:
- https://github.com/riscv-collab/riscv-gnu-toolchain
- Follow the included README in that repository for installation instructions
- The most recently tested toolchain build that was confirmed to work was 2023-04-29
- A compatible tool installation requires newlib cross-compiler, multilib support, and the zicsr/zifencei extensions. Use this configure command:
./configure --enable-multilib --prefix=/path/to/tools/riscv-gnu/2023.04.29 --with-multilib-generator="rv32imc-ilp32--a*zicsr*zifencei"
- Use
make
instead ofmake linux
to install the tool (using newlib option)
Required for simulation:
CALIPTRA_WORKSPACE
: Defines the absolute path to the directory where the Verilator "scratch" output directory will be created. Recommended to define as the absolute path to the directory that contains the Project repository root (called "Caliptra" or "caliptra-rtl")
CALIPTRA_ROOT
: Defines the absolute path to the Project repository root (called "Caliptra" or "caliptra-rtl"). Recommended to define as ${CALIPTRA_WORKSPACE}/caliptra-rtl
.
Required for Firmware (i.e. Test suites) makefile:
TESTNAME
: Contains the name of one of the tests listed inside the src/integration/test_suites
folder; only used for caliptra_top_tb
tests
caliptra-rtl
|-- LICENSE
|-- README.md
|-- Release_Notes.md
|-- SECURITY.md
|-- docs
| |-- CaliptraHardwareSpecification.md
| |-- CaliptraIntegrationSpecification.md
| |-- CaliptraReleaseChecklist.md
| |-- Caliptra_TestPlan.xlsx
| `-- images
|-- src
| |-- aes
| |-- ahb_lite_bus
| |-- caliptra_prim
| |-- caliptra_prim_generic
| |-- csrng
| |-- datavault
| |-- doe
| |-- ecc
| |-- edn
| |-- entropy_src
| |-- hmac
| |-- hmac_drbg
| |-- integration
| |-- keyvault
| |-- kmac
| |-- lc_ctrl
| |-- libs
| |-- pcrvault
| |-- riscv_core
| |-- sha256
| |-- sha512
| |-- sha512_masked
| |-- soc_ifc
| |-- spi_host
| `-- uart
`-- tools
|-- README
|-- scripts
`-- templates
The root of the repository is structured as shown above, to a depth of 2 layers.
Each sub-component is accompanied by a file list summary (located in src//config/.vf) that comprises all the filenames required to compile the component, and an optional testbench filelist for unit-level simulation.
VF files provide absolute filepaths (prefixed by the CALIPTRA_ROOT
environment variable) to each compile target for the associated component.
The "Integration" sub-component contains the top-level fileset for Caliptra. src/integration/config/compile.yml
defines the required filesets and sub-component dependencies for this build target. All of the files/dependencies are explicitly listed in src/integration/config/caliptra_top_tb.vf
. Users may compile the entire design using only this VF filelist.
Verilog file lists are generated via VCS and included in the config directory for each unit. New files added to the design must be included in the vf list. They can be included manually or by using VCS to regenerate the vf file. File lists define the compilation sources (including all dependencies) required to build and simulate a given module or testbench, and should be used by integrators for simulation, lint, and synthesis.
demo.rdl
:Sample RDL file
Makefile
: Makefile to generate SRAM initialization files from test firmware and to run Verilator simulation
reg_gen.py
: Used to compile/export RDL files to register source code
reg_gen.sh
: Wrapper used to call reg_gen.py
for all IP cores in Caliptra
reg_doc_gen.py
: Used to compile/export top-level RDL address map to register source code, defining complete Caliptra address space, and produces HTML documentation
reg_doc_gen.sh
: Wrapper to invoke reg_doc_gen.py
reg_json.py
:Used to import JSON register definition from OpenTitan and generate SystemRDL model
rdl_post_process.py
: Post-processing functionality to make RDL generated SystemVerilog files compatible with lint/Verilator requirements
run_verilator_l0_regression.py
: Wrapper to run the L0 smoke test regression suite using the Makefile flow in Verilator
integration_vector_gen.py
: Generates test vectors for crypto core tests
veer_build_command.sh
: Shell script used to generate the VeeR-EL2 repository present in src/riscv_core/veer_el2
openocd
: Open-Source FW debug utility used for JTAG testing in automated workflows
- Setup tools, add to PATH (ensure RISC-V toolchain is also available)
- Define all environment variables above
- For the initial test run after downloading repository,
iccm_lock
is recommended for TESTNAME - See Regression Tests for information about available tests
- For the initial test run after downloading repository,
- Create a run folder for build outputs (and cd to it)
- Either use the provided Makefile or execute each of the following steps manually to run VCS simulations
- Makefile usage:
- Example command:
make -C <path/to/run/folder> -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=${TESTNAME} vcs
- NOTE:
TESTNAME=${TESTNAME}
is optional; if not provided, test defaults to value of TESTNAME environment variable, then toiccm_lock
- NOTE: Users may wish to produce a run log by piping the make command to a tee command, e.g.:
make ... <args> ... | tee <path/to/run/folder>/vcs.log
- NOTE: The following macro values may be overridden to define the hardware configuration that is built. Default values in the Makefile are shown with each macro:
- CALIPTRA_INTERNAL_QSPI=1
- CALIPTRA_INTERNAL_UART=1
- CALIPTRA_INTERNAL_I3C=0
- CALIPTRA_INTERNAL_TRNG=1
- E.g.
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile CALIPTRA_INTERNAL_QSPI=0 CALIPTRA_INTERNAL_UART=0 CALIPTRA_INTERNAL_I3C=0 CALIPTRA_INTERNAL_TRNG=1 vcs
- Example command:
- Remaining steps describe how to manually run the individual steps for a VCS simulation
- [OPTIONAL] By default, this run flow will use the RISC-V toolchain to compile test firmware (according to TESTNAME) into program.hex, iccm.hex, dccm.hex, and mailbox.hex. As a first pass, integrators may alternatively use the pre-built hexfiles for convenience (available for iccm_lock test). To do this, copy iccm_lock.hex to the run directory and rename to
program.hex
. dccm.hex should also be copied to the run directory, as-is. Usetouch iccm.hex mailbox.hex
to create empty hex files, as these are unnecessary foriccm_lock
test. - Invoke
${CALIPTRA_ROOT}/tools/scripts/Makefile
with target 'program.hex' to produce SRAM initialization files from the firmware found insrc/integration/test_suites/${TESTNAME}
- E.g.:
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile program.hex
- NOTE: TESTNAME may also be overridden in the makefile command line invocation, e.g.
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=iccm_lock program.hex
- NOTE: The following macro values must be overridden to match the value provided (later) during hardware compilation. The full L0 regression suite includes tests that will fail if the firmware and hardware configuration has a discrepancy. Default values in the Makefile are shown with each macro:
- CALIPTRA_INTERNAL_QSPI=1
- CALIPTRA_INTERNAL_UART=1
- CALIPTRA_INTERNAL_I3C=0
- CALIPTRA_INTERNAL_TRNG=1
- E.g.
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile CALIPTRA_INTERNAL_QSPI=0 CALIPTRA_INTERNAL_UART=0 CALIPTRA_INTERNAL_I3C=0 CALIPTRA_INTERNAL_TRNG=1 program.hex
- E.g.:
- Compile complete project using
src/integration/config/caliptra_top_tb.vf
as a compilation target in VCS. When running thevcs
command to generate simv, users should ensure thatcaliptra_top_tb
is explicitly specified as the top-level component in their command to ensure this is the sole "top" that gets simulated.- NOTE: The following macro values must be defined (or omitted) to match the value provided during firmware compilation. The full L0 regression suite includes tests that will fail if the firmware and hardware configuration has a discrepancy.
- CALIPTRA_INTERNAL_QSPI
- CALIPTRA_INTERNAL_UART
- CALIPTRA_INTERNAL_I3C
- CALIPTRA_INTERNAL_TRNG
- NOTE: The following macro values must be defined (or omitted) to match the value provided during firmware compilation. The full L0 regression suite includes tests that will fail if the firmware and hardware configuration has a discrepancy.
- Copy the test generator scripts to the run output directory:
- src/ecc/tb/ecdsa_secp384r1.exe
- Necessary for randomized_pcr_signing
- OPTIONAL otherwise
- src/doe/tb/doe_test_gen.py
- Allows use of randomized secret field inputs during testing.
- Required when using the
+RAND_DOE_VALUES
plusarg during simulation - Also required for several smoke tests that require randomized DOE IV, such as smoke_test_doe_scan, smoke_test_doe_rand, smoke_test_doe_cg
- src/ecc/tb/ecdsa_secp384r1.exe
- Simulate project with
caliptra_top_tb
as the top target
- Setup tools, add to PATH (ensure Verilator, GCC, and RISC-V toolchain are available)
- Define all environment variables above
- For the initial test run after downloading repository,
iccm_lock
is recommended for TESTNAME - See Regression Tests for information about available tests.
- For the initial test run after downloading repository,
- Create a run folder for build outputs
- Recommended to place run folder under
${CALIPTRA_WORKSPACE}/scratch/$USER/verilator/<date>
- Recommended to place run folder under
- [OPTIONAL] By default, this run flow will use the RISC-V toolchain to compile test firmware (according to TESTNAME) into program.hex, iccm.hex, dccm.hex, and mailbox.hex. As a first pass, integrators may alternatively use the pre-built hexfiles for convenience (available for
iccm_lock
test). To do this, copyiccm_lock.hex
to the run directory and rename toprogram.hex
.dccm.hex
should also be copied to the run directory, as-is. Usetouch iccm.hex mailbox.hex
to create empty hex files, as these are unnecessary foriccm_lock
test. - Run Caliptra/tools/scripts/Makefile, which provides steps to run a top-level simulation in Verilator
- Example command:
make -C <path/to/run/folder> -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=${TESTNAME} debug=1 verilator
- NOTE:
debug=1
is optional; if provided, the verilator run will produce a .vcd file with waveform information - NOTE:
TESTNAME=${TESTNAME}
is optional; if not provided, test defaults to value of TESTNAME environment variable, then toiccm_lock
- NOTE: Users may wish to produce a run log by piping the make command to a tee command, e.g.:
make ... <args> ... | tee <path/to/run/folder>/verilate.log
- Example command:
- Users have the option to run the entire suite of smoke tests using the provided python script
run_verilator_l0_regression.py
- Ensure Python 3.9.2 is available by adding to the $PATH variable
- Run the script with:
python3 run_verilator_l0_regression.py
- NOTE: The script automatically creates run output folders at
${CALIPTRA_WORKSPACE}/scratch/$USER/verilator/<timestamp>/<testname>
for each test run - NOTE: The output folder is populated with a run log that reports the run results and pass/fail status
- Setup tools, add to PATH
- Define all environment variables above
- Create a run folder for build outputs (and cd to it)
- Compile complete project using
src/<block>/config/<name>_tb.vf
as a compilation target in VCS. When running thevcs
command to generate simv, users should ensure that<name>_tb
is explicitly specified as the top-level component in their command to ensure this is the sole "top" that gets simulated. - Copy the test generator scripts or test vectors to the run output directory:
- src/ecc/tb/test_vectors/mm_test_vectors*.hex
- Necessary for ecc_montgomerymultiplier_tb
- src/sha256/tb/sha256_test_gen.py
- Necessary for sha256_random_test
- src/ecc/tb/test_vectors/mm_test_vectors*.hex
- Simulate project with
<name>_tb
as the top target
Description:
The UVM Framework generation tool was used to create the baseline UVM testbench for verification of the top-level Caliptra image. The top-level bench leverages the soc_ifc_top
testbench as a subenvironment, to reuse environment level sequences, agents, register models, and predictors.
Prerequisites:
- QVIP 2021.2.1 for Mentor Graphics (provides the AHB/APB VIP)
- UVM 1.1d installation
- Mentor Graphics UVM-Framework installation
Environment Variables:
UVM_HOME
: Filesystem path to the parent directory containing SystemVerilog source code for the UVM library of the desired version.
UVMF_HOME
: Filesystem path to the parent directory containing source code (uvmf_base_pkg) for the UVM Frameworks library, a tool available from Mentor Graphics for generating baseline UVM projects.
QUESTA_MVC_HOME
: Filesystem path to the parent directory containing source code for Mentor Graphics QVIP, the verification library from which AHB/APB UVM agents are pulled in the Caliptra UVM environment.
Steps:
- Compile UVM 1.1d library
- Compile the AHB/APB QVIP source
- Compile the Mentor Graphics UVM-Frameworks base library
- Compile the UVMF wrapper for APB/AHB in Caliptra/src/libs/uvmf
- Compile the
verification_ip
provided forsoc_ifc
found inCaliptra/src/soc_ifc/uvmf_soc_ifc
- Compile the
caliptra_top
testbench found inCaliptra/src/integration/uvmf_caliptra_top
- ALL compilation steps may be completed by using the file-list found at
src/integration/uvmf_caliptra_top/config/uvmf_caliptra_top.vf
- NOTE:
Caliptra/src/integration/uvmf_caliptra_top/uvmf_template_output/project_benches/caliptra_top/tb/testbench/hdl_top.sv
is the top-level TB wrapper for the system - Compile the validation firmware (as described in Regression Tests) that will run on Caliptra's embedded RISC-V core
- The expected output products are
program.hex
,caliptra_fmc.hex
,caliptra_rt.hex
and must be placed in the simulation run directory make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=caliptra_top program.hex
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=caliptra_fmc caliptra_fmc.hex
make -f ${CALIPTRA_ROOT}/tools/scripts/Makefile TESTNAME=caliptra_rt caliptra_rt.hex
- The expected output products are
- Copy the test vectors to the run output directory:
- src/sha512/tb/vectors/SHA*.rsp
- Required for SHA512 UVM unittest
- src/sha512/tb/vectors/SHA*.rsp
- Select a test to run from the set of tests in
Caliptra/src/integration/uvmf_caliptra_top/uvmf_template_output/project_benches/caliptra_top/tb/tests/src
- Provide
+UVM_TESTNAME=<test>
argument to simulation
Description:
The UVM Framework generation tool was used to create the baseline UVM testbench for verification of each IP component inside Caliptra. The following IP blocks have supported UVM testbenches:
Prerequisites:
- QVIP 2021.2.1 for Mentor Graphics (provides the AHB/APB VIP)
- UVM 1.1d installation
- Mentor Graphics UVM-Framework installation
Steps:
- Compile UVM 1.1d library
- Compile the AHB/APB QVIP source
- Compile the Mentor Graphics UVM-Frameworks base library
- Compile the UVMF wrapper for APB/AHB in Caliptra/src/libs/uvmf
- Compile the
verification_ip
provided for the target testbench - ALL compilation steps may be completed by using the file-list found at
src/<block>/uvmf_<name>/config/<name>.vf
- NOTE:
Caliptra/src/<block>/uvmf_<name>/uvmf_template_output/project_benches/<block>/tb/testbench/hdl_top.sv
is the top-level TB wrapper for the system - Copy the test generator scripts to the run output directory:
- src/ecc/tb/ecdsa_secp384r1.exe
- Necessary for ECC unittest
- src/hmac/tb/test_gen.py
- Required for uvmf_hmac unittest
- src/sha512/tb/vectors/SHA*.rsp
- Required for SHA512 UVM unittest
- src/ecc/tb/ecdsa_secp384r1.exe
- Select a test to run from the set of tests in
Caliptra/src/<block>/uvmf_<name>/uvmf_template_output/project_benches/<block>/tb/tests/src
- Provide
+UVM_TESTNAME=<test>
argument to simulation
Only tests from the L0 Regression List should be run. The list is defined in the file L0_regression.yml
The UVM simulation environment for caliptra_top
uses a special set of validation firmware to generate stimulus as required for the test plan. This firmware suite is found in src/integration/test_suites
and includes:
caliptra_top
: A C-based program that emulates a minimal set of bringup functions similar to the function of the ROM. This C file transitions very early to either a the FMC image or Runtime image based on bringup (reset reason) conditions.caliptra_fmc
: A C-based program that emulates the functionality of the First Mutable Code. In this reduced-functionality validation implementation, the FMC code is a simple intermediary that runs from ICCM and serves to boot the Runtime Firmware.caliptra_rt
: A C-based program that emulates the functionality of the production Runtime code. This program receives and services interrupts, defines a minimal Non-Maskable Interrupt handler, generates FW resets as needed, processes mailbox commands (generated through the UVM validation test plan), and runs some baseline Watchdog Timer testing.
These three programs are designed to be run within the context of a UVM simulation, and will fail to generate meaningful stimulus in the standalone caliptra_top_tb
test.
- The internal registers are auto rendered at the GitHub page
- So are the external registers