Skip to content

Darjeeling OTP map update #28840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Darjeeling OTP map update #28840

wants to merge 4 commits into from
+10,167 −3,959

Conversation

@sameo
Copy link
Contributor

@sameo sameo commented Nov 28, 2025

This is a refresh of the OTP map for integrated OpenTitan designs, e.g.
Darjeeling:

  • Added SoC fuses partitions, to hold non-RoT but SoC specific fuse
    values. We define one partition for the Chip Probe (CP) manufacturing
    stage and one for the following Factory Testing (FT) stage.
  • Added a SCRATCH_FUSES partition as an unstructured, scratch partition
    for SW implementations to share.
  • Added RoT chicken bits, for controlling secure boot verification.
    Secure boot is enabled when those items are fused with a MuBi32 True
    value.
  • Added a HW_CFG2 partition for the SoC debug and manufacturing states.
    Moving those to their own dedicated partition allows for a more
    controlled locking of the other HW_CFG partitions, as the parts move
    through the manufacturing stages.
  • Added documentation for all OTP items.
  • Updated the alert configuration items.
  • Moved the RoT certificate and its MAC into a dedicated partition so
    that the RoT owner authentication slot can be locked as soon as all
    keys are provisioned (i.e. before personalization even starts).
  • Removed all flash related items.
  • Removed all Earlgrey specific items.

Fixes #28447

@sameo sameo requested review from a team and cfrantz as code owners November 28, 2025 06:12
@sameo sameo requested review from Razer6, pamaury and rswarbrick and removed request for a team November 28, 2025 06:12
@andreaskurth andreaskurth self-requested a review December 1, 2025 10:24
sameo added 4 commits December 1, 2025 11:58
@sameo
[util,otp] Support absorbent items within a partition
95c7981 
We may want to define unsized but absorbent items within a partition,
similar to how absorbent partitions behave within an OTP map.

When not all reserved bits within a partition are allocated, the
unallocated ones will be equally distributed between all absorbent items
within that partition.

Signed-off-by: Samuel Ortiz <[email protected]>
@sameo
[sw,silicon_creator] Define Darjeeling key roles
71e1deb 
Integrated OpenTitan allows for defining multiple key roles. A key role
defines what kind of asset a specific key should sign.

Key manifest bundles in external flash and OTP authentication slots can
hold multiple keys, each bound to a specific role. At a minimum, OT
slots must hold a ownership transfer key and a key manifest one. The
former is required for handling ownership transfer operation from a
bootstrapped firmware while the latter allows for verifying all other
keys made available from a signed key manifest bundle.

Signed-off-by: Samuel Ortiz <[email protected]>
@sameo
[hw,top_darjeeling] Darjeeling OTP map update
483ac05 
This is a refresh of the OTP map for integrated OpenTitan designs, e.g.
Darjeeling:

- Added SoC fuses partitions, to hold non-RoT but SoC specific fuse
  values. We define one partition for the Chip Probe (CP) manufacturing
  stage and one for the following Factory Testing (FT) stage.
- Added a SCRATCH_FUSES partition as an unstructured, scratch partition
  for SW implementations to share.
- Added RoT chicken bits, for controlling secure boot verification.
  Secure boot is enabled when those items are fused with a MuBi32 True
  value.
- Added a HW_CFG2 partition for the SoC debug and manufacturing states.
  Moving those to their own dedicated partition allows for a more
  controlled locking of the other HW_CFG partitions, as the parts move
  through the manufacturing stages.
- Added documentation for all OTP items.
- Updated the alert configuration items.
- Moved the RoT certificate and its MAC into a dedicated partition so
  that the RoT owner authentication slot can be locked as soon as all
  keys are provisioned (i.e. before personalization even starts).
- Removed all flash related items.
- Removed all Earlgrey specific items.

Fixes lowRISC#28447

Signed-off-by: Samuel Ortiz <[email protected]>
@sameo
[hw,darjeeling] HW artefacts refresh based on the new OTP map
9827871 
Signed-off-by: Samuel Ortiz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz Awaiting requested review from cfrantz cfrantz is a code owner

@rswarbrick rswarbrick Awaiting requested review from rswarbrick rswarbrick is a code owner automatically assigned from lowRISC/ot-dv-reviewers

@pamaury pamaury Awaiting requested review from pamaury pamaury is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

@Razer6 Razer6 Awaiting requested review from Razer6

@andreaskurth andreaskurth Awaiting requested review from andreaskurth

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[top_darjeeling] OTP map refresh

1 participant

@sameo