Versions Compared

Old Version 61

changes.mady.by.user G. Richard Newell

Saved on

compared with

New Version 62

changes.mady.by.user Ben Marshall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status at a glance:

...

  • Latest Draft Scalar Crypto Specification (v0.9.1)
  • Stable in asciidoc form now.
  • Some consistency review feedback which will be applied in subsequent functional releases:
    • aes32* and sm4* encodings will change to remove the `rt` field.
    • Change aes64ks1i "rcon" immediate to "rnum".
    • Remove packu[w] since they aren't needed for our usecase of packing bytes into words. We can use other pack instructions.
    • Break Zbk into smaller units: (Zbkc: clmul*, Zbkx: xperm.*, Zbkb: everything else)
    • Entropy source changes, including configurable access to the entropy source from S mode.
  • 2)
  • This version is being sent out for wider review from Horizontal Committees, and will be subject to a closer architectural review.

Encoding/OpCode consistency review

  • Opcodes and encodings proposed
  • Instruction extensions (instruction groupings) proposed
  • Submitted to review task group
  • will be subject to architecture and consistency review in the coming weeks (starting 13/June/21)
  • The Bit-Manipulation shared subsets are being reviewed first as part of Bit-Manipulation specification review
    • Proposed as Zbkc (clmul) Zbkx (xperm) and Zbkb (other specific crypto-required bit-manipulation commands)
  • The Proposed Scalar Crypto-unique subsets are next in line for review:
    • K (Krypto): 
      • Zkn (full NIST Suite):  ZKne (NIST encrypt suite), ZKnd (NIST decrypt suite), ZKnh (NIST hash suite), Zbkc, Zbkx, Zbkb (see above)
      • Zkr (random entropy source)
    • Zks (full ShangMi Suite):  Zksed (SM4 encrypt/decrypt suite), Zksh (SM3 hash suite), Zbkc, Zbkx, Zbkb (see above)
  • OpCode and Consistency Review page
  • What's next:  Respond to OpCode and Consistency Review comments, once available, and achieve consensus on any changes.
  • (warning)We need to discuss the aes32* and sm4* rt encodings.
    • Comments from others and Andrew particularly suggest that having distinct rd/rs1/rs2 is acceptable and that we over-estimated the importance of minimising encoding cost.
    • We will likely be reverting to the original form of these instructions, with separate rd/rs1/rs2 before public review.

Architecture Tests

  • Test plan for the scalar-crypto specific instructions is available.
  • Imperas have a complete set of tests, written to the existing test plan, for the scalar crypto instructions and the bitmanip instructions we borrow.
    • These have been merged into the main test suite as of PR#177, with many thanks to Imperas for the contribution.
      • Spike, OVPSim and Sail all agree on the test signatures.
    • They form a base we can use to develop prototype implementations / Spike / SAIL / QEMU very easily and quickly.
  • Upstream Spike support for enabling it to work with the K test suite is being added in PR#687.
  • IIT Madras are also looking at writing the scalar crypto tests for integration into the official architectural tests repo as well.
    • Agreed SoW for IITM
    • They are re-implementing the tests as part of the blessed coverage and test generation tooling.
      • Making good progress with the simple test patterns for scalar-crypto specific instructions A/O April 7'th '21
    • We then switch over to using the IIT tests when they are finished, since they will be easier to maintain/extend going forward than the Imperas tests.
  • YAML config changes for K have been merged in. See here.
  • Status from IIT Madras as on 20-May:
    • Real world test cases as per the test plan has been generated.
    • Currently waiting for the fixed toolchain with K extension from PLCT to test the generated test cases. All the test cases are working fine when we run against the patched toolchain
    • A PR has been raised with a pull request for this suite to be reviewed and merged in the riscv-arch tests github repo.
  • Status from IIT Madras as on 12-May:
    • Coverage report for all developed cases in CTG/ISAC has been generated and it is reported as 100%
    • Currently real world test cases are being developed as per test plan and will be completed and send for review by beginning of next week
  • Status from IIT Madras as on 05-May:
    • Resolved issues in running the rv64ik toolchain after interacting with PLCT and compile the relevant tests generated from CTG and run them on spike
    • Currently resolving issues in the running the rv64ibk toolchain. Once this is done, will generate the coverage report of the test cases built till now and share with team.
  • Status from IIT Madras as on 26-Apr:
    • Completed the coverage points specification for all 32-bit and 64-bit instructions
    • Generated test cases from the coverage points
    • Currently working on trying to install the scalar crypto enabled toolchain.

...