The Earlgrey-PROD.M4 milestone finalizes the RTL of the hardware IP blocks and the Earlgrey top level for the production tapeout. This includes the completion of area, timing, and power optimizations at RTL, inclusion of additional fault injection countermeasures that did not make it into M3, final I2C features additions, and several bug fixes. All hardware IP blocks as well as the top level are lint clean with the latest AscentLint version. With the Earlgrey-PROD.M4 milestone, the RTL got frozen.

The main changes since Earlgrey-PROD.M3 are:

• The design got prepared for the adoption of technology-specific 2-flop synchronizer cells (#23512).
• To support a smaller chip package for space-constrained applications, four additional I/O multiplexers have been added (#23201, #23356).
• New control bits have been added to disable input drivers of pads for leakage control (#23042, #23107).
• Related to AST, an unused pad got removed (#22995), test ports for the memory macros got added (#23531, #23547, #23718), and a DFT fix got implemented (#23588).
• Upon reset, alerts inside SENSOR_CTRL are now enabled but configured as recoverable (#23152). During boot, firmware can change the configuration based on OTP bits.
• The SPI_DEV_CLK is used as scan clock and scan clocks got removed from wakeup detector inputs inside PINMUX (#23791).
• The fault-injection (FI) hardening of FLASH_CTRL got improved by 1) XOR-infecting the read data of host accesses with the address (#23557), 2) by using hardened FIFO-primitives inside the TL-UL interface (#23515), and 3) by closing a short gap in the integrity protection inside the read pipeline (#23514). In addition, a performance bug in the read buffer re-allocation of FLASH_CTRL got fixed (#23822).
• The FI hardening of Ibex got improved by 1) switching to multi-bit encodings for the control signals of the instruction cache memory primitives (#23292), and 2) by only acting on data memory responses if they’re actually expected (lowRISC/Ibex#2166). The corresponding issue in the Ibex repository (lowRISC/Ibex#2144) has been reported by Katharina Ceesay-Seitz and Flavien Solt from the Computer Security (COMSEC) group at ETH Zürich. In addition, a bug in the address translation mechanism got fixed (#23178).
• The FI hardening of SRAM_CTRL got improved by implementing a hardware readback mechanism that can be enabled and disabled at run time (#23212).
• The local escalation behavior for entropy complex modules (ENTROPY_SRC, CSRNG, EDN) got aligned (#23560, #23561, #23657). In addition:
  • A bug affecting the single-channel mode of ENTROPY_SRC got fixed (#23775).
  • CSRNG now features a per-instance internal state read enable setting that is lockable until reset as well as always readable reseed counter registers (#23539). Also, CSRNG allows overwriting the FIPS/CC compliance flag (#23324) and the operation around command acknowledgement errors got improved (#22906, #23601).
  • A couple of bugs in the SW and HW command status interface of EDN got fixed (#23120, #23607).
• HMAC received bug fixes related to the saving & restoring of contexts (#23018, #23224, #23236, #23432, #23538), the wiping of secrets and digests (#23108, #23220), and the reporting of its status (#23036, #23242, #23739, #23383), as well as some cleanups (#23384, #23674).
• I2C now supports target responses to timeouts and read commands for SMBus (#22865) as well as bus arbitration, clock synchronization, and simultaneously active host and target modules for multi-controller environments (#22872).
• KEYMGR now uses entropy more efficiently for reseeding the internal PRNG (#22951), no longer continuously reseeds the PRNG when disabled (#23071), and correctly separates input domains for KDF-KMAC calls by using distinct seed inputs for subsequent advance operations (#22878).
• OTBN received some minor RTL changes to simplify DV such as to avoid X-propagation issues (#22115, #22116) and to avoid loop stack commits on simultaneous push/pop operations (#22171).
• PATTGEN now allows defining the output signal levels while idle (#23198) and the outputs signals are now free of glitches (#23206).
• PWRMGR now avoids race conditions related to Ibex receiving interrupts before having completed entry into low-power mode (#23500).
• RV_DM now has a synchronous assertion timing for the JTAG combined resets in the core clock domain to fix an RDC and a DFT issue (#23621).
• SPI_DEVICE now blocks Flash write commands when busy (#23546), releases the CSB reset in sync with SCK, and features a separate reset network for the outclk domain (#23244, #23589).
• SPI_HOST received some timing improvements (#23067, #23579) and can no longer change sd_en_o in the middle of a cycle (#22139).
• UART received a new status-type tx_empty interrupt. The existing event-type interrupt got renamed - it is indicating when the transmit FIFO is empty and the transmit is actually done (#23409).
• USBDEV now correctly handles link resets (#23692, #23812) and also rejects OUT packets internally while returning STALL to the host (#23807).
• ROM changes:
  • Add immutable ROM_EXT partition to enable enhancing security posture of DICE keygen in the future without requiring a metal spin (#23840).
  • Update SPHINCS+ signing from pure cSHAKE-128s mode to allow SHA2-128s pure or pre-hash modes (#22953, #23705, #23710, #23730, #23732, #23761, #23762, #23765).
  • Improved hardening (#23334, #23646, #23654, #23751, #23834).
  • Print UART banner on boot (#23521, #23802, #23820).
  • Configure sensor_ctrl at boot (#23155, #23513).
  • Add a minimal exception handler to attempt booting the second partition when flash ECC errors (toggleable via an OTP field) are encountered on the first boot partition (#23378, #23635, #23643, #23653).
  • Avoid touching the watchdog configuration on a wake from sleep (#22593).
  • Reclaim 662 bytes of unused space (#23520).
  • Record whether or not the RETRAM was initialized by the ROM (#23410).
  • Improve various length/bounds checks in the ROM (#23332, #23337).
  • Add ROM build targets for disassembly and silicon_creator binary used to build final ROM for tapeout (#23381, #23642)
  • Improved the reset reason reporting / clearing mechanism (#23411, #23757).
  • Improved stack memory layout and usage report (#23668).
  • Cleanup secure boot key management since keys are now in OTP and default signature scheme is now ECDSA instead of RSA (#23316, #23318, #23319, #23670, #/23678, #23680).
  • Enhance the ROM_EXT boot slot selection decision (#23310).
  • Report the correct boot log rom_ext_slot (#23262).
  • Use measurement of digest fields of the software-readable OTP partitions as the first stage keymgr attestation binding value (#22890).