Fatih Balli

AFAIU, we are delaying the response to fault attack by waiting until signature failure instead of immediately reacting to it. This raises the question of if anything can go wrong...

@andreaskurth As far as M2.5 is concerned, I guess here only the security sensitive data that is left on the bus could be a problem. For instance, in the first...

I think setting TL-UL output explicitly to zero when not used is a good idea. From the first waveform (highlighted with light blue), it seems like even when Ibex TL-UL...

As discussed in Security WG (16/03/2023), this is not a necessary fix for M2.5, therefore I will mark it as FutureRelease. I will just repeat some notes from this meeting:...

The relevant FSM is in `keymgr_ctrl.sv`. I looked at 3 different failures and they all have the same pattern. Here is the sequence of operations by DV. * OTP key...

The root cause was the index, for which I have the small fix + doc update #23018. > Is it a temporary fix or a behavior we want to keep?...

Thanks @gdessouky, I made the editorial changes in the doc as you suggested.

Thanks @martin-velay for pointing out that `KEY` registers also need to be stored/restored during context switches for keyed HMAC (but not SHA, as far as I see). I updated the...

Just tagging @gdessouky and @bilgiday, because we recently discussed a similar idea/issue offline without knowing this issue already exists.

Last year I reviewed Keymgr and KMAC interaction focusing specifically on logical leaks before M2.5 sign-off, with only logical leak being https://github.com/lowRISC/opentitan/issues/17508 Is the scope of this review only the...