Quickstart

This quickstart covers the first steps after receiving the zeroRISC RTL delivery: understanding the package structure, running the reference synthesis flow, initializing the OTP memory map, and issuing your first attestation command.

1. Package Structure

The RTL delivery is organized as follows:

zerorisc-rot-ip/
  rtl/
    attestation/     # DICE attestation engine
    lifecycle/       # lifecycle controller + OTP controller
    crypto/          # AES-256-GCM, SHA-3, ECDSA, CSRNG
    top/             # top-level integration wrapper
  syn/
    constraints/     # SDC per foundry node
    scripts/         # Synopsys DC / Cadence Genus scripts
  dv/
    tb/              # UVM testbench top
    tests/           # directed + random test sequences
    cov/             # coverage config
  docs/
    integration-guide.pdf
    otp-memory-map.xlsx

2. Running the Reference Synthesis Flow

A reference synthesis script is provided for Synopsys DC. Source the appropriate SDC for your foundry node before running:

# Set foundry node (tsmc28hpm | gf22fdx | smic40lp)
setenv FOUNDRY_NODE tsmc28hpm

# Run synthesis
dc_shell -f syn/scripts/dc_run.tcl | tee syn/logs/dc_run.log

The script targets a 400 MHz synthesis constraint at the TSMC 28nm HPM node. Adjust the target frequency in syn/scripts/dc_run.tcl for your design requirements.

3. OTP Memory Map Initialization

Before first silicon bring-up, the OTP partition containing the Unique Device Secret and lifecycle configuration must be provisioned. The provisioning tool reads a JSON configuration file:

{
  "lifecycle_state": "DEV",
  "uds_seed": "<256-bit hex — provided by zeroRISC manufacturing flow>",
  "hw_cfg0": {
    "device_id": "<64-bit OEM device ID>",
    "manuf_state": 0
  }
}

The UDS seed is generated by zeroRISC using a FIPS-approved DRBG during the provisioning ceremony and delivered under separate secure channel.

4. First Attestation Command

After power-on reset completes (lifecycle controller has released the CPU from reset in DEV or PROD state), the attestation engine is ready. Issue the full-chain attestation command:

#include "zerorisc_rot.h"

int main(void) {
  rot_init();  // configure bus bridge, interrupts

  // Trigger full attestation chain generation
  rot_attest_cmd(ATTEST_FULL_CHAIN);

  // Wait for completion
  while (!rot_attest_done());

  // Retrieve CDI_0, CDI_1, and App Cert
  uint8_t app_cert[512];
  size_t len = rot_attest_get_cert(CERT_APP, app_cert, sizeof(app_cert));

  // Verify via DICE verifier (remote or local)
  return 0;
}

See the API Reference for the complete command set and register map.

5. Next Steps

• Read the Integration Guide for SoC-level bus wiring, power domains, and tapeout checklist
• Review the API Reference for all lifecycle transition commands
• Contact engineering with integration questions