IP Security Assurance WG Releases its Draft Standard for Public Review!

[Lynn Garibaldi]

Posting on behalf of Brent Sherman, IPSA WG Chair:

Hi Everyone,

On behalf of the IP Security Assurance Working Group, I'd like to welcome you to the feedback portal for the SA-EDI 1.0 Public Review. If you haven't yet downloaded the document, it is available here.

In order for your voice to be heard, it is imperative that you provide your detailed feedback and questions via this forum before the end of the Public Review period, which will be May 21, 2021. We ask that you make use of the page and line numbers, as well as figure, table, syntax and example numbers/captions to make it clear exactly to what your comments refer. 

The WG is committed to analyzing all feedback and will make appropriate adjustments to the SA-EDI as deemed necessary. We will be monitoring this forum and will do our best to make this an interactive review as much as possible.

We thank you for your participation in this review and appreciate your efforts to help us make SA-EDI 1.0 the best it can be.

Regards,

Brent 

[Darren Galpin]

pg vi line 6 - should read "that identify" rather than "that identifies"?

pg 9, #4 - all the examples seem to be more for off-chip communication. Shouldn't an example also be intra-chip such as AXI?

[brentms]

@Darren Galpin - Thank you for the feedback.  I updated the standard to reflect your suggestions.  

[Bas Arts]

Just out of curiosity: did you consider/discuss to use XML as a data modeling language i.s.o. JSON, for example to ease integration into or connection with IP-XACT?

[Michael Simmons]

General question on Multiple IPs

Is it correct that each IP provider will contribute their own SWKB databases to be compiled with others? Will the SWKBs be inspectable for completeness or correctness? How would conflicting entries be handled? Are there checks for tampering?

 

page 7, line 14:

Is it an eventual goal for the EDA tools to generate the Element objects? Does “created manually” mean tools can be internally developed or open-sourced?

 

page 7, line 20-22:

Does tool used for verifying data objects need to be the same tool used to generate data objects?

 

Figure 4, Asset Definitions?

 

Section 7.4:

Can more examples be given regarding "Elements"? Are these like waveforms or lint-checker results?

 

page 11, line 19:

There is no "Ports" attribute in the APSO in Figure 5 but clarified in Table 6 four pages later.  You should make this clarification sooner like done for "Name" and "Asset Name" on line 20.  

[brentms]

@Bas Arts - yes, we had several discussions about xml vs json.  we chose json for its simplicity and ease of use.  since there are online converters, a tool could support both if need be.  

[brentms]

@Michael Simmons - thank you for the feedback.  responses below:

General question on Multiple IPs: Is it correct that each IP provider will contribute their own SWKB databases to be compiled with others? Will the SWKBs be inspectable for completeness or correctness? How would conflicting entries be handled? Are there checks for tampering?

[brent] - The SWKB can be proprietary however the entries that are applicable to the IP must be shared with the Integrator.  The relationship between the IP Supplier and Integrator is trusted therefore tampering should not be a concern.  The Integrator has the capability to verify all created data objects for correctness and completeness.   

 

page 7, line 14: Is it an eventual goal for the EDA tools to generate the Element objects? Does “created manually” mean tools can be internally developed or open-sourced?

[brent] - Yes. 

 

page 7, line 20-22: Does tool used for verifying data objects need to be the same tool used to generate data objects?

[brent] - It doesn't have to be the same tool however it must follow the standard.  To expand, given the same input, the tools must produce the same output.

 

Figure 4, Asset Definitions?

[brent] - There may be more than one however the standard refers to data objects as singular.

 

Section 7.4: Can more examples be given regarding "Elements"? Are these like waveforms or lint-checker results?

[brent] - Examples are provided in section Annex B.  They are JSON data objects.  The workgroup is developing some demos to help illustrate the workflow using tools.  The demos will be showcased in the security embedded track at DAC'21. 

 

page 11, line 19: There is no "Ports" attribute in the APSO in Figure 5 but clarified in Table 6 four pages later.  You should make this clarification sooner like done for "Name" and "Asset Name" on line 20.  

[brent] - Good feedback.  I've updated the standard to reflect your suggestion.