[ot] hw/opentitan: ot_otp_engine: Replace digest BH with a timer

AlexJones0 · AlexJones0 · commit db6f460ce500 · 2025-12-09T13:03:17.000Z
From testing, it seems that the use of Bottom Halves on hosts under
higher processing loads (where QEMU is more often pre-empted) can
produce inconsistent / slow results. Timers with a short timeout provide
the same decoupling functionality as the BH but with more consistency
and expedience.

This could be especially problematic for SW which expects digest writes
to be processed within a certain time. If handling of the BH was
deferred long enough, then enough guest code could be processed for it
to look like e.g. 10 ms had passed, exceeding common SW timeouts. This
could be seen happening occasionally under high processing loads.

Signed-off-by: Alex Jones &lt;alex.jones@lowrisc.org&gt;
diff --git a/hw/opentitan/ot_otp_engine.c b/hw/opentitan/ot_otp_engine.c
@@ -57,8 +57,11 @@
 #define OT_OTP_HW_CLOCK QEMU_CLOCK_VIRTUAL_RT
 
 /* the following delays are arbitrary for now */
-#define DAI_DIGEST_DELAY_NS 50000u /* 50us */
-#define LCI_PROG_SCHED_NS   1000u /* 1us*/
+#define DAI_DIGEST_DELAY_NS 50000 /* 50us */
+#define LCI_PROG_SCHED_NS   1000 /* 1us */
+
+/* Use a timer with a small delay instead of a BH for reliability */
+#define DIGEST_DECOUPLE_DELAY_NS 100 /* 100 ns */
 
 /* The size of keys used for OTP scrambling */
 #define OTP_SCRAMBLING_KEY_WIDTH 128u
@@ -1622,7 +1625,8 @@ static void ot_otp_engine_dai_complete(void *opaque)
         break;
     case OT_OTP_DAI_DIG_WAIT:
         g_assert(s->dai->partition >= 0);
-        qemu_bh_schedule(s->dai->digest_bh);
+        int64_t now = qemu_clock_get_ns(OT_VIRTUAL_CLOCK);
+        timer_mod(s->dai->digest_write, now + DIGEST_DECOUPLE_DELAY_NS);
         break;
     case OT_OTP_DAI_ERROR:
         break;
@@ -2746,11 +2750,11 @@ static void ot_otp_engine_reset_enter(Object *obj, ResetType type)
         c->parent_phases.enter(obj, type);
     }
 
-    qemu_bh_cancel(s->dai->digest_bh);
     qemu_bh_cancel(s->lc_broadcast.bh);
     qemu_bh_cancel(s->pwr_otp_bh);
 
     timer_del(s->dai->delay);
+    timer_del(s->dai->digest_write);
     timer_del(s->lci->prog_delay);
     qemu_bh_cancel(s->keygen->entropy_bh);
     s->keygen->edn_sched = false;
@@ -2900,7 +2904,8 @@ static void ot_otp_engine_init(Object *obj)
 
     s->dai->delay =
         timer_new_ns(OT_VIRTUAL_CLOCK, &ot_otp_engine_dai_complete, s);
-    s->dai->digest_bh = qemu_bh_new(&ot_otp_engine_dai_write_digest, s);
+    s->dai->digest_write =
+        timer_new_ns(OT_VIRTUAL_CLOCK, &ot_otp_engine_dai_write_digest, s);
     s->lci->prog_delay =
         timer_new_ns(OT_OTP_HW_CLOCK, &ot_otp_engine_lci_write_word, s);
     s->pwr_otp_bh = qemu_bh_new(&ot_otp_engine_pwr_otp_bh, s);
diff --git a/include/hw/opentitan/ot_otp_engine.h b/include/hw/opentitan/ot_otp_engine.h
@@ -165,7 +165,7 @@ typedef struct {
 
 typedef struct OtOTPDAIController {
     QEMUTimer *delay; /* simulate delayed access completion */
-    QEMUBH *digest_bh; /* write computed digest to OTP cell */
+    QEMUTimer *digest_write; /* write computed digest to OTP cell */
     OtOTPDAIState state;
     int partition; /* current partition being worked on or -1 */
 } OtOTPDAIController;
