Skip to content

Create Nucleo N657x0-Q Platform#1547

Open
bremoran wants to merge 22 commits into
mainfrom
platform-nucleo-n657x0-q
Open

Create Nucleo N657x0-Q Platform#1547
bremoran wants to merge 22 commits into
mainfrom
platform-nucleo-n657x0-q

Conversation

@bremoran
Copy link
Copy Markdown
Contributor

@bremoran bremoran commented Feb 5, 2026

This change introduces a new bare-metal test platform for the Nucleo N657x0-Q board and integrates it into the project’s Nix devshell and test build system.

Summary

  • Adds a dedicated Nix devshell target for nucleo-n657x0-q.
  • Introduces a full bare-metal platform under test/baremetal/platform/nucleo-n657x0-q/, including build rules, execution wrapper, argument packing utility, and platform sources.
  • Updates HAL and test make components to integrate the new platform.

Changes

  • flake.nix: Add .#nucleo-n657x0-q devshell.
  • nix/nucleo-n657x0-q/default.nix: Define board devshell and tooling.
  • nix/util.nix: Utility update for new platform.
  • test/baremetal/platform/nucleo-n657x0-q/README.md: Platform documentation.
  • test/baremetal/platform/nucleo-n657x0-q/platform.mk: Makefile integration for the platform.
  • test/baremetal/platform/nucleo-n657x0-q/exec_wrapper.py: Execution wrapper for running tests on target.
  • test/baremetal/platform/nucleo-n657x0-q/make_argv_bin.py: Helper to pack argv for target.
  • test/baremetal/platform/nucleo-n657x0-q/src/*.c, *.h: Platform sources (cmdline, semihosting syscall, helpers).
  • test/hal/hal.c, test/hal/pmu_armv8.h: Minor HAL updates for compatibility.
  • test/mk/components.mk: Include the new platform components.

Why

  • Enables running and validating ML-KEM tests on the Nucleo N657x0-Q board.
  • Establishes a consistent devshell and build workflow for this platform.

Usage

  • Devshell: nix develop .#nucleo-n657x0-q
  • Build tests: make test EXTRA_MAKEFILE=test/baremetal/platform/nucleo-n657x0-q/platform.mk

Notes

  • No breaking changes expected to other platforms.
  • Documentation included under the platform’s README.md.

@bremoran bremoran requested a review from a team as a code owner February 5, 2026 13:21
@bremoran
Create a nucleo-n657x0-q platform
3e524d4 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Update readme for correctness
32c4136 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran force-pushed the platform-nucleo-n657x0-q branch from c71f1bc to 32c4136 Compare February 5, 2026 13:28
@hanno-becker
Copy link
Copy Markdown
Contributor

hanno-becker commented Mar 19, 2026

@bremoran What's your plan for this?

@bremoran
Copy link
Copy Markdown
Contributor Author

bremoran commented Mar 20, 2026

I am hoping to finalise this but I'm not able to spend time on it right now.

@mkannwischer mkannwischer marked this pull request as draft March 21, 2026 05:29
@mkannwischer
Copy link
Copy Markdown
Contributor

mkannwischer commented Mar 21, 2026

I am hoping to finalise this but I'm not able to spend time on it right now.

Thanks for the update. Marking it as draft for now. Please mark it as ready when you have finished it.

bremoran added 9 commits May 5, 2026 14:57
@bremoran
Start of work on TCM Stack
c5d7cd0 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Try to get TCM working
2d1fee4 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Func tests working
e30a9a8 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
KAT-768 and KAT-512 now working
af2737e 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Working nucleo tests
bf8ac36 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
nucleo-n657x0-q: add host helpers and load recovery
4f5634d 
Factor common host-side logic for argv blobs, GDB scripts, result parsing,
ST tool lookup, and symbol resolution into a nucleo_host package shared by
the NUCLEO wrapper scripts.

Detect pre-output GDB load failures, rerun FLEXMEM configuration, and retry
the same test ELF via GDB_LOAD_FAILURE_RECOVERY_ATTEMPTS. Add unit coverage
for the helper modules and retry behavior, extend FLEXMEM setup dependencies
to all run targets, and document manual load-recovery validation.

Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
nucleo-n657x0-q: add flexmem build hints
f6c713c 
Remove the unused ST LRUN linker-script copy and D-TCM stack patching from
the Nix platform package now that the platform uses repository-owned linker
scripts.

Add a shared FLEXMEM diagnostic helper and use it from both exec_wrapper.py
and flexmem_configure.py so missing flexmem_config.elf errors explain how to
build and run the config target. Cover the new diagnostics with host-side unit
tests.

Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Merge branch 'main' into platform-nucleo-n657x0-q
9d70a20 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Fix linting errors
c95d72a 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran force-pushed the platform-nucleo-n657x0-q branch from e3776fa to c95d72a Compare May 5, 2026 14:01
@bremoran
Format/lint
3503753 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran marked this pull request as ready for review May 5, 2026 14:59
@bremoran
Copy link
Copy Markdown
Contributor Author

bremoran commented May 5, 2026

Thanks for the update. Marking it as draft for now. Please mark it as ready when you have finished it.

Done!

@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 5, 2026
edited
Loading

CBMC Results (ML-KEM-512)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1283s 1202s +6.7%
mlk_indcpa_keypair_derand 247s 232s +6%
mlk_indcpa_enc 168s 158s +6%
mlk_rej_uniform_c 120s 106s +13%
mlk_polyvec_basemul_acc_montgomery_cached_c 49s 49s +0%
mlk_ntt_layer 30s 25s +20%
mlk_poly_rej_uniform 30s 28s +7%
poly_ntt_native 26s 23s +13%
mlk_keccak_squeezeblocks_x4 24s 24s +0%
mlk_poly_reduce_native 20s 17s +18%
keccakf1600x4_permute_native_x4 17s 19s -11%
mlk_fqmul 15s 13s +15%
mlk_poly_decompress_d4_native 14s 13s +8%
mlk_indcpa_dec 12s 15s -20%
mlk_poly_decompress_d10_native 12s 12s +0%
mlk_polyvec_add 11s 12s -8%
mlk_keccak_squeeze_once 8s 7s +14%
mlk_keccak_squeezeblocks 8s 6s +33%
mlk_ntt_butterfly_block 8s 7s +14%
mlk_poly_frombytes_native 8s 8s +0%
mlk_poly_frommsg 8s 10s -20%
kem_dec 7s 6s +17%
mlk_poly_ntt 7s 6s +17%
rej_uniform_native_x86_64 7s 6s +17%
mlk_poly_cbd_eta2 6s 7s -14%
mlk_poly_rej_uniform_x4 6s 5s +20%
poly_decompress_d4_native_x86_64 6s 7s -14%
polyvec_basemul_acc_montgomery_cached_native 6s 6s +0%
mlk_ct_memcmp 5s 2s +150%
mlk_keccak_absorb_once_x4 5s 4s +25%
mlk_keccakf1600_permute_c 5s 4s +25%
mlk_montgomery_reduce 5s 2s +150%
mlk_poly_getnoise_eta2 5s 4s +25%
poly_tomont_native_x86_64 5s 1s +400%
intt_native_x86_64 4s 2s +100%
mlk_invntt_layer 4s 4s +0%
mlk_keccakf1600_xor_bytes 4s 2s +100%
mlk_poly_invntt_tomont_c 4s 2s +100%
mlk_poly_mulcache_compute_c 4s 3s +33%
mlk_poly_ntt_c 4s 4s +0%
mlk_polyvec_compress_du 4s 2s +100%
mlk_polyvec_permute_bitrev_to_custom_native 4s 2s +100%
mlk_scalar_decompress_d4 4s 2s +100%
mlk_sha3_256 4s 1s +300%
mlk_shake128x4_absorb_once 4s 1s +300%
ntt_native_aarch64 4s 2s +100%
nttunpack_native_x86_64 4s 3s +33%
poly_compress_d10_native_x86_64 4s 2s +100%
poly_compress_d11_native_x86_64 4s 3s +33%
poly_compress_d5_native_x86_64 4s 1s +300%
poly_decompress_d10_native_x86_64 4s 2s +100%
poly_decompress_d11_native_x86_64 4s 4s +0%
poly_frombytes_native_x86_64 4s 5s -20%
poly_mulcache_compute_native_x86_64 4s 5s -20%
poly_reduce_native_x86_64 4s 3s +33%
sys_check_capability 4s 3s +33%
intt_native_aarch64 3s 2s +50%
keccakf1600_permute_native 3s 2s +50%
keccakf1600x4_xor_bytes_native 3s 3s +0%
kem_check_pk 3s 2s +50%
kem_check_sk 3s 1s +200%
mlk_ct_cmask_nonzero_u16 3s 2s +50%
mlk_ct_get_optblocker_u32 3s 1s +200%
mlk_ct_get_optblocker_u8 3s 2s +50%
mlk_enc_getnoise_eta1_eta2 3s 3s +0%
mlk_gen_matrix 3s 1s +200%
mlk_gen_matrix_serial 3s 3s +0%
mlk_keccak_absorb_once 3s 2s +50%
mlk_keccakf1600x4_extract_bytes 3s 2s +50%
mlk_keccakf1600x4_xor_bytes_c 3s 2s +50%
mlk_keypair_getnoise_eta1 3s 2s +50%
mlk_matvec_mul 3s 1s +200%
mlk_poly_add 3s 2s +50%
mlk_poly_cbd_eta1 3s 2s +50%
mlk_poly_compress_d10_c 3s 3s +0%
mlk_poly_compress_d11_c 3s 2s +50%
mlk_poly_compress_d4 3s 1s +200%
mlk_poly_compress_du 3s 2s +50%
mlk_poly_decompress_d10_c 3s 1s +200%
mlk_poly_decompress_d11_native 3s 1s +200%
mlk_poly_decompress_d5_c 3s 1s +200%
mlk_poly_decompress_d5_native 3s 3s +0%
mlk_poly_getnoise_eta1122_4x 3s 2s +50%
mlk_poly_getnoise_eta1_4x 3s 3s +0%
mlk_poly_mulcache_compute_native 3s 3s +0%
mlk_poly_tobytes 3s 1s +200%
mlk_poly_tobytes_c 3s 4s -25%
mlk_poly_tomsg 3s 3s +0%
mlk_polyvec_mulcache_compute 3s 3s +0%
mlk_polyvec_permute_bitrev_to_custom 3s 2s +50%
mlk_scalar_compress_d1 3s 1s +200%
mlk_scalar_compress_d10 3s 1s +200%
mlk_scalar_compress_d11 3s 3s +0%
mlk_scalar_compress_d5 3s 2s +50%
mlk_scalar_decompress_d5 3s 3s +0%
mlk_shake256x4 3s 2s +50%
mlk_value_barrier_u32 3s 2s +50%
poly_getnoise_eta1122_4x_native 3s 2s +50%
poly_invntt_tomont_native 3s 2s +50%
poly_mulcache_compute_native_aarch64 3s 3s +0%
poly_tomont_native_aarch64 3s 3s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 3s 2s +50%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 3s 4s -25%
rej_uniform_native_aarch64 3s 2s +50%
keccak_f1600_x1_native_aarch64 2s 3s -33%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 2s 2s +0%
keccak_f1600_x4_native_avx2 2s 2s +0%
kem_enc 2s 2s +0%
kem_enc_derand 2s 2s +0%
kem_keypair_derand 2s 2s +0%
mlk_barrett_reduce 2s 2s +0%
mlk_check_pct 2s 1s +100%
mlk_ct_cmask_neg_i16 2s 2s +0%
mlk_ct_cmov_zero 2s 2s +0%
mlk_ct_get_optblocker_i32 2s 2s +0%
mlk_ct_sel_int16 2s 2s +0%
mlk_ct_sel_uint8 2s 1s +100%
mlk_keccakf1600_extract_bytes (big endian) 2s 2s +0%
mlk_keccakf1600_xor_bytes (big endian) 2s 5s -60%
mlk_keccakf1600x4_extract_bytes_c 2s 2s +0%
mlk_keccakf1600x4_xor_bytes 2s 1s +100%
mlk_poly_compress_d10_native 2s 1s +100%
mlk_poly_compress_d11_native 2s 2s +0%
mlk_poly_compress_d4_native 2s 2s +0%
mlk_poly_compress_d5_native 2s 5s -60%
mlk_poly_compress_dv 2s 2s +0%
mlk_poly_decompress_d4_c 2s 1s +100%
mlk_poly_decompress_d5 2s 2s +0%
mlk_poly_decompress_du 2s 2s +0%
mlk_poly_decompress_dv 2s 5s -60%
mlk_poly_frombytes 2s 3s -33%
mlk_poly_invntt_tomont 2s 1s +100%
mlk_poly_reduce 2s 3s -33%
mlk_poly_tomont_c 2s 2s +0%
mlk_poly_tomont_native 2s 3s -33%
mlk_polyvec_basemul_acc_montgomery_cached 2s 1s +100%
mlk_polyvec_frombytes 2s 2s +0%
mlk_polyvec_ntt 2s 2s +0%
mlk_rej_uniform 2s 3s -33%
mlk_scalar_compress_d4 2s 2s +0%
mlk_scalar_decompress_d10 2s 2s +0%
mlk_scalar_decompress_d11 2s 1s +100%
mlk_scalar_signed_to_unsigned_q 2s 2s +0%
mlk_sha3_512 2s 3s -33%
mlk_shake128_squeezeblocks 2s 1s +100%
mlk_shake128x4_squeezeblocks 2s 3s -33%
mlk_shake256 2s 1s +100%
mlk_value_barrier_u8 2s 2s +0%
ntt_native_x86_64 2s 2s +0%
poly_compress_d4_native_x86_64 2s 3s -33%
poly_decompress_d5_native_x86_64 2s 1s +100%
poly_tobytes_native_aarch64 2s 1s +100%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 2s 3s -33%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 2s 5s -60%
rej_uniform_native 2s 2s +0%
keccak_f1600_x1_native_aarch64_v84a 1s 3s -67%
keccak_f1600_x4_native_aarch64_v84a 1s 5s -80%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 1s 4s -75%
keccakf1600x4_extract_bytes_native 1s 2s -50%
kem_keypair 1s 3s -67%
mlk_ct_cmask_nonzero_u8 1s 1s +0%
mlk_keccakf1600_extract_bytes 1s 3s -67%
mlk_keccakf1600_permute 1s 4s -75%
mlk_keccakf1600x4_permute 1s 1s +0%
mlk_poly_compress_d10 1s 2s -50%
mlk_poly_compress_d11 1s 2s -50%
mlk_poly_compress_d4_c 1s 2s -50%
mlk_poly_compress_d5 1s 3s -67%
mlk_poly_compress_d5_c 1s 1s +0%
mlk_poly_decompress_d10 1s 3s -67%
mlk_poly_decompress_d11 1s 4s -75%
mlk_poly_decompress_d11_c 1s 3s -67%
mlk_poly_decompress_d4 1s 1s +0%
mlk_poly_frombytes_c 1s 3s -67%
mlk_poly_getnoise_eta1_4x_native 1s 2s -50%
mlk_poly_mulcache_compute 1s 3s -67%
mlk_poly_reduce_c 1s 1s +0%
mlk_poly_sub 1s 3s -67%
mlk_poly_tobytes_native 1s 2s -50%
mlk_poly_tomont 1s 2s -50%
mlk_polymat_permute_bitrev_to_custom 1s 2s -50%
mlk_polyvec_decompress_du 1s 2s -50%
mlk_polyvec_invntt_tomont 1s 2s -50%
mlk_polyvec_reduce 1s 2s -50%
mlk_polyvec_tobytes 1s 3s -67%
mlk_polyvec_tomont 1s 1s +0%
mlk_shake128_absorb_once 1s 2s -50%
mlk_value_barrier_i32 1s 3s -67%
poly_reduce_native_aarch64 1s 2s -50%
poly_tobytes_native_x86_64 1s 1s +0%

@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 5, 2026
edited
Loading

CBMC Results (ML-KEM-1024)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1364s 1207s +13.0%
mlk_rej_uniform_c 162s 117s +38%
mlk_indcpa_enc 154s 141s +9%
mlk_indcpa_keypair_derand 142s 118s +20%
mlk_polyvec_basemul_acc_montgomery_cached_c 92s 75s +23%
polyvec_basemul_acc_montgomery_cached_native 41s 34s +21%
mlk_ntt_layer 39s 29s +34%
mlk_poly_rej_uniform 35s 30s +17%
poly_ntt_native 30s 25s +20%
mlk_keccak_squeezeblocks_x4 26s 25s +4%
mlk_poly_reduce_native 22s 24s -8%
mlk_fqmul 20s 16s +25%
keccakf1600x4_permute_native_x4 19s 17s +12%
mlk_poly_decompress_d5_native 16s 14s +14%
mlk_poly_decompress_d11_native 15s 14s +7%
mlk_indcpa_dec 10s 10s +0%
mlk_polyvec_add 10s 11s -9%
mlk_keccak_squeeze_once 9s 10s -10%
mlk_poly_frombytes_native 9s 7s +29%
mlk_poly_frommsg 9s 6s +50%
mlk_gen_matrix 8s 6s +33%
mlk_gen_matrix_serial 8s 6s +33%
mlk_keccak_squeezeblocks 8s 8s +0%
mlk_poly_ntt 8s 8s +0%
mlk_ntt_butterfly_block 7s 8s -12%
mlk_poly_rej_uniform_x4 7s 7s +0%
poly_decompress_d5_native_x86_64 7s 4s +75%
poly_frombytes_native_x86_64 7s 4s +75%
rej_uniform_native_x86_64 7s 5s +40%
mlk_keccak_absorb_once_x4 6s 5s +20%
mlk_keccakf1600_permute_c 6s 7s -14%
mlk_poly_cbd_eta1 6s 3s +100%
mlk_polymat_permute_bitrev_to_custom 6s 7s -14%
poly_reduce_native_x86_64 6s 3s +100%
kem_dec 5s 5s +0%
mlk_poly_compress_d11_c 5s 4s +25%
mlk_poly_decompress_d4_c 5s 4s +25%
mlk_polyvec_basemul_acc_montgomery_cached 5s 1s +400%
mlk_polyvec_ntt 5s 3s +67%
mlk_polyvec_permute_bitrev_to_custom_native 5s 3s +67%
poly_compress_d11_native_x86_64 5s 4s +25%
poly_decompress_d11_native_x86_64 5s 5s +0%
poly_getnoise_eta1122_4x_native 5s 5s +0%
intt_native_x86_64 4s 2s +100%
kem_check_pk 4s 3s +33%
mlk_check_pct 4s 1s +300%
mlk_ct_memcmp 4s 2s +100%
mlk_invntt_layer 4s 9s -56%
mlk_keccakf1600x4_permute 4s 1s +300%
mlk_matvec_mul 4s 3s +33%
mlk_poly_add 4s 2s +100%
mlk_poly_compress_d10_c 4s 2s +100%
mlk_poly_compress_d4_c 4s 5s -20%
mlk_poly_compress_d5_c 4s 4s +0%
mlk_poly_compress_du 4s 2s +100%
mlk_poly_decompress_d11 4s 4s +0%
mlk_polyvec_reduce 4s 2s +100%
mlk_polyvec_tomont 4s 3s +33%
mlk_scalar_compress_d4 4s 1s +300%
mlk_shake128x4_squeezeblocks 4s 1s +300%
mlk_shake256x4 4s 4s +0%
mlk_value_barrier_i32 4s 3s +33%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 4s 2s +100%
rej_uniform_native_aarch64 4s 3s +33%
intt_native_aarch64 3s 1s +200%
keccak_f1600_x1_native_aarch64_v84a 3s 3s +0%
keccak_f1600_x4_native_aarch64_v84a 3s 2s +50%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 3s 2s +50%
keccak_f1600_x4_native_avx2 3s 1s +200%
keccakf1600x4_extract_bytes_native 3s 3s +0%
kem_check_sk 3s 5s -40%
kem_enc_derand 3s 3s +0%
kem_keypair 3s 4s -25%
mlk_ct_cmask_neg_i16 3s 1s +200%
mlk_ct_cmask_nonzero_u16 3s 4s -25%
mlk_ct_cmov_zero 3s 4s -25%
mlk_ct_get_optblocker_u32 3s 3s +0%
mlk_keccak_absorb_once 3s 4s -25%
mlk_poly_compress_d11 3s 1s +200%
mlk_poly_compress_d4 3s 1s +200%
mlk_poly_compress_d4_native 3s 1s +200%
mlk_poly_compress_d5_native 3s 1s +200%
mlk_poly_compress_dv 3s 2s +50%
mlk_poly_decompress_d4 3s 2s +50%
mlk_poly_decompress_du 3s 1s +200%
mlk_poly_frombytes_c 3s 5s -40%
mlk_poly_getnoise_eta1122_4x 3s 1s +200%
mlk_poly_getnoise_eta1_4x 3s 3s +0%
mlk_poly_invntt_tomont 3s 2s +50%
mlk_poly_mulcache_compute 3s 4s -25%
mlk_poly_ntt_c 3s 4s -25%
mlk_poly_sub 3s 2s +50%
mlk_poly_tomont_c 3s 1s +200%
mlk_poly_tomsg 3s 2s +50%
mlk_scalar_compress_d5 3s 1s +200%
mlk_scalar_decompress_d4 3s 4s -25%
mlk_scalar_decompress_d5 3s 2s +50%
mlk_scalar_signed_to_unsigned_q 3s 4s -25%
mlk_sha3_512 3s 1s +200%
mlk_shake256 3s 2s +50%
mlk_value_barrier_u32 3s 1s +200%
nttunpack_native_x86_64 3s 3s +0%
poly_compress_d10_native_x86_64 3s 1s +200%
poly_mulcache_compute_native_aarch64 3s 1s +200%
poly_mulcache_compute_native_x86_64 3s 6s -50%
poly_tobytes_native_aarch64 3s 4s -25%
poly_tomont_native_aarch64 3s 3s +0%
poly_tomont_native_x86_64 3s 2s +50%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 3s 4s -25%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 3s 4s -25%
rej_uniform_native 3s 3s +0%
keccak_f1600_x1_native_aarch64 2s 1s +100%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 2s 1s +100%
keccakf1600x4_xor_bytes_native 2s 1s +100%
kem_enc 2s 2s +0%
kem_keypair_derand 2s 3s -33%
mlk_ct_cmask_nonzero_u8 2s 1s +100%
mlk_ct_get_optblocker_i32 2s 1s +100%
mlk_ct_get_optblocker_u8 2s 2s +0%
mlk_ct_sel_int16 2s 2s +0%
mlk_ct_sel_uint8 2s 1s +100%
mlk_enc_getnoise_eta1_eta2 2s 4s -50%
mlk_keccakf1600_xor_bytes 2s 2s +0%
mlk_keccakf1600_xor_bytes (big endian) 2s 2s +0%
mlk_keccakf1600x4_extract_bytes 2s 3s -33%
mlk_keccakf1600x4_xor_bytes 2s 2s +0%
mlk_keccakf1600x4_xor_bytes_c 2s 4s -50%
mlk_keypair_getnoise_eta1 2s 5s -60%
mlk_poly_compress_d11_native 2s 1s +100%
mlk_poly_decompress_d10 2s 1s +100%
mlk_poly_decompress_d10_c 2s 3s -33%
mlk_poly_decompress_d4_native 2s 1s +100%
mlk_poly_decompress_d5 2s 3s -33%
mlk_poly_decompress_d5_c 2s 2s +0%
mlk_poly_decompress_dv 2s 3s -33%
mlk_poly_getnoise_eta1_4x_native 2s 2s +0%
mlk_poly_invntt_tomont_c 2s 3s -33%
mlk_poly_mulcache_compute_c 2s 4s -50%
mlk_poly_reduce 2s 1s +100%
mlk_poly_reduce_c 2s 4s -50%
mlk_poly_tobytes 2s 2s +0%
mlk_poly_tobytes_c 2s 2s +0%
mlk_poly_tobytes_native 2s 1s +100%
mlk_poly_tomont 2s 4s -50%
mlk_poly_tomont_native 2s 1s +100%
mlk_polyvec_compress_du 2s 2s +0%
mlk_polyvec_frombytes 2s 4s -50%
mlk_polyvec_invntt_tomont 2s 2s +0%
mlk_polyvec_permute_bitrev_to_custom 2s 2s +0%
mlk_polyvec_tobytes 2s 2s +0%
mlk_rej_uniform 2s 1s +100%
mlk_scalar_compress_d10 2s 1s +100%
mlk_scalar_compress_d11 2s 2s +0%
mlk_scalar_decompress_d10 2s 2s +0%
mlk_scalar_decompress_d11 2s 1s +100%
mlk_shake128_squeezeblocks 2s 2s +0%
mlk_value_barrier_u8 2s 2s +0%
ntt_native_aarch64 2s 2s +0%
ntt_native_x86_64 2s 2s +0%
poly_decompress_d10_native_x86_64 2s 4s -50%
poly_decompress_d4_native_x86_64 2s 4s -50%
poly_invntt_tomont_native 2s 1s +100%
poly_tobytes_native_x86_64 2s 3s -33%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 2s 4s -50%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 2s 2s +0%
sys_check_capability 2s 1s +100%
keccakf1600_permute_native 1s 2s -50%
mlk_barrett_reduce 1s 3s -67%
mlk_keccakf1600_extract_bytes 1s 2s -50%
mlk_keccakf1600_extract_bytes (big endian) 1s 3s -67%
mlk_keccakf1600_permute 1s 2s -50%
mlk_keccakf1600x4_extract_bytes_c 1s 4s -75%
mlk_montgomery_reduce 1s 2s -50%
mlk_poly_cbd_eta2 1s 2s -50%
mlk_poly_compress_d10 1s 2s -50%
mlk_poly_compress_d10_native 1s 2s -50%
mlk_poly_compress_d5 1s 3s -67%
mlk_poly_decompress_d10_native 1s 3s -67%
mlk_poly_decompress_d11_c 1s 4s -75%
mlk_poly_frombytes 1s 4s -75%
mlk_poly_getnoise_eta2 1s 3s -67%
mlk_poly_mulcache_compute_native 1s 3s -67%
mlk_polyvec_decompress_du 1s 4s -75%
mlk_polyvec_mulcache_compute 1s 3s -67%
mlk_scalar_compress_d1 1s 2s -50%
mlk_sha3_256 1s 2s -50%
mlk_shake128_absorb_once 1s 2s -50%
mlk_shake128x4_absorb_once 1s 4s -75%
poly_compress_d4_native_x86_64 1s 3s -67%
poly_compress_d5_native_x86_64 1s 2s -50%
poly_reduce_native_aarch64 1s 2s -50%

@oqs-bot
Copy link
Copy Markdown
Contributor

oqs-bot commented May 5, 2026
edited
Loading

CBMC Results (ML-KEM-768)

Full Results (191 proofs)
Proof Status Current Previous Change
**TOTAL** 1217s 1303s -6.6%
mlk_indcpa_keypair_derand 188s 202s -7%
mlk_indcpa_enc 168s 177s -5%
mlk_rej_uniform_c 121s 136s -11%
mlk_polyvec_basemul_acc_montgomery_cached_c 42s 46s -9%
mlk_ntt_layer 30s 35s -14%
mlk_poly_rej_uniform 29s 35s -17%
mlk_keccak_squeezeblocks_x4 27s 25s +8%
poly_ntt_native 24s 28s -14%
mlk_poly_reduce_native 20s 21s -5%
keccakf1600x4_permute_native_x4 18s 17s +6%
polyvec_basemul_acc_montgomery_cached_native 16s 19s -16%
mlk_fqmul 15s 14s +7%
mlk_indcpa_dec 13s 14s -7%
mlk_poly_decompress_d10_native 13s 16s -19%
mlk_poly_decompress_d4_native 13s 13s +0%
mlk_polyvec_add 10s 9s +11%
mlk_poly_ntt 9s 7s +29%
mlk_keccak_absorb_once_x4 8s 7s +14%
mlk_poly_frombytes_native 8s 12s -33%
mlk_poly_frommsg 8s 8s +0%
mlk_poly_rej_uniform_x4 8s 6s +33%
mlk_keccak_squeeze_once 7s 7s +0%
poly_decompress_d10_native_x86_64 7s 3s +133%
kem_dec 6s 5s +20%
mlk_keccak_squeezeblocks 6s 10s -40%
mlk_keccakf1600_permute_c 6s 6s +0%
mlk_ntt_butterfly_block 6s 10s -40%
mlk_ct_memcmp 5s 3s +67%
mlk_invntt_layer 5s 5s +0%
poly_frombytes_native_x86_64 5s 5s +0%
poly_invntt_tomont_native 5s 2s +150%
rej_uniform_native_x86_64 5s 7s -29%
keccakf1600x4_extract_bytes_native 4s 3s +33%
kem_enc_derand 4s 3s +33%
mlk_check_pct 4s 2s +100%
mlk_gen_matrix 4s 3s +33%
mlk_keccak_absorb_once 4s 3s +33%
mlk_poly_getnoise_eta1122_4x 4s 1s +300%
mlk_poly_mulcache_compute_c 4s 3s +33%
mlk_poly_sub 4s 1s +300%
mlk_poly_tobytes 4s 2s +100%
mlk_polymat_permute_bitrev_to_custom 4s 3s +33%
mlk_polyvec_compress_du 4s 1s +300%
mlk_polyvec_decompress_du 4s 2s +100%
mlk_scalar_compress_d11 4s 2s +100%
mlk_shake128_absorb_once 4s 2s +100%
mlk_shake256x4 4s 5s -20%
ntt_native_aarch64 4s 4s +0%
nttunpack_native_x86_64 4s 4s +0%
poly_decompress_d4_native_x86_64 4s 4s +0%
poly_tomont_native_x86_64 4s 1s +300%
intt_native_aarch64 3s 1s +200%
intt_native_x86_64 3s 1s +200%
keccak_f1600_x1_native_aarch64_v84a 3s 1s +200%
keccakf1600_permute_native 3s 1s +200%
mlk_ct_cmask_nonzero_u16 3s 1s +200%
mlk_ct_cmask_nonzero_u8 3s 1s +200%
mlk_ct_sel_int16 3s 3s +0%
mlk_enc_getnoise_eta1_eta2 3s 3s +0%
mlk_keccakf1600_extract_bytes (big endian) 3s 5s -40%
mlk_keccakf1600x4_permute 3s 1s +200%
mlk_keccakf1600x4_xor_bytes 3s 3s +0%
mlk_matvec_mul 3s 1s +200%
mlk_poly_cbd_eta1 3s 2s +50%
mlk_poly_compress_d10_c 3s 3s +0%
mlk_poly_compress_d10_native 3s 3s +0%
mlk_poly_compress_d11_native 3s 2s +50%
mlk_poly_compress_d4 3s 2s +50%
mlk_poly_compress_d4_c 3s 2s +50%
mlk_poly_compress_d5_native 3s 2s +50%
mlk_poly_compress_du 3s 2s +50%
mlk_poly_compress_dv 3s 1s +200%
mlk_poly_decompress_d10 3s 4s -25%
mlk_poly_decompress_d11 3s 2s +50%
mlk_poly_decompress_d11_native 3s 2s +50%
mlk_poly_decompress_du 3s 2s +50%
mlk_poly_getnoise_eta1_4x 3s 3s +0%
mlk_poly_getnoise_eta2 3s 3s +0%
mlk_poly_invntt_tomont 3s 3s +0%
mlk_poly_invntt_tomont_c 3s 3s +0%
mlk_poly_tobytes_c 3s 2s +50%
mlk_poly_tomsg 3s 3s +0%
mlk_polyvec_basemul_acc_montgomery_cached 3s 3s +0%
mlk_polyvec_frombytes 3s 3s +0%
mlk_polyvec_invntt_tomont 3s 3s +0%
mlk_polyvec_permute_bitrev_to_custom_native 3s 4s -25%
mlk_scalar_compress_d1 3s 2s +50%
mlk_scalar_decompress_d10 3s 3s +0%
mlk_sha3_256 3s 2s +50%
mlk_shake128x4_squeezeblocks 3s 2s +50%
mlk_shake256 3s 1s +200%
poly_compress_d10_native_x86_64 3s 3s +0%
poly_compress_d4_native_x86_64 3s 2s +50%
poly_getnoise_eta1122_4x_native 3s 5s -40%
poly_tobytes_native_aarch64 3s 3s +0%
keccak_f1600_x1_native_aarch64 2s 5s -60%
keccak_f1600_x4_native_aarch64_v84a 2s 4s -50%
keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid 2s 2s +0%
kem_enc 2s 3s -33%
kem_keypair 2s 2s +0%
mlk_barrett_reduce 2s 2s +0%
mlk_ct_cmov_zero 2s 1s +100%
mlk_ct_get_optblocker_i32 2s 2s +0%
mlk_ct_get_optblocker_u32 2s 3s -33%
mlk_gen_matrix_serial 2s 3s -33%
mlk_keccakf1600_extract_bytes 2s 3s -33%
mlk_keccakf1600_xor_bytes 2s 3s -33%
mlk_keccakf1600_xor_bytes (big endian) 2s 2s +0%
mlk_keccakf1600x4_xor_bytes_c 2s 1s +100%
mlk_montgomery_reduce 2s 1s +100%
mlk_poly_add 2s 3s -33%
mlk_poly_cbd_eta2 2s 3s -33%
mlk_poly_compress_d10 2s 3s -33%
mlk_poly_compress_d11 2s 2s +0%
mlk_poly_compress_d4_native 2s 3s -33%
mlk_poly_decompress_d10_c 2s 2s +0%
mlk_poly_decompress_d11_c 2s 3s -33%
mlk_poly_decompress_d4 2s 1s +100%
mlk_poly_decompress_d4_c 2s 1s +100%
mlk_poly_decompress_d5 2s 3s -33%
mlk_poly_decompress_d5_c 2s 2s +0%
mlk_poly_decompress_d5_native 2s 1s +100%
mlk_poly_decompress_dv 2s 3s -33%
mlk_poly_frombytes_c 2s 1s +100%
mlk_poly_getnoise_eta1_4x_native 2s 6s -67%
mlk_poly_ntt_c 2s 2s +0%
mlk_poly_tobytes_native 2s 2s +0%
mlk_poly_tomont_c 2s 1s +100%
mlk_polyvec_mulcache_compute 2s 4s -50%
mlk_polyvec_ntt 2s 3s -33%
mlk_polyvec_permute_bitrev_to_custom 2s 1s +100%
mlk_polyvec_reduce 2s 2s +0%
mlk_polyvec_tomont 2s 1s +100%
mlk_scalar_compress_d4 2s 3s -33%
mlk_scalar_compress_d5 2s 3s -33%
mlk_scalar_decompress_d4 2s 4s -50%
mlk_scalar_signed_to_unsigned_q 2s 2s +0%
mlk_shake128_squeezeblocks 2s 2s +0%
mlk_shake128x4_absorb_once 2s 2s +0%
mlk_value_barrier_u32 2s 1s +100%
mlk_value_barrier_u8 2s 1s +100%
ntt_native_x86_64 2s 2s +0%
poly_compress_d11_native_x86_64 2s 3s -33%
poly_decompress_d11_native_x86_64 2s 2s +0%
poly_decompress_d5_native_x86_64 2s 3s -33%
poly_mulcache_compute_native_aarch64 2s 4s -50%
poly_mulcache_compute_native_x86_64 2s 2s +0%
poly_reduce_native_x86_64 2s 3s -33%
poly_tomont_native_aarch64 2s 3s -33%
polyvec_basemul_acc_montgomery_cached_k2_native_aarch64 2s 4s -50%
polyvec_basemul_acc_montgomery_cached_k2_native_x86_64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_aarch64 2s 2s +0%
polyvec_basemul_acc_montgomery_cached_k3_native_x86_64 2s 5s -60%
polyvec_basemul_acc_montgomery_cached_k4_native_aarch64 2s 4s -50%
rej_uniform_native 2s 4s -50%
rej_uniform_native_aarch64 2s 3s -33%
sys_check_capability 2s 4s -50%
keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid 1s 1s +0%
keccak_f1600_x4_native_avx2 1s 2s -50%
keccakf1600x4_xor_bytes_native 1s 2s -50%
kem_check_pk 1s 3s -67%
kem_check_sk 1s 3s -67%
kem_keypair_derand 1s 3s -67%
mlk_ct_cmask_neg_i16 1s 3s -67%
mlk_ct_get_optblocker_u8 1s 2s -50%
mlk_ct_sel_uint8 1s 3s -67%
mlk_keccakf1600_permute 1s 2s -50%
mlk_keccakf1600x4_extract_bytes 1s 1s +0%
mlk_keccakf1600x4_extract_bytes_c 1s 2s -50%
mlk_keypair_getnoise_eta1 1s 3s -67%
mlk_poly_compress_d11_c 1s 2s -50%
mlk_poly_compress_d5 1s 4s -75%
mlk_poly_compress_d5_c 1s 4s -75%
mlk_poly_frombytes 1s 2s -50%
mlk_poly_mulcache_compute 1s 2s -50%
mlk_poly_mulcache_compute_native 1s 2s -50%
mlk_poly_reduce 1s 1s +0%
mlk_poly_reduce_c 1s 6s -83%
mlk_poly_tomont 1s 3s -67%
mlk_poly_tomont_native 1s 3s -67%
mlk_polyvec_tobytes 1s 1s +0%
mlk_rej_uniform 1s 3s -67%
mlk_scalar_compress_d10 1s 1s +0%
mlk_scalar_decompress_d11 1s 1s +0%
mlk_scalar_decompress_d5 1s 2s -50%
mlk_sha3_512 1s 1s +0%
mlk_value_barrier_i32 1s 3s -67%
poly_compress_d5_native_x86_64 1s 6s -83%
poly_reduce_native_aarch64 1s 3s -67%
poly_tobytes_native_x86_64 1s 1s +0%
polyvec_basemul_acc_montgomery_cached_k4_native_x86_64 1s 1s +0%

bremoran added 5 commits May 7, 2026 14:50
@bremoran
nucleo-n657x0-q: add OpenOCD backend
7794e36 
Add NUCLEO_DEBUG_BACKEND=openocd support for FLEXMEM setup and runtime GDB
loading. Share OpenOCD command construction in nucleo_host.openocd_tools,
use connect-under-reset only for the FLEXMEM helper, and skip ST-LINK
semihost socket setup for OpenOCD runtime sessions.

Package an OpenOCD snapshot with STM32N6 target support as st-openocd and add
it to the NUCLEO devshell. Document the ST-LINK/OpenOCD workflows and add
host-side tests for OpenOCD command generation and wrapper selection.

Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Use OpenOCD as NUCLEO-N657X0-Q backend
fe1caf4 
Remove the STM32Cube CLT/ST-LINK_gdbserver backend and make the
RAM-only NUCLEO-N657X0-Q flow use OpenOCD directly for both FLEXMEM
configuration and runtime GDB sessions.

Keep the required reset split: FLEXMEM configuration uses
connect-under-reset, while the runtime OpenOCD server does not. Replace
STLINK_* controls with OPENOCD_* controls, update host tests and docs,
and remove the obsolete st_tools helper.

Also define ARMCM55 for the platform and use the STM32N6 CMSIS device
header in the PMU benchmark path so benchmark builds work on target.

Validated with host unit tests, py_compile, git diff --check, and
on-target ML-KEM test/benchmark runs.

Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
nucleo-n657x0-q: harden FLEXMEM recovery and target exits
336b98d 
Improve OpenOCD/FLEXMEM handling for the NUCLEO-N657X0-Q platform by
retrying FLEXMEM configuration without connect-under-reset after attach
failures, resetting the target after runtime output harvesting, and using
the recovered FLEXMEM path for GDB load failures.

Route target-side _exit(status) through the platform semihosting exit path
so libc exit() calls emit the ML-KEM exit sentinel. Treat SIGTRAP without
that sentinel as a target failure instead of a successful run.

Update the Nucleo platform docs and host-side regression tests for the new
reset sequencing, attach fallback, load-failure recovery, default OpenOCD
speed, and missing-sentinel handling.

Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Merge remote-tracking branch 'origin/main' into platform-nucleo-n657x0-q
13ab7ba
@bremoran
Add NUCLEO-N657X0-Q CI and benchmark jobs
848e4e1 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran force-pushed the platform-nucleo-n657x0-q branch from 54df290 to dd9798a Compare May 12, 2026 12:53
@mkannwischer mkannwischer added the benchmark this PR should be benchmarked in CI label May 12, 2026
@bremoran
Adjust test result handling
1ad95e2 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran force-pushed the platform-nucleo-n657x0-q branch from dd9798a to 1ad95e2 Compare May 12, 2026 14:49
bremoran added 4 commits May 12, 2026 16:29
@bremoran
Add support for cycle counter on Cortex-M
cdad344 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Disable other CI benchmarks, run autogen.
869e9dc 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Fix pmu incompatibility
e568667 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran
Correct linting error
a276ffa 
Signed-off-by: Brendan Moran <brendan.moran@arm.com>
@bremoran bremoran force-pushed the platform-nucleo-n657x0-q branch from e2e7f94 to a276ffa Compare May 29, 2026 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

benchmark this PR should be benchmarked in CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bremoran @hanno-becker @mkannwischer @oqs-bot