From 44a70eedd9a2415112fb601f3bff9171dd4e78af Mon Sep 17 00:00:00 2001 From: David Schrammel Date: Mon, 3 Feb 2025 12:28:06 +0100 Subject: [PATCH] [racl,rtl,sram_ctrl,spi_host,spi_device] Enable RACL ranges for sram_ctrl And implement ranges for tlul_adapter_sram_racl and rewire parameters where it is already being used. Signed-off-by: David Schrammel --- hw/ip/spi_device/rtl/spi_device.sv | 20 ++++++-- hw/ip/spi_host/rtl/spi_host_window.sv | 12 ++++- hw/ip/sram_ctrl/data/sram_ctrl.hjson | 2 +- .../dv/env/seq_lib/sram_ctrl_common_vseq.sv | 16 +++--- .../seq_lib/sram_ctrl_readback_err_vseq.sv | 3 +- hw/ip/sram_ctrl/rtl/sram_ctrl.sv | 49 ++++++++++++++----- hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv | 15 +++++- hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv | 29 +++++++++-- 8 files changed, 113 insertions(+), 33 deletions(-) diff --git a/hw/ip/spi_device/rtl/spi_device.sv b/hw/ip/spi_device/rtl/spi_device.sv index e590f04883a115..978be74ace6f86 100644 --- a/hw/ip/spi_device/rtl/spi_device.sv +++ b/hw/ip/spi_device/rtl/spi_device.sv @@ -16,7 +16,19 @@ module spi_device parameter bit RaclErrorRsp = EnableRacl, parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[73] = '{73{0}}, parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinEgressbuffer = 0, - parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0 + parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0, + localparam top_racl_pkg::racl_range_t RaclPolicySelRangesEgressbuffer[1] = '{ + '{base: {top_pkg::TL_AW{1'b0}}, + mask: {top_pkg::TL_AW{1'b1}}, + policy_sel: top_racl_pkg::racl_policy_sel_t'(RaclPolicySelWinEgressbuffer) + } + }, + localparam top_racl_pkg::racl_range_t RaclPolicySelRangesIngressbuffer[1] = '{ + '{base: {top_pkg::TL_AW{1'b0}}, + mask: {top_pkg::TL_AW{1'b1}}, + policy_sel: top_racl_pkg::racl_policy_sel_t'(RaclPolicySelWinIngressbuffer) + } + } ) ( input clk_i, input rst_ni, @@ -1687,7 +1699,8 @@ module spi_device .ByteAccess (0), .EnableRacl (EnableRacl), .RaclErrorRsp (RaclErrorRsp), - .RaclPolicySelVec (RaclPolicySelWinEgressbuffer) + .RaclPolicySelNumRanges(1), + .RaclPolicySelRanges(RaclPolicySelRangesEgressbuffer) ) u_tlul2sram_egress ( .clk_i, .rst_ni, @@ -1725,7 +1738,8 @@ module spi_device .ByteAccess (0), .EnableRacl (EnableRacl), .RaclErrorRsp (RaclErrorRsp), - .RaclPolicySelVec (RaclPolicySelWinIngressbuffer) + .RaclPolicySelNumRanges(1), + .RaclPolicySelRanges(RaclPolicySelRangesIngressbuffer) ) u_tlul2sram_ingress ( .clk_i, .rst_ni, diff --git a/hw/ip/spi_host/rtl/spi_host_window.sv b/hw/ip/spi_host/rtl/spi_host_window.sv index 226ca833ef2178..4f2aec3bd73f0d 100644 --- a/hw/ip/spi_host/rtl/spi_host_window.sv +++ b/hw/ip/spi_host/rtl/spi_host_window.sv @@ -10,7 +10,14 @@ module spi_host_window parameter bit EnableRacl = 1'b0, parameter bit RaclErrorRsp = 1'b1, parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinRXDATA = 0, - parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0 + parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0, + localparam top_racl_pkg::racl_range_t RaclPolicySelRangesTXDATA[1] = '{ + '{ + base: {top_pkg::TL_AW{1'b0}}, + mask: {top_pkg::TL_AW{1'b1}}, + policy_sel: top_racl_pkg::racl_policy_sel_t'(RaclPolicySelWinTXDATA) + } + } ) ( input clk_i, input rst_ni, @@ -97,7 +104,8 @@ module spi_host_window .ErrOnRead(1), .EnableRacl(EnableRacl), .RaclErrorRsp(RaclErrorRsp), - .RaclPolicySelVec(RaclPolicySelWinTXDATA) + .RaclPolicySelNumRanges(1), + .RaclPolicySelRanges(RaclPolicySelRangesTXDATA) ) u_adapter_tx ( .clk_i, .rst_ni, diff --git a/hw/ip/sram_ctrl/data/sram_ctrl.hjson b/hw/ip/sram_ctrl/data/sram_ctrl.hjson index c2267340b261ab..eea44824e93b89 100644 --- a/hw/ip/sram_ctrl/data/sram_ctrl.hjson +++ b/hw/ip/sram_ctrl/data/sram_ctrl.hjson @@ -29,7 +29,7 @@ bus_interfaces: [ { protocol: "tlul", direction: "device", name: "regs", racl_support: true } - { protocol: "tlul", direction: "device", name: "ram" }, + { protocol: "tlul", direction: "device", name: "ram" , racl_support: true } ], /////////////////////////// diff --git a/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_common_vseq.sv b/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_common_vseq.sv index 8aa01916fa5438..73c3e67871d26a 100644 --- a/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_common_vseq.sv +++ b/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_common_vseq.sv @@ -79,8 +79,8 @@ class sram_ctrl_common_vseq extends sram_ctrl_base_vseq; // their counters. This avoids a problem where we generate a spurious request when the FIFO was // actually empty and lots of signals in the design become X. This will let the fifos error // signal stuck at X. Zeroing the backing memory avoids that problem. - splat_fifo_storage("tb.dut.u_tlul_adapter_sram.u_reqfifo", 2); - splat_fifo_storage("tb.dut.u_tlul_adapter_sram.u_sramreqfifo", 2); + splat_fifo_storage("tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_reqfifo", 2); + splat_fifo_storage("tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sramreqfifo", 2); super.dut_init(reset_kind); endtask @@ -168,13 +168,13 @@ class sram_ctrl_common_vseq extends sram_ctrl_base_vseq; if (is_ptr_in_adapters_fifo(if_proxy.path, touching_req_fifo)) begin if (!enable) begin `uvm_info(`gfn, "Doing FI on a prim_fifo_sync. Disabling related assertions", UVM_HIGH) - $assertoff(0, "tb.dut.u_tlul_adapter_sram.u_reqfifo"); - $assertoff(0, "tb.dut.u_tlul_adapter_sram.u_sramreqfifo"); - $assertoff(0, "tb.dut.u_tlul_adapter_sram.u_rspfifo"); + $assertoff(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_reqfifo"); + $assertoff(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sramreqfifo"); + $assertoff(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_rspfifo"); end else begin - $asserton(0, "tb.dut.u_tlul_adapter_sram.u_reqfifo"); - $asserton(0, "tb.dut.u_tlul_adapter_sram.u_sramreqfifo"); - $asserton(0, "tb.dut.u_tlul_adapter_sram.u_rspfifo"); + $asserton(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_reqfifo"); + $asserton(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sramreqfifo"); + $asserton(0, "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_rspfifo"); end // Disable assertions that we expect to fail if we corrupt a request FIFO. This causes us to diff --git a/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_readback_err_vseq.sv b/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_readback_err_vseq.sv index 8c369bf1171a63..ddd0239b30c891 100644 --- a/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_readback_err_vseq.sv +++ b/hw/ip/sram_ctrl/dv/env/seq_lib/sram_ctrl_readback_err_vseq.sv @@ -110,7 +110,8 @@ class sram_ctrl_readback_err_vseq extends sram_ctrl_base_vseq; cfg.is_fi_test = 1'b1; // If we are faulting the sram_we signal, this assertion would trigger. Disable it. - $assertoff(0, "tb.dut.u_tlul_adapter_sram.u_sram_byte.gen_integ_handling"); + $assertoff(0, + "tb.dut.u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sram_byte.gen_integ_handling"); `DV_CHECK_MEMBER_RANDOMIZE_FATAL(num_ops) `DV_CHECK_MEMBER_RANDOMIZE_FATAL(do_fi_op) diff --git a/hw/ip/sram_ctrl/rtl/sram_ctrl.sv b/hw/ip/sram_ctrl/rtl/sram_ctrl.sv index bdadaa508b6ef4..50ffeb4e8c82cb 100644 --- a/hw/ip/sram_ctrl/rtl/sram_ctrl.sv +++ b/hw/ip/sram_ctrl/rtl/sram_ctrl.sv @@ -31,7 +31,9 @@ module sram_ctrl parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault, parameter bit EnableRacl = 1'b0, parameter bit RaclErrorRsp = EnableRacl, - parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}} + parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}}, + parameter int unsigned RaclPolicySelRangesRamNum = 1, + parameter top_racl_pkg::racl_range_t RaclPolicySelRangesRam[RaclPolicySelRangesRamNum] = '{'0} ) ( // SRAM Clock input logic clk_i, @@ -90,6 +92,13 @@ module sram_ctrl `ASSERT_INIT(NonceWidthsLessThanSource_A, NonceWidth + LfsrWidth <= otp_ctrl_pkg::SramNonceWidth) + logic racl_error_regs; + logic racl_error_ram; + top_racl_pkg::racl_error_log_t racl_error_regs_log; + top_racl_pkg::racl_error_log_t racl_error_ram_log; + // We are combining all racl errors here because only one of them can be set at any time. + assign racl_error_o = racl_error_regs | racl_error_ram; + assign racl_error_log_o = racl_error_regs_log | racl_error_ram_log; ///////////////////////////////////// // Anchor incoming seeds and constants @@ -137,8 +146,8 @@ module sram_ctrl .hw2reg, // RACL interface .racl_policies_i ( racl_policies_i ), - .racl_error_o ( racl_error_o ), - .racl_error_log_o ( racl_error_log_o ), + .racl_error_o ( racl_error_regs ), + .racl_error_log_o ( racl_error_regs_log), // SEC_CM: BUS.INTEGRITY .intg_err_o ( bus_integ_error[0] ) ); @@ -492,7 +501,7 @@ module sram_ctrl mubi4_t reg_readback_en; assign reg_readback_en = mubi4_t'(reg2hw.readback.q); - tlul_adapter_sram #( + tlul_adapter_sram_racl #( .SramAw(AddrWidth), .SramDw(DataWidth - tlul_pkg::DataIntgWidth), .Outstanding(2), @@ -502,8 +511,12 @@ module sram_ctrl .EnableDataIntgGen(0), .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY .SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN - .EnableReadback (1) // SEC_CM: MEM.READBACK - ) u_tlul_adapter_sram ( + .EnableReadback (1), // SEC_CM: MEM.READBACK + .EnableRacl(EnableRacl), + .RaclErrorRsp(RaclErrorRsp), + .RaclPolicySelNumRanges(RaclPolicySelRangesRamNum), + .RaclPolicySelRanges(RaclPolicySelRangesRam) + ) u_tlul_adapter_sram_racl ( .clk_i, .rst_ni, .tl_i (ram_tl_in_gated), @@ -526,7 +539,11 @@ module sram_ctrl .readback_en_i (reg_readback_en), .readback_error_o (readback_error), .wr_collision_i (sram_wr_collision), - .write_pending_i (sram_wpending) + .write_pending_i (sram_wpending), + // RACL interface + .racl_policies_i (racl_policies_i), + .racl_error_o (racl_error_ram), + .racl_error_log_o (racl_error_ram_log) ); logic key_valid; @@ -621,22 +638,28 @@ module sram_ctrl // Alert assertions for redundant counters. `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RspFifoWptrCheck_A, - u_tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_wptr, alert_tx_o[0]) `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RspFifoRptrCheck_A, - u_tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_rptr, alert_tx_o[0]) `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(SramReqFifoWptrCheck_A, - u_tlul_adapter_sram.u_sramreqfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sramreqfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_wptr, alert_tx_o[0]) `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(SramReqFifoRptrCheck_A, - u_tlul_adapter_sram.u_sramreqfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_sramreqfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_rptr, alert_tx_o[0]) `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(ReqFifoWptrCheck_A, - u_tlul_adapter_sram.u_reqfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_reqfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_wptr, alert_tx_o[0]) `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(ReqFifoRptrCheck_A, - u_tlul_adapter_sram.u_reqfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr, + u_tlul_adapter_sram_racl.tlul_adapter_sram.u_reqfifo.gen_normal_fifo.u_fifo_cnt + .gen_secure_ptrs.u_rptr, alert_tx_o[0]) // `tlul_gnt` doesn't factor in `sram_gnt` for timing reasons. This assertions checks that diff --git a/hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv b/hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv index a6441cfc4bfe65..172b907e047194 100644 --- a/hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv +++ b/hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv @@ -6,13 +6,24 @@ `include "prim_assert.sv" -module sram_ctrl_ram_reg_top ( +module sram_ctrl_ram_reg_top + # ( + parameter bit EnableRacl = 1'b0, + parameter bit RaclErrorRsp = 1'b1, + parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[sram_ctrl_reg_pkg::NumRegsRam] = + '{sram_ctrl_reg_pkg::NumRegsRam{0}} + ) ( input clk_i, input rst_ni, input tlul_pkg::tl_h2d_t tl_i, output tlul_pkg::tl_d2h_t tl_o, // To HW + // RACL interface + input top_racl_pkg::racl_policy_vec_t racl_policies_i, + output logic racl_error_o, + output top_racl_pkg::racl_error_log_t racl_error_log_o, + // Integrity check errors output logic intg_err_o ); @@ -39,4 +50,6 @@ module sram_ctrl_ram_reg_top ( assign tl_o_pre = tl_reg_d2h; // Unused signal tieoff + logic unused_policy_sel; + assign unused_policy_sel = ^racl_policies_i; endmodule diff --git a/hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv b/hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv index 0722831ac1f172..d73e137869bb3b 100644 --- a/hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv +++ b/hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv @@ -41,8 +41,8 @@ module tlul_adapter_sram_racl parameter bit DataXorAddr = 0, // 1: XOR data and address for address protection parameter bit EnableRacl = 0, // 1: Enable RACL checks on access parameter bit RaclErrorRsp = EnableRacl, // 1: Return TLUL error on RACL errors - parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec = 0, // RACL policy for this SRAM - // adapter + parameter int RaclPolicySelNumRanges = 1, // Number of ranges with a RACL policy + parameter top_racl_pkg::racl_range_t RaclPolicySelRanges [RaclPolicySelNumRanges] = '{'0}, localparam int WidthMult = SramDw / top_pkg::TL_DW, localparam int IntgWidth = tlul_pkg::DataIntgWidth * WidthMult, localparam int DataOutW = EnableDataIntgPt ? SramDw + IntgWidth : SramDw @@ -98,12 +98,31 @@ module tlul_adapter_sram_racl ); logic req, rd_req, wr_req, racl_read_allowed, racl_write_allowed; + logic [RaclPolicySelNumRanges-1:0] range_read_allowed; + logic [RaclPolicySelNumRanges-1:0] range_write_allowed; + + for (genvar r = 0; r < RaclPolicySelNumRanges; r++) begin : gen_racl_range_check + top_racl_pkg::racl_range_t range; + top_racl_pkg::racl_policy_t policy; + logic range_match; + assign range = RaclPolicySelRanges[r]; + assign policy = racl_policies_i[range.policy_sel]; + // Asserts that a valid range is defined + `ASSERT(RaclAdapterSramValidRange, range.mask > 0) + // Check if the address is within range + assign range_match = (tl_i.a_address & ~range.mask) == range.base; + // If address matches, lookup permissions for policy defined for this range + assign range_read_allowed[r] = range_match & |(policy.read_perm & racl_role_vec); + assign range_write_allowed[r] = range_match & |(policy.write_perm & racl_role_vec); + end + + assign racl_read_allowed = |range_read_allowed; + assign racl_write_allowed = |range_write_allowed; + assign req = tl_i.a_valid & tl_o.a_ready; assign rd_req = req & (tl_i.a_opcode == tlul_pkg::Get); assign wr_req = req & (tl_i.a_opcode == tlul_pkg::PutFullData | tl_i.a_opcode == tlul_pkg::PutPartialData); - assign racl_read_allowed = (|(racl_policies_i[RaclPolicySelVec].read_perm & racl_role_vec)); - assign racl_write_allowed = (|(racl_policies_i[RaclPolicySelVec].write_perm & racl_role_vec)); assign racl_error_o = (rd_req & ~racl_read_allowed) | (wr_req & ~racl_write_allowed); tlul_request_loopback #( @@ -174,6 +193,8 @@ module tlul_adapter_sram_racl logic unused_policy_sel; assign unused_policy_sel = ^racl_policies_i; + `ASSERT(RaclAdapterSramNumRanges, EnableRacl |-> RaclPolicySelNumRanges > 0) + // Ensure that RACL signals are not undefined `ASSERT_KNOWN(RaclAdapterSramErrorKnown_A, racl_error_o) `ASSERT_KNOWN(RaclAdapterSramErrorLogKnown_A, racl_error_log_o)