Skip to content

Commit

Permalink
[racl,rtl,sram_ctrl,spi_host,spi_device] Enable RACL ranges for sram_…
Browse files Browse the repository at this point in the history 
…ctrl

And implement ranges for tlul_adapter_sram_racl
and rewire parameters where it is already being used.

Signed-off-by: David Schrammel <[email protected]>
  • Loading branch information
@davidschrammel
davidschrammel committed Feb 3, 2025
1 parent f4a1d19 commit a53c3ff
Show file tree
Hide file tree
Showing 6 changed files with 78 additions and 18 deletions.
12 changes: 9 additions & 3 deletions hw/ip/spi_device/rtl/spi_device.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ module spi_device
parameter bit RaclErrorRsp = EnableRacl,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[73] = '{73{0}},
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinEgressbuffer = 0,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0,
localparam top_racl_pkg::racl_range_t RaclPolicySelRangesEgressbuffer =
'{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinEgressbuffer},
localparam top_racl_pkg::racl_range_t RaclPolicySelRangesIngressbuffer =
'{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinIngressbuffer}
) (
input clk_i,
input rst_ni,
Expand Down Expand Up @@ -1687,7 +1691,8 @@ module spi_device
.ByteAccess (0),
.EnableRacl (EnableRacl),
.RaclErrorRsp (RaclErrorRsp),
.RaclPolicySelVec (RaclPolicySelWinEgressbuffer)
.RaclPolicySelNumRanges(1),
.RaclPolicySelRanges('{RaclPolicySelRangesEgressbuffer})
) u_tlul2sram_egress (
.clk_i,
.rst_ni,
Expand Down Expand Up @@ -1725,7 +1730,8 @@ module spi_device
.ByteAccess (0),
.EnableRacl (EnableRacl),
.RaclErrorRsp (RaclErrorRsp),
.RaclPolicySelVec (RaclPolicySelWinIngressbuffer)
.RaclPolicySelNumRanges(1),
.RaclPolicySelRanges('{RaclPolicySelRangesIngressbuffer})
) u_tlul2sram_ingress (
.clk_i,
.rst_ni,
Expand Down
7 changes: 5 additions & 2 deletions hw/ip/spi_host/rtl/spi_host_window.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@ module spi_host_window
parameter bit EnableRacl = 1'b0,
parameter bit RaclErrorRsp = 1'b1,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinRXDATA = 0,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0,
localparam top_racl_pkg::racl_range_t RaclPolicySelRangesTXDATA =
'{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinTXDATA}
) (
input clk_i,
input rst_ni,
Expand Down Expand Up @@ -97,7 +99,8 @@ module spi_host_window
.ErrOnRead(1),
.EnableRacl(EnableRacl),
.RaclErrorRsp(RaclErrorRsp),
.RaclPolicySelVec(RaclPolicySelWinTXDATA)
.RaclPolicySelNumRanges(1),
.RaclPolicySelRanges('{RaclPolicySelRangesTXDATA})
) u_adapter_tx (
.clk_i,
.rst_ni,
Expand Down
2 changes: 1 addition & 1 deletion hw/ip/sram_ctrl/data/sram_ctrl.hjson
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

bus_interfaces: [
{ protocol: "tlul", direction: "device", name: "regs", racl_support: true }
{ protocol: "tlul", direction: "device", name: "ram" },
{ protocol: "tlul", direction: "device", name: "ram" , racl_support: true }
],

///////////////////////////
Expand Down
31 changes: 24 additions & 7 deletions hw/ip/sram_ctrl/rtl/sram_ctrl.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ module sram_ctrl
parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault,
parameter bit EnableRacl = 1'b0,
parameter bit RaclErrorRsp = EnableRacl,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}}
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}},
parameter int unsigned RaclPolicySelRangesRamNum = 1,
parameter top_racl_pkg::racl_range_t RaclPolicySelRangesRam[RaclPolicySelRangesRamNum] = '{'0}
) (
// SRAM Clock
input logic clk_i,
Expand Down Expand Up @@ -90,6 +92,13 @@ module sram_ctrl

`ASSERT_INIT(NonceWidthsLessThanSource_A, NonceWidth + LfsrWidth <= otp_ctrl_pkg::SramNonceWidth)

logic racl_error_regs;
logic racl_error_ram;
top_racl_pkg::racl_error_log_t racl_error_regs_log;
top_racl_pkg::racl_error_log_t racl_error_ram_log;
// We are combining all racl errors here because only one of them can be set at any time.
assign racl_error_o = racl_error_regs | racl_error_ram;
assign racl_error_log_o = racl_error_regs_log | racl_error_ram_log;

/////////////////////////////////////
// Anchor incoming seeds and constants
Expand Down Expand Up @@ -137,8 +146,8 @@ module sram_ctrl
.hw2reg,
// RACL interface
.racl_policies_i ( racl_policies_i ),
.racl_error_o ( racl_error_o ),
.racl_error_log_o ( racl_error_log_o ),
.racl_error_o ( racl_error_regs ),
.racl_error_log_o ( racl_error_regs_log),
// SEC_CM: BUS.INTEGRITY
.intg_err_o ( bus_integ_error[0] )
);
Expand Down Expand Up @@ -492,7 +501,7 @@ module sram_ctrl
mubi4_t reg_readback_en;
assign reg_readback_en = mubi4_t'(reg2hw.readback.q);

tlul_adapter_sram #(
tlul_adapter_sram_racl #(
.SramAw(AddrWidth),
.SramDw(DataWidth - tlul_pkg::DataIntgWidth),
.Outstanding(2),
Expand All @@ -502,8 +511,12 @@ module sram_ctrl
.EnableDataIntgGen(0),
.EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
.SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
.EnableReadback (1) // SEC_CM: MEM.READBACK
) u_tlul_adapter_sram (
.EnableReadback (1), // SEC_CM: MEM.READBACK
.EnableRacl(EnableRacl),
.RaclErrorRsp(RaclErrorRsp),
.RaclPolicySelNumRanges(RaclPolicySelRangesRamNum),
.RaclPolicySelRanges(RaclPolicySelRangesRam)
) u_tlul_adapter_sram_racl (
.clk_i,
.rst_ni,
.tl_i (ram_tl_in_gated),
Expand All @@ -526,7 +539,11 @@ module sram_ctrl
.readback_en_i (reg_readback_en),
.readback_error_o (readback_error),
.wr_collision_i (sram_wr_collision),
.write_pending_i (sram_wpending)
.write_pending_i (sram_wpending),
// RACL interface
.racl_policies_i (racl_policies_i),
.racl_error_o (racl_error_ram),
.racl_error_log_o (racl_error_ram_log)
);

logic key_valid;
Expand Down
15 changes: 14 additions & 1 deletion hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,24 @@

`include "prim_assert.sv"

module sram_ctrl_ram_reg_top (
module sram_ctrl_ram_reg_top
# (
parameter bit EnableRacl = 1'b0,
parameter bit RaclErrorRsp = 1'b1,
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[sram_ctrl_reg_pkg::NumRegsRam] =
'{sram_ctrl_reg_pkg::NumRegsRam{0}}
) (
input clk_i,
input rst_ni,
input tlul_pkg::tl_h2d_t tl_i,
output tlul_pkg::tl_d2h_t tl_o,
// To HW

// RACL interface
input top_racl_pkg::racl_policy_vec_t racl_policies_i,
output logic racl_error_o,
output top_racl_pkg::racl_error_log_t racl_error_log_o,

// Integrity check errors
output logic intg_err_o
);
Expand All @@ -39,4 +50,6 @@ module sram_ctrl_ram_reg_top (
assign tl_o_pre = tl_reg_d2h;

// Unused signal tieoff
logic unused_policy_sel;
assign unused_policy_sel = ^racl_policies_i;
endmodule
29 changes: 25 additions & 4 deletions hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ module tlul_adapter_sram_racl
parameter bit DataXorAddr = 0, // 1: XOR data and address for address protection
parameter bit EnableRacl = 0, // 1: Enable RACL checks on access
parameter bit RaclErrorRsp = EnableRacl, // 1: Return TLUL error on RACL errors
parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec = 0, // RACL policy for this SRAM
// adapter
parameter int RaclPolicySelNumRanges = 1, // Number of ranges with a RACL policy
parameter top_racl_pkg::racl_range_t RaclPolicySelRanges [RaclPolicySelNumRanges] = '{'0},
localparam int WidthMult = SramDw / top_pkg::TL_DW,
localparam int IntgWidth = tlul_pkg::DataIntgWidth * WidthMult,
localparam int DataOutW = EnableDataIntgPt ? SramDw + IntgWidth : SramDw
Expand Down Expand Up @@ -98,12 +98,31 @@ module tlul_adapter_sram_racl
);

logic req, rd_req, wr_req, racl_read_allowed, racl_write_allowed;
logic [RaclPolicySelNumRanges-1:0] range_read_allowed;
logic [RaclPolicySelNumRanges-1:0] range_write_allowed;

for (genvar r = 0; r < RaclPolicySelNumRanges; r++) begin : gen_racl_range_check
top_racl_pkg::racl_range_t range;
top_racl_pkg::racl_policy_t policy;
logic range_match;
assign range = RaclPolicySelRanges[r];
assign policy = racl_policies_i[range.policy_sel];
// Asserts that a valid range is defined
`ASSERT(RaclAdapterSramNumRanges, range.mask > 0)
// Check if the address is within range
assign range_match = (tl_i.a_address & ~range.mask) == range.base;
// If address mataches, lookup permissions for policy defined for this range
assign range_read_allowed[r] = range_match & |(policy.read_perm & racl_role_vec);
assign range_write_allowed[r] = range_match & |(policy.write_perm & racl_role_vec);
end

assign racl_read_allowed = |range_read_allowed;
assign racl_write_allowed = |range_write_allowed;

assign req = tl_i.a_valid & tl_o.a_ready;
assign rd_req = req & (tl_i.a_opcode == tlul_pkg::Get);
assign wr_req = req & (tl_i.a_opcode == tlul_pkg::PutFullData |
tl_i.a_opcode == tlul_pkg::PutPartialData);
assign racl_read_allowed = (|(racl_policies_i[RaclPolicySelVec].read_perm & racl_role_vec));
assign racl_write_allowed = (|(racl_policies_i[RaclPolicySelVec].write_perm & racl_role_vec));
assign racl_error_o = (rd_req & ~racl_read_allowed) | (wr_req & ~racl_write_allowed);

tlul_request_loopback #(
Expand Down Expand Up @@ -174,6 +193,8 @@ module tlul_adapter_sram_racl
logic unused_policy_sel;
assign unused_policy_sel = ^racl_policies_i;

`ASSERT(RaclAdapterSramNumRanges, EnableRacl |-> RaclPolicySelNumRanges > 0)

// Ensure that RACL signals are not undefined
`ASSERT_KNOWN(RaclAdapterSramErrorKnown_A, racl_error_o)
`ASSERT_KNOWN(RaclAdapterSramErrorLogKnown_A, racl_error_log_o)
Expand Down

0 comments on commit a53c3ff

Please sign in to comment.