[racl,rtl,sram_ctrl,spi_host,spi_device] Enable RACL ranges for sram_ctrl

And implement ranges for tlul_adapter_sram_racl
and rewire parameters where it is already being used.

Signed-off-by: David Schrammel <[email protected]>

Author: davidschrammel

hw/ip/spi_device/rtl/spi_device.sv

@@ -16,7 +16,11 @@ module spi_device
   parameter bit                             RaclErrorRsp                  = EnableRacl,
   parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[73]          = '{73{0}},
   parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinEgressbuffer  = 0,
-  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0
+  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinIngressbuffer = 0,
+  localparam top_racl_pkg::racl_range_t RaclPolicySelRangesEgressbuffer =
+    '{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinEgressbuffer},
+  localparam top_racl_pkg::racl_range_t RaclPolicySelRangesIngressbuffer =
+    '{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinIngressbuffer}
 ) (
   input clk_i,
   input rst_ni,
@@ -1687,7 +1691,8 @@ module spi_device
     .ByteAccess       (0),
     .EnableRacl       (EnableRacl),
     .RaclErrorRsp     (RaclErrorRsp),
-    .RaclPolicySelVec (RaclPolicySelWinEgressbuffer)
+    .RaclPolicySelNumRanges(1),
+    .RaclPolicySelRanges('{RaclPolicySelRangesEgressbuffer})
   ) u_tlul2sram_egress (
     .clk_i,
     .rst_ni,
@@ -1725,7 +1730,8 @@ module spi_device
     .ByteAccess       (0),
     .EnableRacl       (EnableRacl),
     .RaclErrorRsp     (RaclErrorRsp),
-    .RaclPolicySelVec (RaclPolicySelWinIngressbuffer)
+    .RaclPolicySelNumRanges(1),
+    .RaclPolicySelRanges('{RaclPolicySelRangesIngressbuffer})
   ) u_tlul2sram_ingress (
     .clk_i,
     .rst_ni,

hw/ip/spi_host/rtl/spi_host_window.sv

@@ -10,7 +10,9 @@ module spi_host_window
   parameter bit                             EnableRacl             = 1'b0,
   parameter bit                             RaclErrorRsp           = 1'b1,
   parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinRXDATA = 0,
-  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0
+  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelWinTXDATA = 0,
+  localparam top_racl_pkg::racl_range_t RaclPolicySelRangesTXDATA =
+    '{base:'0,mask:{top_pkg::TL_AW{1'b1}},policy_sel:RaclPolicySelWinTXDATA}
 ) (
   input  clk_i,
   input  rst_ni,
@@ -97,7 +99,8 @@ module spi_host_window
     .ErrOnRead(1),
     .EnableRacl(EnableRacl),
     .RaclErrorRsp(RaclErrorRsp),
-    .RaclPolicySelVec(RaclPolicySelWinTXDATA)
+    .RaclPolicySelNumRanges(1),
+    .RaclPolicySelRanges('{RaclPolicySelRangesTXDATA})
   ) u_adapter_tx (
     .clk_i,
     .rst_ni,

hw/ip/sram_ctrl/data/sram_ctrl.hjson

@@ -29,7 +29,7 @@
 
   bus_interfaces: [
     { protocol: "tlul", direction: "device", name: "regs", racl_support: true }
-    { protocol: "tlul", direction: "device", name: "ram" },
+    { protocol: "tlul", direction: "device", name: "ram" , racl_support: true }
   ],
 
   ///////////////////////////

hw/ip/sram_ctrl/rtl/sram_ctrl.sv

@@ -31,7 +31,9 @@ module sram_ctrl
   parameter  lfsr_perm_t                RndCnstLfsrPerm  = RndCnstLfsrPermDefault,
   parameter bit                             EnableRacl              = 1'b0,
   parameter bit                             RaclErrorRsp            = EnableRacl,
-  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}}
+  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVecRegs[NumRegsRegs] = '{NumRegsRegs{0}},
+  parameter int unsigned RaclPolicySelRangesRamNum                  = 1,
+  parameter top_racl_pkg::racl_range_t RaclPolicySelRangesRam[RaclPolicySelRangesRamNum] = '{'0}
 ) (
   // SRAM Clock
   input  logic                                               clk_i,
@@ -90,6 +92,13 @@ module sram_ctrl
 
   `ASSERT_INIT(NonceWidthsLessThanSource_A, NonceWidth + LfsrWidth <= otp_ctrl_pkg::SramNonceWidth)
 
+  logic racl_error_regs;
+  logic racl_error_ram;
+  top_racl_pkg::racl_error_log_t racl_error_regs_log;
+  top_racl_pkg::racl_error_log_t racl_error_ram_log;
+  // We are combining all racl errors here because only one of them can be set at any time.
+  assign racl_error_o = racl_error_regs | racl_error_ram;
+  assign racl_error_log_o = racl_error_regs_log | racl_error_ram_log;
 
   /////////////////////////////////////
   // Anchor incoming seeds and constants
@@ -137,8 +146,8 @@ module sram_ctrl
     .hw2reg,
     // RACL interface
     .racl_policies_i  ( racl_policies_i    ),
-    .racl_error_o     ( racl_error_o       ),
-    .racl_error_log_o ( racl_error_log_o   ),
+    .racl_error_o     ( racl_error_regs    ),
+    .racl_error_log_o ( racl_error_regs_log),
     // SEC_CM: BUS.INTEGRITY
     .intg_err_o       ( bus_integ_error[0] )
    );
@@ -492,7 +501,7 @@ module sram_ctrl
   mubi4_t reg_readback_en;
   assign reg_readback_en = mubi4_t'(reg2hw.readback.q);
 
-  tlul_adapter_sram #(
+  tlul_adapter_sram_racl #(
     .SramAw(AddrWidth),
     .SramDw(DataWidth - tlul_pkg::DataIntgWidth),
     .Outstanding(2),
@@ -502,8 +511,12 @@ module sram_ctrl
     .EnableDataIntgGen(0),
     .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
     .SecFifoPtr      (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
-    .EnableReadback  (1)  // SEC_CM: MEM.READBACK
-  ) u_tlul_adapter_sram (
+    .EnableReadback  (1), // SEC_CM: MEM.READBACK
+    .EnableRacl(EnableRacl),
+    .RaclErrorRsp(RaclErrorRsp),
+    .RaclPolicySelNumRanges(RaclPolicySelRangesRamNum),
+    .RaclPolicySelRanges(RaclPolicySelRangesRam)
+  ) u_tlul_adapter_sram_racl (
     .clk_i,
     .rst_ni,
     .tl_i                       (ram_tl_in_gated),
@@ -526,7 +539,11 @@ module sram_ctrl
     .readback_en_i              (reg_readback_en),
     .readback_error_o           (readback_error),
     .wr_collision_i             (sram_wr_collision),
-    .write_pending_i            (sram_wpending)
+    .write_pending_i            (sram_wpending),
+    // RACL interface
+    .racl_policies_i            (racl_policies_i),
+    .racl_error_o               (racl_error_ram),
+    .racl_error_log_o           (racl_error_ram_log)
   );
 
   logic key_valid;

hw/ip/sram_ctrl/rtl/sram_ctrl_ram_reg_top.sv

@@ -6,13 +6,24 @@
 
 `include "prim_assert.sv"
 
-module sram_ctrl_ram_reg_top (
+module sram_ctrl_ram_reg_top
+  # (
+    parameter bit          EnableRacl           = 1'b0,
+    parameter bit          RaclErrorRsp         = 1'b1,
+    parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec[sram_ctrl_reg_pkg::NumRegsRam] =
+      '{sram_ctrl_reg_pkg::NumRegsRam{0}}
+  ) (
   input clk_i,
   input rst_ni,
   input  tlul_pkg::tl_h2d_t tl_i,
   output tlul_pkg::tl_d2h_t tl_o,
   // To HW
 
+  // RACL interface
+  input  top_racl_pkg::racl_policy_vec_t racl_policies_i,
+  output logic                           racl_error_o,
+  output top_racl_pkg::racl_error_log_t  racl_error_log_o,
+
   // Integrity check errors
   output logic intg_err_o
 );
@@ -39,4 +50,6 @@ module sram_ctrl_ram_reg_top (
   assign tl_o_pre   = tl_reg_d2h;
 
   // Unused signal tieoff
+  logic unused_policy_sel;
+  assign unused_policy_sel = ^racl_policies_i;
 endmodule

hw/ip/tlul/rtl/tlul_adapter_sram_racl.sv

@@ -41,8 +41,8 @@ module tlul_adapter_sram_racl
   parameter bit DataXorAddr       = 0,          // 1: XOR data and address for address protection
   parameter bit EnableRacl        = 0,          // 1: Enable RACL checks on access
   parameter bit RaclErrorRsp      = EnableRacl, // 1: Return TLUL error on RACL errors
-  parameter top_racl_pkg::racl_policy_sel_t RaclPolicySelVec = 0, // RACL policy for this SRAM
-                                                                  // adapter
+  parameter int RaclPolicySelNumRanges = 1,     // Number of ranges with a RACL policy
+  parameter top_racl_pkg::racl_range_t RaclPolicySelRanges [RaclPolicySelNumRanges] = '{'0},
   localparam int WidthMult        = SramDw / top_pkg::TL_DW,
   localparam int IntgWidth        = tlul_pkg::DataIntgWidth * WidthMult,
   localparam int DataOutW         = EnableDataIntgPt ? SramDw + IntgWidth : SramDw
@@ -98,12 +98,31 @@ module tlul_adapter_sram_racl
     );
 
     logic req, rd_req, wr_req, racl_read_allowed, racl_write_allowed;
+    logic [RaclPolicySelNumRanges-1:0] range_read_allowed;
+    logic [RaclPolicySelNumRanges-1:0] range_write_allowed;
+
+    for (genvar r = 0; r < RaclPolicySelNumRanges; r++) begin : gen_racl_range_check
+      top_racl_pkg::racl_range_t range;
+      top_racl_pkg::racl_policy_t policy;
+      logic range_match;
+      assign range = RaclPolicySelRanges[r];
+      assign policy = racl_policies_i[range.policy_sel];
+      // Asserts that a valid range is defined
+      `ASSERT(RaclAdapterSramNumRanges, range.mask > 0)
+      // Check if the address is within range
+      assign range_match = (tl_i.a_address & ~range.mask) == range.base;
+      // If address mataches, lookup permissions for policy defined for this range
+      assign range_read_allowed[r]  = range_match & |(policy.read_perm  & racl_role_vec);
+      assign range_write_allowed[r] = range_match & |(policy.write_perm & racl_role_vec);
+    end
+
+    assign racl_read_allowed  = |range_read_allowed;
+    assign racl_write_allowed = |range_write_allowed;
+
     assign req                = tl_i.a_valid & tl_o.a_ready;
     assign rd_req             = req & (tl_i.a_opcode == tlul_pkg::Get);
     assign wr_req             = req & (tl_i.a_opcode == tlul_pkg::PutFullData |
                                        tl_i.a_opcode == tlul_pkg::PutPartialData);
-    assign racl_read_allowed  = (|(racl_policies_i[RaclPolicySelVec].read_perm  & racl_role_vec));
-    assign racl_write_allowed = (|(racl_policies_i[RaclPolicySelVec].write_perm & racl_role_vec));
     assign racl_error_o       = (rd_req & ~racl_read_allowed) | (wr_req & ~racl_write_allowed);
 
     tlul_request_loopback #(
@@ -174,6 +193,8 @@ module tlul_adapter_sram_racl
   logic unused_policy_sel;
   assign unused_policy_sel = ^racl_policies_i;
 
+  `ASSERT(RaclAdapterSramNumRanges, EnableRacl |-> RaclPolicySelNumRanges > 0)
+
   // Ensure that RACL signals are not undefined
   `ASSERT_KNOWN(RaclAdapterSramErrorKnown_A, racl_error_o)
   `ASSERT_KNOWN(RaclAdapterSramErrorLogKnown_A, racl_error_log_o)