github-mirrors/cve2
1
0
Fork 0
mirror of https://github.com/openhwgroup/cve2.git synced 2025-04-22 13:07:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[rtl, doc] Seperate major alert into internal and bus

Browse source 
This is to allow more consistent signalling in systems that integrate
Ibex (e.g. OpenTitan) so bus integrity errors external to Ibex and one's
detected within Ibex can be fed into the same alert whilst seperating
out Ibex's various internal alert causes.
This commit is contained in:
Greg Chadwick 2022-02-17 13:50:08 +00:00 committed by Greg Chadwick
parent e84e7de53f
commit 9943f9a42c
9 changed files with 335 additions and 303 deletions
Download patch file Download diff file Expand all files Collapse all files

198
doc/02_user/integration.rst
View file

@ -36,54 +36,55 @@ Instantiation Template
.DmExceptionAddr ( 32'h1A110808 )
) u_top (
// Clock and reset
.clk_i (),
.rst_ni (),
.test_en_i (),
.scan_rst_ni (),
.ram_cfg_i (),
.clk_i (),
.rst_ni (),
.test_en_i (),
.scan_rst_ni (),
.ram_cfg_i (),
// Configuration
.hart_id_i (),
.boot_addr_i (),
.hart_id_i (),
.boot_addr_i (),
// Instruction memory interface
.instr_req_o (),
.instr_gnt_i (),
.instr_rvalid_i (),
.instr_addr_o (),
.instr_rdata_i (),
.instr_rdata_intg_i (),
.instr_err_i (),
.instr_req_o (),
.instr_gnt_i (),
.instr_rvalid_i (),
.instr_addr_o (),
.instr_rdata_i (),
.instr_rdata_intg_i (),
.instr_err_i (),
// Data memory interface
.data_req_o (),
.data_gnt_i (),
.data_rvalid_i (),
.data_we_o (),
.data_be_o (),
.data_addr_o (),
.data_wdata_o (),
.data_wdata_intg_o (),
.data_rdata_i (),
.data_rdata_intg_i (),
.data_err_i (),
.data_req_o (),
.data_gnt_i (),
.data_rvalid_i (),
.data_we_o (),
.data_be_o (),
.data_addr_o (),
.data_wdata_o (),
.data_wdata_intg_o (),
.data_rdata_i (),
.data_rdata_intg_i (),
.data_err_i (),
// Interrupt inputs
.irq_software_i (),
.irq_timer_i (),
.irq_external_i (),
.irq_fast_i (),
.irq_nm_i (),
.irq_software_i (),
.irq_timer_i (),
.irq_external_i (),
.irq_fast_i (),
.irq_nm_i (),
// Debug interface
.debug_req_i (),
.crash_dump_o (),
.debug_req_i (),
.crash_dump_o (),
// Special control signals
.fetch_enable_i (),
.alert_minor_o (),
.alert_major_o (),
.core_sleep_o ()
.fetch_enable_i (),
.alert_minor_o (),
.alert_major_internal_o (),
.alert_major_bus_o (),
.core_sleep_o ()
);
Parameters
@ -169,62 +170,69 @@ This is well supported by most tools but some care is needed when overriding the
Interfaces
----------
+-------------------------+-------------------------+-----+----------------------------------------+
| Signal(s) | Width | Dir | Description |
+=========================+=========================+=====+========================================+
| ``clk_i`` | 1 | in | Clock signal |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``rst_ni`` | 1 | in | Active-low asynchronous reset |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``test_en_i`` | 1 | in | Test input, enables clock and allows |
| | | | test control of reset. |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``scan_rst_ni`` | 1 | in | Test controlled reset. If DFT not |
| | | | used, tie off to 1. |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``ram_cfg_i`` | 10 | in | RAM configuration inputs, routed to |
| | | | the icache RAMs |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``hart_id_i`` | 32 | in | Hart ID, usually static, can be read |
| | | | from :ref:`csr-mhartid` CSR |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``boot_addr_i`` | 32 | in | First program counter after reset |
| | | | = ``boot_addr_i`` + 0x80, |
| | | | see :ref:`exceptions-interrupts` |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``instr_*`` | Instruction fetch interface, see :ref:`instruction-fetch` |
+-------------------------+------------------------------------------------------------------------+
| ``data_*`` | Load-store unit interface, see :ref:`load-store-unit` |
+-------------------------+------------------------------------------------------------------------+
| ``irq_*`` | Interrupt inputs, see :ref:`exceptions-interrupts` |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``scramble_*`` | Scrambling key interface, see :ref:`icache` |
+-------------------------+------------------------------------------------------------------------+
| ``debug_*`` | Debug interface, see :ref:`debug-support` |
+-------------------------+------------------------------------------------------------------------+
| ``crash_dump_o`` | A set of signals that can be captured on reset to aid crash debugging. |
+-------------------------+------------------------------------------------------------------------+
| ``double_fault_seen_o`` | A double fault was observed, see :ref:`double-fault-detect` |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``fetch_enable_i`` | 1 | in | Allow the core to fetch instructions. |
| | | | If this bit is set low, the core will |
| | | | pause fetching new instructions. |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``core_sleep_o`` | 1 | out | Core in WFI with no outstanding data |
| | | | or instruction accesses. Deasserts |
| | | | if an external event (interrupt or |
| | | | debug req) wakes the core up |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``alert_minor_o`` | 1 | out | Core has detected a fault which it can |
| | | | safely recover from. Can be used by a |
| | | | system to log errors over time and |
| | | | detect tampering / attack. This signal |
| | | | is a pulse, one cycle per alert. |
+-------------------------+-------------------------+-----+----------------------------------------+
| ``alert_major_o`` | 1 | out | Core has detected a fault which cannot |
| | | | be recovered from. Can be used by a |
| | | | system to reset the core and possibly |
| | | | take other remedial action. This |
| | | | signal is a pulse, but might be set |
| | | | for multiple cycles per alert. |
+-------------------------+-------------------------+-----+----------------------------------------+
+----------------------------+-------------------------+-----+----------------------------------------+
| Signal(s) | Width | Dir | Description |
+============================+=========================+=====+========================================+
| ``clk_i`` | 1 | in | Clock signal |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``rst_ni`` | 1 | in | Active-low asynchronous reset |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``test_en_i`` | 1 | in | Test input, enables clock and allows |
| | | | test control of reset. |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``scan_rst_ni`` | 1 | in | Test controlled reset. If DFT not |
| | | | used, tie off to 1. |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``ram_cfg_i`` | 10 | in | RAM configuration inputs, routed to |
| | | | the icache RAMs |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``hart_id_i`` | 32 | in | Hart ID, usually static, can be read |
| | | | from :ref:`csr-mhartid` CSR |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``boot_addr_i`` | 32 | in | First program counter after reset |
| | | | = ``boot_addr_i`` + 0x80, |
| | | | see :ref:`exceptions-interrupts` |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``instr_*`` | Instruction fetch interface, see :ref:`instruction-fetch` |
+----------------------------+------------------------------------------------------------------------+
| ``data_*`` | Load-store unit interface, see :ref:`load-store-unit` |
+----------------------------+------------------------------------------------------------------------+
| ``irq_*`` | Interrupt inputs, see :ref:`exceptions-interrupts` |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``scramble_*`` | Scrambling key interface, see :ref:`icache` |
+----------------------------+------------------------------------------------------------------------+
| ``debug_*`` | Debug interface, see :ref:`debug-support` |
+----------------------------+------------------------------------------------------------------------+
| ``crash_dump_o`` | A set of signals that can be captured on reset to aid crash debugging. |
+----------------------------+------------------------------------------------------------------------+
| ``double_fault_seen_o`` | A double fault was observed, see :ref:`double-fault-detect` |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``fetch_enable_i`` | 1 | in | Allow the core to fetch instructions. |
| | | | If this bit is set low, the core will |
| | | | pause fetching new instructions. |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``core_sleep_o`` | 1 | out | Core in WFI with no outstanding data |
| | | | or instruction accesses. Deasserts |
| | | | if an external event (interrupt or |
| | | | debug req) wakes the core up |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``alert_minor_o`` | 1 | out | Core has detected a fault which it can |
| | | | safely recover from. Can be used by a |
| | | | system to log errors over time and |
| | | | detect tampering / attack. This signal |
| | | | is a pulse, one cycle per alert. |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``alert_major_internal_o`` | 1 | out | Core has detected an internal fault |
| | | | which cannot be recovered from. Can be |
| | | | used by a system to reset the core and |
| | | | possibly take other remedial action. |
| | | | This signal is a pulse, but might be |
| | | | set for multiple cycles per alert. |
+----------------------------+-------------------------+-----+----------------------------------------+
| ``alert_major_bus_o`` | 1 | out | Core has detected a bus fault |
| | | | which cannot be recovered from. Can be |
| | | | used by a system to reset the core and |
| | | | possibly take other remedial action. |
| | | | This signal is a pulse, but might be |
| | | | set for multiple cycles per alert. |
+----------------------------+-------------------------+-----+----------------------------------------+

15
doc/03_reference/security.rst
View file

@ -9,8 +9,9 @@ All features are runtime configurable via bits in the **cpuctrl** custom CSR.
Outputs
-------
Ibex has two alert outputs for signalling security issues.
The major alert (**alert_major_o**) indicates a critical security issue from which the core cannot recover.
Ibex has three alert outputs for signalling security issues.
The internal major alert (**alert_major_internal_o**) indicates a critical security issue from which the core cannot recover which was detected internally in `ibex_top`.
The bus major alert (**alert_major_internal_o**) indicates a critical security issue from which the core cannot recover which was detected on incoming bus data.
The minor alert (**alert_minor_o**) indicates potential security issues which can be monitored over time by a system.
Data Independent Timing
@ -65,7 +66,7 @@ Bus integrity checking
----------------------
Extra signals are available alongside the instruction and data side memory channels to support bus integrity checking.
When the SecureIbex parameter is set, incoming data will be checked against the supplied checkbits, and a major alert signalled if there is a mismatch.
When the SecureIbex parameter is set, incoming data will be checked against the supplied checkbits, and a bus major alert signalled if there is a mismatch.
Write data can be checked against the supplied checkbits at its destination to confirm integrity.
Register file ECC
@ -73,7 +74,7 @@ Register file ECC
When Ibex is configured with the SecureIbex parameter, ECC checking is added to all reads of the register file.
This can be useful to detect fault injection attacks since the register file covers a reasonably large area.
No attempt is made to correct detected errors, but an external alert is raised for the system to take action.
No attempt is made to correct detected errors, but an internal major alert is signaled for the system to take action.
Hardened PC
-----------
@ -81,14 +82,14 @@ Hardened PC
This adds a check that the PC driven from the IF stage has not been modified.
A check is asserted that the current IF stage PC equals the previous PC plus the correct increment.
The check is disabled after branches and after reset.
If a mismatch is detected, a major alert is signaled.
If a mismatch is detected, an internal major alert is signaled.
Shadow CSRs
-----------
Certain critical CSRs (`mstatus`, `mtvec`, `cpuctrl`, `pmpcfg` and `pmpaddr`) have extra glitch detection enabled.
This creates a second copy of the register which stores a complemented version of the main CSR data.
A constant check is made that the two copies are consistent, and a major alert is signalled if not.
A constant check is made that the two copies are consistent, and an internal major alert is signalled if not.
Note that this feature is not currently used when the SecureIbex parameter is set due to overlap with dual core lockstep.
Dual core lockstep
@ -97,6 +98,6 @@ Dual core lockstep
This configuration option instantiates a second copy of the core logic, referred to as the shadow core.
The shadow core executes using a delayed version of all inputs supplied to the main core.
All outputs of the shadow core are compared against a delayed version of the outputs of the main core.
Any mismatch between the two sets of outputs will trigger a major alert.
Any mismatch between the two sets of outputs will trigger an internal major alert.
Note that the register file and icache RAMs are not duplicated since these units are covered by ECC protection.

83
dv/riscv_compliance/rtl/ibex_riscv_compliance.sv
View file

@ -131,56 +131,57 @@ module ibex_riscv_compliance (
.DmHaltAddr (32'h00000000 ),
.DmExceptionAddr (32'h00000000 )
) u_top (
.clk_i (clk_sys ),
.rst_ni (rst_sys_n ),
.clk_i (clk_sys ),
.rst_ni (rst_sys_n ),
.test_en_i ('b0 ),
.scan_rst_ni (1'b1 ),
.ram_cfg_i ('b0 ),
.test_en_i ('b0 ),
.scan_rst_ni (1'b1 ),
.ram_cfg_i ('b0 ),
.hart_id_i (32'b0 ),
.hart_id_i (32'b0 ),
// First instruction executed is at 0x0 + 0x80
.boot_addr_i (32'h00000000 ),
.boot_addr_i (32'h00000000 ),
.instr_req_o (host_req[CoreI] ),
.instr_gnt_i (host_gnt[CoreI] ),
.instr_rvalid_i (host_rvalid[CoreI]),
.instr_addr_o (host_addr[CoreI] ),
.instr_rdata_i (host_rdata[CoreI] ),
.instr_rdata_intg_i ('0 ),
.instr_err_i (host_err[CoreI] ),
.instr_req_o (host_req[CoreI] ),
.instr_gnt_i (host_gnt[CoreI] ),
.instr_rvalid_i (host_rvalid[CoreI]),
.instr_addr_o (host_addr[CoreI] ),
.instr_rdata_i (host_rdata[CoreI] ),
.instr_rdata_intg_i ('0 ),
.instr_err_i (host_err[CoreI] ),
.data_req_o (host_req[CoreD] ),
.data_gnt_i (host_gnt[CoreD] ),
.data_rvalid_i (host_rvalid[CoreD]),
.data_we_o (host_we[CoreD] ),
.data_be_o (host_be[CoreD] ),
.data_addr_o (host_addr[CoreD] ),
.data_wdata_o (host_wdata[CoreD] ),
.data_wdata_intg_o ( ),
.data_rdata_i (host_rdata[CoreD] ),
.data_rdata_intg_i ('0 ),
.data_err_i (host_err[CoreD] ),
.data_req_o (host_req[CoreD] ),
.data_gnt_i (host_gnt[CoreD] ),
.data_rvalid_i (host_rvalid[CoreD]),
.data_we_o (host_we[CoreD] ),
.data_be_o (host_be[CoreD] ),
.data_addr_o (host_addr[CoreD] ),
.data_wdata_o (host_wdata[CoreD] ),
.data_wdata_intg_o ( ),
.data_rdata_i (host_rdata[CoreD] ),
.data_rdata_intg_i ('0 ),
.data_err_i (host_err[CoreD] ),
.irq_software_i (1'b0 ),
.irq_timer_i (1'b0 ),
.irq_external_i (1'b0 ),
.irq_fast_i (15'b0 ),
.irq_nm_i (1'b0 ),
.irq_software_i (1'b0 ),
.irq_timer_i (1'b0 ),
.irq_external_i (1'b0 ),
.irq_fast_i (15'b0 ),
.irq_nm_i (1'b0 ),
.scramble_key_valid_i ('0 ),
.scramble_key_i ('0 ),
.scramble_nonce_i ('0 ),
.scramble_req_o ( ),
.scramble_key_valid_i ('0 ),
.scramble_key_i ('0 ),
.scramble_nonce_i ('0 ),
.scramble_req_o ( ),
.debug_req_i ('b0 ),
.crash_dump_o ( ),
.double_fault_seen_o ( ),
.debug_req_i ('b0 ),
.crash_dump_o ( ),
.double_fault_seen_o ( ),
.fetch_enable_i ('b1 ),
.alert_minor_o ( ),
.alert_major_o ( ),
.core_sleep_o ( )
.fetch_enable_i ('b1 ),
.alert_minor_o ( ),
.alert_major_internal_o ( ),
.alert_major_bus_o ( ),
.core_sleep_o ( )
);
// SRAM block for instruction and data storage

6
dv/uvm/core_ibex/env/core_ibex_dut_probe_if.sv vendored
View file

@ -14,7 +14,8 @@ interface core_ibex_dut_probe_if(input logic clk);
logic fetch_enable;
logic core_sleep;
logic alert_minor;
logic alert_major;
logic alert_major_internal;
logic alert_major_bus;
logic debug_req;
ibex_pkg::priv_lvl_e priv_mode;
@ -30,7 +31,8 @@ interface core_ibex_dut_probe_if(input logic clk);
input mret;
input core_sleep;
input alert_minor;
input alert_major;
input alert_major_internal;
input alert_major_bus;
input priv_mode;
endclocking

86
dv/uvm/core_ibex/tb/core_ibex_tb_top.sv
View file

@ -84,59 +84,61 @@ module core_ibex_tb_top;
.ICacheScramble (ICacheScramble ),
.BranchPredictor (BranchPredictor )
) dut (
.clk_i (clk ),
.rst_ni (rst_n ),
.clk_i (clk ),
.rst_ni (rst_n ),
.test_en_i (1'b0 ),
.scan_rst_ni (1'b1 ),
.ram_cfg_i ('b0 ),
.test_en_i (1'b0 ),
.scan_rst_ni (1'b1 ),
.ram_cfg_i ('b0 ),
.hart_id_i (32'b0 ),
.boot_addr_i (32'h`BOOT_ADDR ), // align with spike boot address
.hart_id_i (32'b0 ),
.boot_addr_i (32'h`BOOT_ADDR ), // align with spike boot address
.instr_req_o (instr_mem_vif.request ),
.instr_gnt_i (instr_mem_vif.grant ),
.instr_rvalid_i (instr_mem_vif.rvalid ),
.instr_addr_o (instr_mem_vif.addr ),
.instr_rdata_i (instr_mem_vif.rdata ),
.instr_rdata_intg_i (instr_mem_vif.rintg ),
.instr_err_i (instr_mem_vif.error ),
.instr_req_o (instr_mem_vif.request ),
.instr_gnt_i (instr_mem_vif.grant ),
.instr_rvalid_i (instr_mem_vif.rvalid ),
.instr_addr_o (instr_mem_vif.addr ),
.instr_rdata_i (instr_mem_vif.rdata ),
.instr_rdata_intg_i (instr_mem_vif.rintg ),
.instr_err_i (instr_mem_vif.error ),
.data_req_o (data_mem_vif.request ),
.data_gnt_i (data_mem_vif.grant ),
.data_rvalid_i (data_mem_vif.rvalid ),
.data_addr_o (data_mem_vif.addr ),
.data_we_o (data_mem_vif.we ),
.data_be_o (data_mem_vif.be ),
.data_rdata_i (data_mem_vif.rdata ),
.data_rdata_intg_i (data_mem_vif.rintg ),
.data_wdata_o (data_mem_vif.wdata ),
.data_wdata_intg_o (data_mem_vif.wintg ),
.data_err_i (data_mem_vif.error ),
.data_req_o (data_mem_vif.request ),
.data_gnt_i (data_mem_vif.grant ),
.data_rvalid_i (data_mem_vif.rvalid ),
.data_addr_o (data_mem_vif.addr ),
.data_we_o (data_mem_vif.we ),
.data_be_o (data_mem_vif.be ),
.data_rdata_i (data_mem_vif.rdata ),
.data_rdata_intg_i (data_mem_vif.rintg ),
.data_wdata_o (data_mem_vif.wdata ),
.data_wdata_intg_o (data_mem_vif.wintg ),
.data_err_i (data_mem_vif.error ),
.irq_software_i (irq_vif.irq_software ),
.irq_timer_i (irq_vif.irq_timer ),
.irq_external_i (irq_vif.irq_external ),
.irq_fast_i (irq_vif.irq_fast ),
.irq_nm_i (irq_vif.irq_nm ),
.irq_software_i (irq_vif.irq_software ),
.irq_timer_i (irq_vif.irq_timer ),
.irq_external_i (irq_vif.irq_external ),
.irq_fast_i (irq_vif.irq_fast ),
.irq_nm_i (irq_vif.irq_nm ),
.scramble_key_valid_i ('0 ),
.scramble_key_i ('0 ),
.scramble_nonce_i ('0 ),
.scramble_req_o ( ),
.scramble_key_valid_i ('0 ),
.scramble_key_i ('0 ),
.scramble_nonce_i ('0 ),
.scramble_req_o ( ),
.debug_req_i (dut_if.debug_req ),
.crash_dump_o ( ),
.double_fault_seen_o ( ),
.debug_req_i (dut_if.debug_req ),
.crash_dump_o ( ),
.double_fault_seen_o ( ),
.fetch_enable_i (dut_if.fetch_enable ),
.alert_minor_o (dut_if.alert_minor ),
.alert_major_o (dut_if.alert_major ),
.core_sleep_o (dut_if.core_sleep )
.fetch_enable_i (dut_if.fetch_enable ),
.alert_minor_o (dut_if.alert_minor ),
.alert_major_internal_o (dut_if.alert_major_internal),
.alert_major_bus_o (dut_if.alert_major_bus ),
.core_sleep_o (dut_if.core_sleep )
);
// We should never see any alerts triggered in normal testing
`ASSERT(NoAlertsTriggered, !dut_if.alert_minor && !dut_if.alert_major, clk, !rst_n)
`ASSERT(NoAlertsTriggered,
!dut_if.alert_minor && !dut_if.alert_major_internal && !dut_if.alert_major_bus, clk, !rst_n)
// Data load/store vif connection
assign data_mem_vif.reset = ~rst_n;

83
examples/simple_system/rtl/ibex_simple_system.sv
View file

@ -181,56 +181,57 @@ module ibex_simple_system (
.DmHaltAddr ( 32'h00100000 ),
.DmExceptionAddr ( 32'h00100000 )
) u_top (
.clk_i (clk_sys),
.rst_ni (rst_sys_n),
.clk_i (clk_sys),
.rst_ni (rst_sys_n),
.test_en_i ('b0),
.scan_rst_ni (1'b1),
.ram_cfg_i ('b0),
.test_en_i ('b0),
.scan_rst_ni (1'b1),
.ram_cfg_i ('b0),
.hart_id_i (32'b0),
.hart_id_i (32'b0),
// First instruction executed is at 0x0 + 0x80
.boot_addr_i (32'h00100000),
.boot_addr_i (32'h00100000),
.instr_req_o (instr_req),
.instr_gnt_i (instr_gnt),
.instr_rvalid_i (instr_rvalid),
.instr_addr_o (instr_addr),
.instr_rdata_i (instr_rdata),
.instr_rdata_intg_i ('0),
.instr_err_i (instr_err),
.instr_req_o (instr_req),
.instr_gnt_i (instr_gnt),
.instr_rvalid_i (instr_rvalid),
.instr_addr_o (instr_addr),
.instr_rdata_i (instr_rdata),
.instr_rdata_intg_i ('0),
.instr_err_i (instr_err),
.data_req_o (host_req[CoreD]),
.data_gnt_i (host_gnt[CoreD]),
.data_rvalid_i (host_rvalid[CoreD]),
.data_we_o (host_we[CoreD]),
.data_be_o (host_be[CoreD]),
.data_addr_o (host_addr[CoreD]),
.data_wdata_o (host_wdata[CoreD]),
.data_wdata_intg_o (),
.data_rdata_i (host_rdata[CoreD]),
.data_rdata_intg_i ('0),
.data_err_i (host_err[CoreD]),
.data_req_o (host_req[CoreD]),
.data_gnt_i (host_gnt[CoreD]),
.data_rvalid_i (host_rvalid[CoreD]),
.data_we_o (host_we[CoreD]),
.data_be_o (host_be[CoreD]),
.data_addr_o (host_addr[CoreD]),
.data_wdata_o (host_wdata[CoreD]),
.data_wdata_intg_o (),
.data_rdata_i (host_rdata[CoreD]),
.data_rdata_intg_i ('0),
.data_err_i (host_err[CoreD]),
.irq_software_i (1'b0),
.irq_timer_i (timer_irq),
.irq_external_i (1'b0),
.irq_fast_i (15'b0),
.irq_nm_i (1'b0),
.irq_software_i (1'b0),
.irq_timer_i (timer_irq),
.irq_external_i (1'b0),
.irq_fast_i (15'b0),
.irq_nm_i (1'b0),
.scramble_key_valid_i ('0),
.scramble_key_i ('0),
.scramble_nonce_i ('0),
.scramble_req_o (),
.scramble_key_valid_i ('0),
.scramble_key_i ('0),
.scramble_nonce_i ('0),
.scramble_req_o (),
.debug_req_i ('b0),
.crash_dump_o (),
.double_fault_seen_o (),
.debug_req_i ('b0),
.crash_dump_o (),
.double_fault_seen_o (),
.fetch_enable_i ('b1),
.alert_minor_o (),
.alert_major_o (),
.core_sleep_o ()
.fetch_enable_i ('b1),
.alert_minor_o (),
.alert_major_internal_o (),
.alert_major_bus_o (),
.core_sleep_o ()
);
// SRAM block for instruction and data storage

10
rtl/ibex_lockstep.sv
View file

@ -96,7 +96,8 @@ module ibex_lockstep import ibex_pkg::*; #(
input logic fetch_enable_i,
output logic alert_minor_o,
output logic alert_major_o,
output logic alert_major_internal_o,
output logic alert_major_bus_o,
input logic icache_inval_i,
input logic core_busy_i,
input logic test_en_i,
@ -479,8 +480,9 @@ module ibex_lockstep import ibex_pkg::*; #(
logic outputs_mismatch;
assign outputs_mismatch = enable_cmp_q & (shadow_outputs_q != core_outputs_q[0]);
assign alert_major_o = outputs_mismatch | shadow_alert_major | bus_intg_err;
assign alert_minor_o = shadow_alert_minor;
assign outputs_mismatch = enable_cmp_q & (shadow_outputs_q != core_outputs_q[0]);
assign alert_major_internal_o = outputs_mismatch | shadow_alert_major;
assign alert_major_bus_o = bus_intg_err;
assign alert_minor_o = shadow_alert_minor;
endmodule

151
rtl/ibex_top.sv
View file

@ -125,7 +125,8 @@ module ibex_top import ibex_pkg::*; #(
// CPU Control Signals
input logic fetch_enable_i,
output logic alert_minor_o,
output logic alert_major_o,
output logic alert_major_internal_o,
output logic alert_major_bus_o,
output logic core_sleep_o,
// DFT bypass controls
@ -172,7 +173,8 @@ module ibex_top import ibex_pkg::*; #(
logic [LineSizeECC-1:0] ic_data_rdata [IC_NUM_WAYS];
// Alert signals
logic core_alert_major, core_alert_minor;
logic lockstep_alert_major, lockstep_alert_minor;
logic lockstep_alert_major_internal, lockstep_alert_major_bus;
logic lockstep_alert_minor;
// Scramble signals
logic icache_inval;
logic [SCRAMBLE_KEY_W-1:0] scramble_key_q;
@ -780,7 +782,9 @@ module ibex_top import ibex_pkg::*; #(
);
end
logic lockstep_alert_minor_local, lockstep_alert_major_local;
logic lockstep_alert_minor_local, lockstep_alert_major_internal_local;
logic lockstep_alert_major_bus_local;
ibex_lockstep #(
.PMPEnable (PMPEnable),
.PMPGranularity (PMPGranularity),
@ -810,71 +814,72 @@ module ibex_top import ibex_pkg::*; #(
.DmHaltAddr (DmHaltAddr),
.DmExceptionAddr (DmExceptionAddr)
) u_ibex_lockstep (
.clk_i (clk),
.rst_ni (rst_ni),
.clk_i (clk),
.rst_ni (rst_ni),
.hart_id_i (hart_id_local),
.boot_addr_i (boot_addr_local),
.hart_id_i (hart_id_local),
.boot_addr_i (boot_addr_local),
.instr_req_i (instr_req_local),
.instr_gnt_i (instr_gnt_local),
.instr_rvalid_i (instr_rvalid_local),
.instr_addr_i (instr_addr_local),
.instr_rdata_i (instr_rdata_local),
.instr_rdata_intg_i (instr_rdata_intg_local),
.instr_err_i (instr_err_local),
.instr_req_i (instr_req_local),
.instr_gnt_i (instr_gnt_local),
.instr_rvalid_i (instr_rvalid_local),
.instr_addr_i (instr_addr_local),
.instr_rdata_i (instr_rdata_local),
.instr_rdata_intg_i (instr_rdata_intg_local),
.instr_err_i (instr_err_local),
.data_req_i (data_req_local),
.data_gnt_i (data_gnt_local),
.data_rvalid_i (data_rvalid_local),
.data_we_i (data_we_local),
.data_be_i (data_be_local),
.data_addr_i (data_addr_local),
.data_wdata_i (data_wdata_local),
.data_wdata_intg_o (data_wdata_intg_local),
.data_rdata_i (data_rdata_local),
.data_rdata_intg_i (data_rdata_intg_local),
.data_err_i (data_err_local),
.data_req_i (data_req_local),
.data_gnt_i (data_gnt_local),
.data_rvalid_i (data_rvalid_local),
.data_we_i (data_we_local),
.data_be_i (data_be_local),
.data_addr_i (data_addr_local),
.data_wdata_i (data_wdata_local),
.data_wdata_intg_o (data_wdata_intg_local),
.data_rdata_i (data_rdata_local),
.data_rdata_intg_i (data_rdata_intg_local),
.data_err_i (data_err_local),
.dummy_instr_id_i (dummy_instr_id_local),
.rf_raddr_a_i (rf_raddr_a_local),
.rf_raddr_b_i (rf_raddr_b_local),
.rf_waddr_wb_i (rf_waddr_wb_local),
.rf_we_wb_i (rf_we_wb_local),
.rf_wdata_wb_ecc_i (rf_wdata_wb_ecc_local),
.rf_rdata_a_ecc_i (rf_rdata_a_ecc_local),
.rf_rdata_b_ecc_i (rf_rdata_b_ecc_local),
.dummy_instr_id_i (dummy_instr_id_local),
.rf_raddr_a_i (rf_raddr_a_local),
.rf_raddr_b_i (rf_raddr_b_local),
.rf_waddr_wb_i (rf_waddr_wb_local),
.rf_we_wb_i (rf_we_wb_local),
.rf_wdata_wb_ecc_i (rf_wdata_wb_ecc_local),
.rf_rdata_a_ecc_i (rf_rdata_a_ecc_local),
.rf_rdata_b_ecc_i (rf_rdata_b_ecc_local),
.ic_tag_req_i (ic_tag_req_local),
.ic_tag_write_i (ic_tag_write_local),
.ic_tag_addr_i (ic_tag_addr_local),
.ic_tag_wdata_i (ic_tag_wdata_local),
.ic_tag_rdata_i (ic_tag_rdata_local),
.ic_data_req_i (ic_data_req_local),
.ic_data_write_i (ic_data_write_local),
.ic_data_addr_i (ic_data_addr_local),
.ic_data_wdata_i (ic_data_wdata_local),
.ic_data_rdata_i (ic_data_rdata_local),
.ic_scr_key_valid_i (scramble_key_valid_local),
.ic_tag_req_i (ic_tag_req_local),
.ic_tag_write_i (ic_tag_write_local),
.ic_tag_addr_i (ic_tag_addr_local),
.ic_tag_wdata_i (ic_tag_wdata_local),
.ic_tag_rdata_i (ic_tag_rdata_local),
.ic_data_req_i (ic_data_req_local),
.ic_data_write_i (ic_data_write_local),
.ic_data_addr_i (ic_data_addr_local),
.ic_data_wdata_i (ic_data_wdata_local),
.ic_data_rdata_i (ic_data_rdata_local),
.ic_scr_key_valid_i (scramble_key_valid_local),
.irq_software_i (irq_software_local),
.irq_timer_i (irq_timer_local),
.irq_external_i (irq_external_local),
.irq_fast_i (irq_fast_local),
.irq_nm_i (irq_nm_local),
.irq_pending_i (irq_pending_local),
.irq_software_i (irq_software_local),
.irq_timer_i (irq_timer_local),
.irq_external_i (irq_external_local),
.irq_fast_i (irq_fast_local),
.irq_nm_i (irq_nm_local),
.irq_pending_i (irq_pending_local),
.debug_req_i (debug_req_local),
.crash_dump_i (crash_dump_local),
.double_fault_seen_i(double_fault_seen_local),
.debug_req_i (debug_req_local),
.crash_dump_i (crash_dump_local),
.double_fault_seen_i (double_fault_seen_local),
.fetch_enable_i (fetch_enable_local),
.alert_minor_o (lockstep_alert_minor_local),
.alert_major_o (lockstep_alert_major_local),
.icache_inval_i (icache_inval_local),
.core_busy_i (core_busy_local),
.test_en_i (test_en_i),
.scan_rst_ni (scan_rst_ni)
.fetch_enable_i (fetch_enable_local),
.alert_minor_o (lockstep_alert_minor_local),
.alert_major_internal_o (lockstep_alert_major_internal_local),
.alert_major_bus_o (lockstep_alert_major_bus_local),
.icache_inval_i (icache_inval_local),
.core_busy_i (core_busy_local),
.test_en_i (test_en_i),
.scan_rst_ni (scan_rst_ni)
);
// Manually buffer the output signals.
@ -888,24 +893,32 @@ module ibex_top import ibex_pkg::*; #(
.out_o(lockstep_alert_minor)
);
prim_buf u_prim_buf_alert_major (
.in_i (lockstep_alert_major_local),
.out_o(lockstep_alert_major)
prim_buf u_prim_buf_alert_major_internal (
.in_i (lockstep_alert_major_internal_local),
.out_o(lockstep_alert_major_internal)
);
prim_buf u_prim_buf_alert_major_bus (
.in_i (lockstep_alert_major_bus_local),
.out_o(lockstep_alert_major_bus)
);
end else begin : gen_no_lockstep
assign lockstep_alert_major = 1'b0;
assign lockstep_alert_minor = 1'b0;
assign data_wdata_intg_o = 'b0;
assign lockstep_alert_major_internal = 1'b0;
assign lockstep_alert_major_bus = 1'b0;
assign lockstep_alert_minor = 1'b0;
assign data_wdata_intg_o = 'b0;
logic unused_scan, unused_intg;
assign unused_scan = scan_rst_ni;
assign unused_intg = |{instr_rdata_intg_i, data_rdata_intg_i};
end
assign alert_major_o = core_alert_major | lockstep_alert_major;
assign alert_minor_o = core_alert_minor | lockstep_alert_minor;
assign alert_major_internal_o = core_alert_major | lockstep_alert_major_internal;
assign alert_major_bus_o = lockstep_alert_major_bus;
assign alert_minor_o = core_alert_minor | lockstep_alert_minor;
`ASSERT_KNOWN(IbexAlertMinorX, alert_minor_o)
`ASSERT_KNOWN(IbexAlertMajorX, alert_major_o)
`ASSERT_KNOWN(IbexAlertMajorInternalX, alert_major_internal_o)
`ASSERT_KNOWN(IbexAlertMajorBusX, alert_major_bus_o)
endmodule

6
rtl/ibex_top_tracing.sv
View file

@ -85,7 +85,8 @@ module ibex_top_tracing import ibex_pkg::*; #(
// CPU Control Signals
input logic fetch_enable_i,
output logic alert_minor_o,
output logic alert_major_o,
output logic alert_major_internal_o,
output logic alert_major_bus_o,
output logic core_sleep_o
);
@ -234,7 +235,8 @@ module ibex_top_tracing import ibex_pkg::*; #(
.fetch_enable_i,
.alert_minor_o,
.alert_major_o,
.alert_major_internal_o,
.alert_major_bus_o,
.core_sleep_o
);