[rtl] Add alert outputs

- Add a major and minor alert output which can be used by the system to
  react to fault injection attacks

Signed-off-by: Tom Roberts <tomroberts@lowrisc.org>

doc/integration.rst

@@ -68,6 +68,8 @@ Instantiation Template
 
       // Special control signals
       .fetch_enable_i (),
+      .alert_minor_o  (),
+      .alert_major_o  (),
       .core_sleep_o   ()
   );
 
@@ -165,3 +167,13 @@ Interfaces
 |                         |                         |     | if an external event (interrupt or     |
 |                         |                         |     | debug req) wakes the core up           |
 +-------------------------+-------------------------+-----+----------------------------------------+
+| ``alert_minor_o``       | 1                       | out | Core has detected a fault which it can |
+|                         |                         |     | safely recover from. Can be used by a  |
+|                         |                         |     | system to log errors over time and     |
+|                         |                         |     | detect tampering / attack.             |
++-------------------------+-------------------------+-----+----------------------------------------+
+| ``alert_major_o``       | 1                       | out | Core has detected a fault which cannot |
+|                         |                         |     | be recovered from. Can be used by a    |
+|                         |                         |     | system to reset the core and possibly  |
+|                         |                         |     | take other remedial action.            |
++-------------------------+-------------------------+-----+----------------------------------------+

dv/riscv_compliance/rtl/ibex_riscv_compliance.sv

@@ -157,6 +157,8 @@ module ibex_riscv_compliance (
       .debug_req_i    ('b0               ),
 
       .fetch_enable_i ('b1               ),
+      .alert_minor_o  (                  ),
+      .alert_major_o  (                  ),
       .core_sleep_o   (                  )
     );
 

examples/fpga/artya7/rtl/top_artya7.sv

@@ -81,6 +81,8 @@ module top_artya7 (
      .debug_req_i           ('b0),
 
      .fetch_enable_i        ('b1),
+     .alert_minor_o         (),
+     .alert_major_o         (),
      .core_sleep_o          ()
   );
 

examples/simple_system/rtl/ibex_simple_system.sv

@@ -196,6 +196,8 @@ module ibex_simple_system (
       .debug_req_i           ('b0),
 
       .fetch_enable_i        ('b1),
+      .alert_minor_o         (),
+      .alert_major_o         (),
       .core_sleep_o          ()
     );
 

rtl/ibex_core.sv

@@ -104,6 +104,8 @@ module ibex_core #(
 
     // CPU Control Signals
     input  logic        fetch_enable_i,
+    output logic        alert_minor_o,
+    output logic        alert_major_o,
     output logic        core_sleep_o
 );
 
@@ -770,6 +772,22 @@ module ibex_core #(
       .we_a_i           ( rf_we_wb       )
   );
 
+  ///////////////////
+  // Alert outputs //
+  ///////////////////
+
+  // Minor alert - core is in a recoverable state
+  // TODO add I$ ECC errors here
+  assign alert_minor_o = 1'b0;
+
+  // Major alert - core is unrecoverable
+  // TODO add fault detections here
+  assign alert_major_o = 1'b0;
+
+  `ASSERT_KNOWN(IbexAlertMinorX, alert_minor_o)
+  `ASSERT_KNOWN(IbexAlertMajorX, alert_major_o)
+
+
   // Explict INC_ASSERT block to avoid unused signal lint warnings were asserts are not included
   `ifdef INC_ASSERT
   // Signals used for assertions only

rtl/ibex_core_tracing.sv

@@ -69,6 +69,8 @@ module ibex_core_tracing #(
 
     // CPU Control Signals
     input  logic        fetch_enable_i,
+    output logic        alert_minor_o,
+    output logic        alert_major_o,
     output logic        core_sleep_o
 
 );
@@ -181,6 +183,8 @@ module ibex_core_tracing #(
     .rvfi_mem_wdata,
 
     .fetch_enable_i,
+    .alert_minor_o,
+    .alert_major_o,
     .core_sleep_o
   );