diff --git a/doc/01_overview/compliance.rst b/doc/01_overview/compliance.rst index c005d357..b2501b98 100644 --- a/doc/01_overview/compliance.rst +++ b/doc/01_overview/compliance.rst @@ -9,7 +9,7 @@ It follows these specifications: Ibex implements the Machine ISA version 1.11. * `RISC-V External Debug Support, version 0.13.2 `_ * `RISC-V Bit Manipulation Extension, version 0.92 (draft from November 8, 2019) `_ -* :download:`PMP Enhancements for memory access and execution prevention on Machine mode <../03_reference/pdfs/riscv-epmp.pdf>` +* `PMP Enhancements for memory access and execution prevention on Machine mode (Smepmp) version 0.9.3 `_ Many features in the RISC-V specification are optional, and Ibex can be parametrized to enable or disable some of them. diff --git a/doc/03_reference/cs_registers.rst b/doc/03_reference/cs_registers.rst index af884c37..24b5ece7 100644 --- a/doc/03_reference/cs_registers.rst +++ b/doc/03_reference/cs_registers.rst @@ -34,10 +34,6 @@ Ibex implements all the Control and Status Registers (CSRs) listed in the follow +---------+--------------------+--------+-----------------------------------------------+ | 0x344 | ``mip`` | R | Machine Interrupt Pending Register | +---------+--------------------+--------+-----------------------------------------------+ -| 0x390 | ``mseccfg`` | WARL | Machine Security Configuration | -+---------+--------------------+--------+-----------------------------------------------+ -| 0x391 | ``mseccfgh`` | WARL | Upper 32 bits of ``mseccfg`` | -+---------+--------------------+--------+-----------------------------------------------+ | 0x3A0 | ``pmpcfg0`` | WARL | PMP Configuration Register | +---------+--------------------+--------+-----------------------------------------------+ | . . . . | @@ -50,6 +46,10 @@ Ibex implements all the Control and Status Registers (CSRs) listed in the follow +---------+--------------------+--------+-----------------------------------------------+ | 0x3BF | ``pmpaddr15`` | WARL | PMP Address Register | +---------+--------------------+--------+-----------------------------------------------+ +| 0x747 | ``mseccfg`` | WARL | Machine Security Configuration | ++---------+--------------------+--------+-----------------------------------------------+ +| 0x757 | ``mseccfgh`` | WARL | Upper 32 bits of ``mseccfg`` | ++---------+--------------------+--------+-----------------------------------------------+ | 0x7A0 | ``tselect`` | WARL | Trigger Select Register | +---------+--------------------+--------+-----------------------------------------------+ | 0x7A1 | ``tdata1`` | WARL | Trigger Data Register 1 | @@ -250,29 +250,6 @@ A particular bit in the register reads as one if the corresponding interrupt inp | 3 | **Machine Software Interrupt Pending (MSIP):** if set, ``irq_software_i`` is pending. | +-------+---------------------------------------------------------------------------------------+ -Machine Security Configuration (mseccfg/mseccfgh) ----------------------------------------- - -CSR Address: ``0x390 - 0x391`` - -Reset Value: ``0x0000_0000_0000_0000`` - -+------+-----------------------------------------------------------------------------------------------------------------------------------+ -| Bit# | Definition | -+------+-----------------------------------------------------------------------------------------------------------------------------------+ -| 2 | **Rule Locking Bypass (RLB):** If set locked PMP entries can be modified | -+------+-----------------------------------------------------------------------------------------------------------------------------------+ -| 1 | **Machine Mode Whitelist Policy (MMWP):** If set default policy for PMP is deny for M-Mode accesses that don't match a PMP region | -+------+-----------------------------------------------------------------------------------------------------------------------------------+ -| 0 | **Machine Mode Lockdown (MML):** Alters behaviour of ``pmpcfgX`` bits | -+------+-----------------------------------------------------------------------------------------------------------------------------------+ - -``mseccfg`` is specified in the Trusted Execution Environment (TEE) working group proposal :download:`PMP Enhancements for memory access and execution prevention on Machine mode <../03_reference/pdfs/riscv-epmp.pdf>`, which gives the full details of it's functionality including the new PMP behaviour when ``mseccfg.MML`` is set. -Note that the reset value means PMP behavior out of reset matches the RISC-V Privileged Architecture. -A write to ``mseccfg`` is required to change it. -Note ``mseccfgh`` reads as all 0s and ignores all writes. -Any access to ``mseccfg`` or ``mseccfgh`` when using an Ibex configuration without PMP (``PMPEnable`` is 0) will trigger an illegal instruction exception. - PMP Configuration Register (pmpcfgx) ------------------------------------ @@ -325,6 +302,29 @@ Reset Value: ``0x0000_0000`` | address[33:2] | +----------------+ +Machine Security Configuration (mseccfg/mseccfgh) +------------------------------------------------- + +CSR Address: ``mseccfg``: ``0x747`` ``mseccfg``: ``0x757`` + +Reset Value: ``0x0000_0000_0000_0000`` + ++------+-----------------------------------------------------------------------------------------------------------------------------------+ +| Bit# | Definition | ++------+-----------------------------------------------------------------------------------------------------------------------------------+ +| 2 | **Rule Locking Bypass (RLB):** If set locked PMP entries can be modified | ++------+-----------------------------------------------------------------------------------------------------------------------------------+ +| 1 | **Machine Mode Whitelist Policy (MMWP):** If set default policy for PMP is deny for M-Mode accesses that don't match a PMP region | ++------+-----------------------------------------------------------------------------------------------------------------------------------+ +| 0 | **Machine Mode Lockdown (MML):** Alters behaviour of ``pmpcfgX`` bits | ++------+-----------------------------------------------------------------------------------------------------------------------------------+ + +``mseccfg`` is specified in the Trusted Execution Environment (TEE) working group proposal `PMP Enhancements for memory access and execution prevention on Machine mode (Smepmp) version 0.9.3 `_, which gives the full details of it's functionality including the new PMP behaviour when ``mseccfg.MML`` is set. +Note that the reset value means PMP behavior out of reset matches the RISC-V Privileged Architecture. +A write to ``mseccfg`` is required to change it. +Note ``mseccfgh`` reads as all 0s and ignores all writes. +Any access to ``mseccfg`` or ``mseccfgh`` when using an Ibex configuration without PMP (``PMPEnable`` is 0) will trigger an illegal instruction exception. + .. _csr-tselect: Trigger Select Register (tselect) diff --git a/doc/03_reference/pdfs/riscv-epmp.pdf b/doc/03_reference/pdfs/riscv-epmp.pdf deleted file mode 100644 index e0082494..00000000 Binary files a/doc/03_reference/pdfs/riscv-epmp.pdf and /dev/null differ diff --git a/doc/03_reference/pmp.rst b/doc/03_reference/pmp.rst index 18d75c0d..2b8c5d48 100644 --- a/doc/03_reference/pmp.rst +++ b/doc/03_reference/pmp.rst @@ -3,7 +3,7 @@ Physical Memory Protection (PMP) ================================ -The Physical Memory Protection (PMP) unit implements region-based memory access checking in-accordance with the RISC-V Privileged Specification, version 1.11 and includes the Trusted Execution Environment (TEE) working group proposal :download:`PMP Enhancements for memory access and execution prevention on Machine mode `. +The Physical Memory Protection (PMP) unit implements region-based memory access checking in-accordance with the RISC-V Privileged Specification, version 1.11 and includes the Trusted Execution Environment (TEE) working group proposal `PMP Enhancements for memory access and execution prevention on Machine mode (Smepmp) version 0.9.3 `_. The following configuration parameters are available to control PMP checking: +----------------+---------------+----------------------------------------------------------+ @@ -36,7 +36,7 @@ When the granularity is greater than zero, NA4 mode is not available and will be PMP Enhancements ---------------- -These are described in more detail in :download:`PMP Enhancements for memory access and execution prevention on Machine mode `. +These are described in more detail in `PMP Enhancements for memory access and execution prevention on Machine mode (Smepmp) version 0.9.3 `_. If Ibex is configured to include PMP (PMPEnable is not zero) the PMP enhancements are always included. Use of the enhanced behavior is optional, if no writes to ``mseccfg`` occur PMP behavior will remain exactly as specified in the RISC-V privileged specification. The enhancements add: diff --git a/dv/cs_registers/reg_driver/csr_listing.def b/dv/cs_registers/reg_driver/csr_listing.def index 722b43d9..5cab0fab 100644 --- a/dv/cs_registers/reg_driver/csr_listing.def +++ b/dv/cs_registers/reg_driver/csr_listing.def @@ -8,8 +8,6 @@ #error Define CSR #endif -CSR(MSeccfg, 0x390) -CSR(MSeccfgh, 0x391) CSR(PMPCfg0, 0x3A0) CSR(PMPCfg1, 0x3A1) CSR(PMPCfg2, 0x3A2) @@ -60,6 +58,8 @@ CSR(MHPMEvent28, 0x33C) CSR(MHPMEvent29, 0x33D) CSR(MHPMEvent30, 0x33E) CSR(MHPMEvent31, 0x33F) +CSR(MSeccfg, 0x747) +CSR(MSeccfgh, 0x757) CSR(MCycle, 0xB00) CSR(MInstret, 0xB02) CSR(MHPMCounter3, 0xB03) diff --git a/rtl/ibex_pkg.sv b/rtl/ibex_pkg.sv index bc4a8515..7308e26d 100644 --- a/rtl/ibex_pkg.sv +++ b/rtl/ibex_pkg.sv @@ -393,9 +393,6 @@ typedef enum logic[11:0] { CSR_MTVAL = 12'h343, CSR_MIP = 12'h344, - CSR_MSECCFG = 12'h390, - CSR_MSECCFGH = 12'h391, - // Physical memory protection CSR_PMPCFG0 = 12'h3A0, CSR_PMPCFG1 = 12'h3A1, @@ -418,6 +415,10 @@ typedef enum logic[11:0] { CSR_PMPADDR14 = 12'h3BE, CSR_PMPADDR15 = 12'h3BF, + // ePMP control + CSR_MSECCFG = 12'h747, + CSR_MSECCFGH = 12'h757, + // Debug trigger CSR_TSELECT = 12'h7A0, CSR_TDATA1 = 12'h7A1,