diff --git a/rtl/ibex_if_stage.sv b/rtl/ibex_if_stage.sv
index 4cd3faf4..aa632578 100644
--- a/rtl/ibex_if_stage.sv
+++ b/rtl/ibex_if_stage.sv
@@ -462,7 +462,7 @@ module ibex_if_stage import ibex_pkg::*; #(
 
   // Check for expected increments of the PC when security hardening enabled
   if (PCIncrCheck) begin : g_secure_pc
-    logic [31:0] prev_instr_addr_incr;
+    logic [31:0] prev_instr_addr_incr, prev_instr_addr_incr_buf;
     logic        prev_instr_seq_q, prev_instr_seq_d;
 
     // Do not check for sequential increase after a branch, jump, exception, interrupt or debug
@@ -480,8 +480,14 @@ module ibex_if_stage import ibex_pkg::*; #(
 
     assign prev_instr_addr_incr = pc_id_o + (instr_is_compressed_id_o ? 32'd2 : 32'd4);
 
+    // Buffer anticipated next PC address to ensure optimiser cannot remove the check.
+    prim_buf #(.Width(32)) u_prev_instr_addr_incr_buf (
+      .in_i (prev_instr_addr_incr),
+      .out_o(prev_instr_addr_incr_buf)
+    );
+
     // Check that the address equals the previous address +2/+4
-    assign pc_mismatch_alert_o = prev_instr_seq_q & (pc_if_o != prev_instr_addr_incr);
+    assign pc_mismatch_alert_o = prev_instr_seq_q & (pc_if_o != prev_instr_addr_incr_buf);
 
   end else begin : g_no_secure_pc
     assign pc_mismatch_alert_o = 1'b0;
diff --git a/rtl/ibex_top.sv b/rtl/ibex_top.sv
index 3e857f17..46bde3d1 100644
--- a/rtl/ibex_top.sv
+++ b/rtl/ibex_top.sv
@@ -158,8 +158,8 @@ module ibex_top import ibex_pkg::*; #(
   logic [4:0]                  rf_waddr_wb;
   logic                        rf_we_wb;
   logic [RegFileDataWidth-1:0] rf_wdata_wb_ecc;
-  logic [RegFileDataWidth-1:0] rf_rdata_a_ecc;
-  logic [RegFileDataWidth-1:0] rf_rdata_b_ecc;
+  logic [RegFileDataWidth-1:0] rf_rdata_a_ecc, rf_rdata_a_ecc_buf;
+  logic [RegFileDataWidth-1:0] rf_rdata_b_ecc, rf_rdata_b_ecc_buf;
   // Core <-> RAMs signals
   logic [IC_NUM_WAYS-1:0]      ic_tag_req;
   logic                        ic_tag_write;
@@ -210,12 +210,22 @@ module ibex_top import ibex_pkg::*; #(
   // Core instantiation //
   ////////////////////////
 
-  // Buffer fetch_enable_i to prevent synthesis optimising away multi-bit signal
+  // Buffer security critical signals to prevent synthesis optimisation removing them
   prim_buf #(.Width($bits(fetch_enable_t))) u_fetch_enable_buf (
     .in_i (fetch_enable_i),
     .out_o(fetch_enable_buf)
   );
 
+  prim_buf #(.Width(RegFileDataWidth)) u_rf_rdata_a_ecc_buf (
+    .in_i (rf_rdata_a_ecc),
+    .out_o(rf_rdata_a_ecc_buf)
+  );
+
+  prim_buf #(.Width(RegFileDataWidth)) u_rf_rdata_b_ecc_buf (
+    .in_i (rf_rdata_b_ecc),
+    .out_o(rf_rdata_b_ecc_buf)
+  );
+
   ibex_core #(
     .PMPEnable        (PMPEnable),
     .PMPGranularity   (PMPGranularity),
@@ -274,8 +284,8 @@ module ibex_top import ibex_pkg::*; #(
     .rf_waddr_wb_o    (rf_waddr_wb),
     .rf_we_wb_o       (rf_we_wb),
     .rf_wdata_wb_ecc_o(rf_wdata_wb_ecc),
-    .rf_rdata_a_ecc_i (rf_rdata_a_ecc),
-    .rf_rdata_b_ecc_i (rf_rdata_b_ecc),
+    .rf_rdata_a_ecc_i (rf_rdata_a_ecc_buf),
+    .rf_rdata_b_ecc_i (rf_rdata_b_ecc_buf),
 
     .ic_tag_req_o      (ic_tag_req),
     .ic_tag_write_o    (ic_tag_write),