Skip to content

Commit

Permalink
removed capture condition on security state wires
Browse files Browse the repository at this point in the history 
moved dmi reg mode masking to inside soc ifc top
fixed register permissions for DBG REQ
added flush and debug condition for lifecycle states NOT in MANUF or PROD
  • Loading branch information
@Nitsirks
Nitsirks committed Nov 18, 2024
1 parent 6592f42 commit cb5faf3
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 36 deletions.
51 changes: 22 additions & 29 deletions src/integration/rtl/caliptra_top.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,8 @@ module caliptra_top

logic fw_update_rst_window;

logic cptra_ss_debug_intent; //qualified debug intent

// Caliptra ECC status signals
rv_ecc_sts_t rv_ecc_sts;

Expand Down Expand Up @@ -256,11 +258,10 @@ module caliptra_top
mbox_sram_resp_t mbox_sram_resp;

logic clear_obf_secrets;
logic clear_secrets;

logic cptra_security_state_captured;
logic scan_mode_switch;
logic debug_lock_or_scan_mode_switch, clear_obf_secrets_debugScanQ, debug_lock_switch;
logic debug_lock_switch;
logic device_lifecycle_switch;
logic debug_lock_or_scan_mode_switch, clear_obf_secrets_debugScanQ;
logic cptra_scan_mode_Latched, cptra_scan_mode_Latched_d, cptra_scan_mode_Latched_f;

logic [`CLP_OBF_KEY_DWORDS-1:0][31:0] cptra_obf_key_dbg;
Expand Down Expand Up @@ -421,15 +422,7 @@ always_comb cptra_core_dmi_enable = ~(cptra_security_state_Latched.debug_locked)
//Open Uncore TAP for debug unlocked, or DEVICE_MANUFACTURING, or debug intent set
always_comb cptra_uncore_dmi_enable = ~(cptra_security_state_Latched.debug_locked) |
(cptra_security_state_Latched.device_lifecycle == DEVICE_MANUFACTURING) |
ss_debug_intent;

//Uncore registers only open for debug unlock or manufacturing
always_comb cptra_uncore_dmi_unlocked_reg_en = cptra_uncore_dmi_reg_en &
(~(cptra_security_state_Latched.debug_locked) |
(cptra_security_state_Latched.device_lifecycle == DEVICE_MANUFACTURING));
//Uncore registers open for all cases
always_comb cptra_uncore_dmi_locked_reg_en = cptra_uncore_dmi_reg_en;

cptra_ss_debug_intent;
el2_veer_wrapper rvtop (
`ifdef CALIPTRA_FORCE_CPU_RESET
.rst_l ( 1'b0 ),
Expand Down Expand Up @@ -630,14 +623,9 @@ el2_veer_wrapper rvtop (
if (~cptra_noncore_rst_b) begin
cptra_security_state_Latched_d <= '{device_lifecycle: DEVICE_PRODUCTION, debug_locked: 1'b1}; //Setting the default value to be debug locked and in production mode
cptra_security_state_Latched_f <= '{device_lifecycle: DEVICE_PRODUCTION, debug_locked: 1'b1};

cptra_security_state_captured <= 0;
end
else if(!cptra_security_state_captured) begin
else begin
cptra_security_state_Latched_d <= security_state;
cptra_security_state_captured <= 1;
end
else begin
cptra_security_state_Latched_f <= cptra_security_state_Latched_d;
end
end
Expand All @@ -654,19 +642,23 @@ el2_veer_wrapper rvtop (
end

//Lock debug unless both flops are unlocked
assign cptra_security_state_Latched.debug_locked = cptra_security_state_Latched_d.debug_locked | cptra_security_state_Latched_f.debug_locked;
always_comb cptra_security_state_Latched.debug_locked = cptra_security_state_Latched_d.debug_locked | cptra_security_state_Latched_f.debug_locked;
//Pass on the latched value of device lifecycle
assign cptra_security_state_Latched.device_lifecycle = cptra_security_state_Latched_d.device_lifecycle;
always_comb cptra_security_state_Latched.device_lifecycle = cptra_security_state_Latched_f.device_lifecycle;
//Only assert scan mode once both flops have set
assign cptra_scan_mode_Latched = cptra_scan_mode_Latched_d & cptra_scan_mode_Latched_f;
always_comb cptra_scan_mode_Latched = cptra_scan_mode_Latched_d & cptra_scan_mode_Latched_f;

// When scan mode goes from 0->1, generate a pulse to clear the assets
// Note that when scan goes to '1, Caliptra state as well as SOC state
// gets messed up. So switch to scan is destructive (obvious! Duh!)
assign scan_mode_switch = cptra_scan_mode_Latched_d & ~cptra_scan_mode_Latched_f;
always_comb scan_mode_switch = cptra_scan_mode_Latched_d & ~cptra_scan_mode_Latched_f;
// Detect transition of debug mode
assign debug_lock_switch = cptra_security_state_Latched_d.debug_locked ^ cptra_security_state_Latched_f.debug_locked;
assign debug_lock_or_scan_mode_switch = debug_lock_switch | scan_mode_switch | cptra_error_fatal;
always_comb debug_lock_switch = cptra_security_state_Latched_d.debug_locked ^ cptra_security_state_Latched_f.debug_locked;
// Detect transition from valid lifecycle state to invalid
always_comb device_lifecycle_switch = (cptra_security_state_Latched_f.device_lifecycle inside {DEVICE_MANUFACTURING, DEVICE_PRODUCTION}) &
~(cptra_security_state_Latched_d.device_lifecycle inside {DEVICE_MANUFACTURING, DEVICE_PRODUCTION});

assign debug_lock_or_scan_mode_switch = debug_lock_switch | scan_mode_switch | device_lifecycle_switch | cptra_error_fatal;

assign clear_obf_secrets_debugScanQ = clear_obf_secrets | cptra_in_debug_scan_mode | cptra_error_fatal;

Expand All @@ -677,7 +669,7 @@ el2_veer_wrapper rvtop (
cptra_csr_hmac_key_reg <= '0;
end
//Only latch the value during device manufacturing
else if (cptra_security_state_Latched_f.device_lifecycle == DEVICE_MANUFACTURING) begin
else if (cptra_security_state_Latched.device_lifecycle == DEVICE_MANUFACTURING) begin
cptra_csr_hmac_key_reg <= cptra_csr_hmac_key;
end
end
Expand Down Expand Up @@ -866,8 +858,9 @@ sha256_ctrl #(
.debugUnlock_or_scan_mode_switch(debug_lock_or_scan_mode_switch)
);

//override device secrets with debug values in Debug or Scan Mode
always_comb cptra_in_debug_scan_mode = ~cptra_security_state_Latched.debug_locked | cptra_scan_mode_Latched;
//override device secrets with debug values in Debug or Scan Mode or any device lifecycle other than PROD and MANUF
always_comb cptra_in_debug_scan_mode = ~cptra_security_state_Latched.debug_locked | cptra_scan_mode_Latched |
~(cptra_security_state_Latched.device_lifecycle inside {DEVICE_PRODUCTION, DEVICE_MANUFACTURING});
always_comb cptra_obf_key_dbg = cptra_in_debug_scan_mode ? `CLP_DEBUG_MODE_OBF_KEY : cptra_obf_key_reg;
always_comb obf_uds_seed_dbg = cptra_in_debug_scan_mode ? `CLP_DEBUG_MODE_UDS_SEED : obf_uds_seed;
always_comb obf_field_entropy_dbg = cptra_in_debug_scan_mode ? `CLP_DEBUG_MODE_FIELD_ENTROPY : obf_field_entropy;
Expand Down Expand Up @@ -1271,7 +1264,7 @@ soc_ifc_top1
.strap_ss_strap_rsvd_2 (strap_ss_strap_rsvd_2 ),
.strap_ss_strap_rsvd_3 (strap_ss_strap_rsvd_3 ),
.ss_debug_intent (ss_debug_intent ),

.cptra_ss_debug_intent (cptra_ss_debug_intent ),
// Subsystem mode debug outputs
.ss_dbg_manuf_enable (ss_dbg_manuf_enable ),
.ss_dbg_prod_enable (ss_dbg_prod_enable ),
Expand Down
28 changes: 21 additions & 7 deletions src/soc_ifc/rtl/soc_ifc_top.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ module soc_ifc_top
input logic [31:0] strap_ss_strap_rsvd_2,
input logic [31:0] strap_ss_strap_rsvd_3,
input logic ss_debug_intent,
output logic cptra_ss_debug_intent,

// Subsystem mode debug outputs
output logic ss_dbg_manuf_enable,
Expand Down Expand Up @@ -148,8 +149,7 @@ module soc_ifc_top
input logic crypto_error,

//caliptra uncore jtag ports
input logic cptra_uncore_dmi_unlocked_reg_en,
input logic cptra_uncore_dmi_locked_reg_en,
input logic cptra_uncore_dmi_reg_en,
input logic cptra_uncore_dmi_reg_wr_en,
output logic [31:0] cptra_uncore_dmi_reg_rdata,
input logic [6:0] cptra_uncore_dmi_reg_addr,
Expand Down Expand Up @@ -244,6 +244,8 @@ logic BootFSM_BrkPoint_Latched;
logic BootFSM_BrkPoint_valid;
logic BootFSM_BrkPoint_Flag;

logic cptra_uncore_dmi_locked_reg_en;
logic cptra_uncore_dmi_unlocked_reg_en;
logic dmi_inc_rdptr;
logic dmi_inc_wrptr;
logic cptra_uncore_dmi_reg_dout_access_f;
Expand All @@ -254,6 +256,7 @@ logic [31:0] cptra_uncore_dmi_unlocked_reg_rdata_in;

logic strap_we;
logic cptra_uncore_dmi_unlocked_reg_wr_en;
logic cptra_uncore_dmi_locked_reg_wr_en;

soc_ifc_reg__in_t soc_ifc_reg_hwif_in;
soc_ifc_reg__out_t soc_ifc_reg_hwif_out;
Expand Down Expand Up @@ -683,6 +686,17 @@ always_comb begin
end
end


//Uncore registers only open for debug unlock or manufacturing
always_comb cptra_uncore_dmi_unlocked_reg_en = cptra_uncore_dmi_reg_en &
(~(cptra_security_state_Latched.debug_locked) |
(cptra_security_state_Latched.device_lifecycle == DEVICE_MANUFACTURING));
//Uncore registers open for all cases
always_comb cptra_uncore_dmi_locked_reg_en = cptra_uncore_dmi_reg_en;

always_comb cptra_uncore_dmi_unlocked_reg_wr_en = (cptra_uncore_dmi_reg_wr_en & cptra_uncore_dmi_unlocked_reg_en);
always_comb cptra_uncore_dmi_locked_reg_wr_en = (cptra_uncore_dmi_reg_wr_en & cptra_uncore_dmi_locked_reg_en);

// Subsystem straps capture the initial value from input port on rising edge of cptra_pwrgood
always_ff @(posedge clk or negedge cptra_pwrgood) begin
if(~cptra_pwrgood) begin
Expand All @@ -693,8 +707,6 @@ always_ff @(posedge clk or negedge cptra_pwrgood) begin
end
end

always_comb cptra_uncore_dmi_unlocked_reg_wr_en = (cptra_uncore_dmi_reg_wr_en & cptra_uncore_dmi_unlocked_reg_en);

always_comb begin : ss_reg_hwwe
//SS STRAPS WITH TAP WRITE ACCESS
soc_ifc_reg_hwif_in.SS_SOC_IFC_BASE_ADDR_L.addr_l.we = strap_we | (cptra_uncore_dmi_unlocked_reg_wr_en &
Expand Down Expand Up @@ -724,11 +736,11 @@ always_comb begin : ss_reg_hwwe
soc_ifc_reg_hwif_in.SS_DEBUG_INTENT.debug_intent.we = strap_we | (cptra_uncore_dmi_unlocked_reg_wr_en &
(cptra_uncore_dmi_reg_addr == DMI_REG_SS_DEBUG_INTENT));
//SS REGISTERS WITH TAP WRITE ACCESS
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.MANUF_DBG_UNLOCK_REQ.we = (cptra_uncore_dmi_unlocked_reg_wr_en &
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.MANUF_DBG_UNLOCK_REQ.we = (cptra_uncore_dmi_locked_reg_wr_en &
(cptra_uncore_dmi_reg_addr == DMI_REG_SS_DBG_MANUF_SERVICE_REG_REQ));
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.PROD_DBG_UNLOCK_REQ.we = (cptra_uncore_dmi_unlocked_reg_wr_en &
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.PROD_DBG_UNLOCK_REQ.we = (cptra_uncore_dmi_locked_reg_wr_en &
(cptra_uncore_dmi_reg_addr == DMI_REG_SS_DBG_MANUF_SERVICE_REG_REQ));
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.UDS_PROGRAM_REQ.we = (cptra_uncore_dmi_unlocked_reg_wr_en &
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_REQ.UDS_PROGRAM_REQ.we = (cptra_uncore_dmi_locked_reg_wr_en &
(cptra_uncore_dmi_reg_addr == DMI_REG_SS_DBG_MANUF_SERVICE_REG_REQ));
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_RSP.MANUF_DBG_UNLOCK_FAIL.we = (cptra_uncore_dmi_unlocked_reg_wr_en & (cptra_uncore_dmi_reg_addr == DMI_REG_SS_DBG_MANUF_SERVICE_REG_RSP));
soc_ifc_reg_hwif_in.SS_DBG_MANUF_SERVICE_REG_RSP.MANUF_DBG_UNLOCK_IN_PROGRESS.we = (cptra_uncore_dmi_unlocked_reg_wr_en & (cptra_uncore_dmi_reg_addr == DMI_REG_SS_DBG_MANUF_SERVICE_REG_RSP));
Expand Down Expand Up @@ -795,6 +807,8 @@ always_comb begin : ss_reg_next_vals
`endif
end

always_comb cptra_ss_debug_intent = soc_ifc_reg_hwif_out.SS_DEBUG_INTENT.debug_intent.value;

// Also RW-able by SW until CPTRA_FUSE_WR_DONE
always_comb soc_ifc_reg_hwif_in.SS_SOC_IFC_BASE_ADDR_L.addr_l.swwel = soc_ifc_reg_hwif_out.CPTRA_FUSE_WR_DONE.done.value;
always_comb soc_ifc_reg_hwif_in.SS_SOC_IFC_BASE_ADDR_H.addr_h.swwel = soc_ifc_reg_hwif_out.CPTRA_FUSE_WR_DONE.done.value;
Expand Down

0 comments on commit cb5faf3

Please sign in to comment.