[otbn] Add a BAD_INTERNAL_STATE fatal error
This is going to be used when we detect that some internal state has
become corrupt. Wire it into the docs, the design (set to zero), the
ISS and the software.
Signed-off-by: Rupert Swarbrick <rswarbrick@lowrisc.org>
diff --git a/hw/ip/otbn/data/otbn.hjson b/hw/ip/otbn/data/otbn.hjson
index 4a91bd9..e22c760 100644
--- a/hw/ip/otbn/data/otbn.hjson
+++ b/hw/ip/otbn/data/otbn.hjson
@@ -346,16 +346,21 @@
desc: "A `BUS_INTG_VIOLATION` error was observed."
}
{ bits: "20",
+ name: "bad_internal_state",
+ resval: 0,
+ desc: "A `BAD_INTERNAL_STATE` error was observed."
+ }
+ { bits: "21",
name: "illegal_bus_access"
resval: 0,
desc: "An `ILLEGAL_BUS_ACCESS` error was observed."
}
- { bits: "21",
+ { bits: "22",
name: "lifecycle_escalation"
resval: 0,
desc: "A `LIFECYCLE_ESCALATION` error was observed."
}
- { bits: "22",
+ { bits: "23",
name: "fatal_software"
resval: 0,
desc: "A `FATAL_SOFTWARE` error was observed."
@@ -398,16 +403,21 @@
desc: "A `BUS_INTG_VIOLATION` error was observed."
}
{ bits: "4",
+ name: "bad_internal_state",
+ resval: 0,
+ desc: "A `BAD_INTERNAL_STATE` error was observed."
+ }
+ { bits: "5",
name: "illegal_bus_access"
resval: 0,
desc: "A `ILLEGAL_BUS_ACCESS` error was observed."
}
- { bits: "5",
+ { bits: "6",
name: "lifecycle_escalation"
resval: 0,
desc: "A `LIFECYCLE_ESCALATION` error was observed."
}
- { bits: "6",
+ { bits: "7",
name: "fatal_software"
resval: 0,
desc: "A `FATAL_SOFTWARE` error was observed."
diff --git a/hw/ip/otbn/doc/_index.md b/hw/ip/otbn/doc/_index.md
index 8996dde..18c4493 100644
--- a/hw/ip/otbn/doc/_index.md
+++ b/hw/ip/otbn/doc/_index.md
@@ -700,6 +700,11 @@
<td>An incoming bus transaction failed the integrity checks.</td>
</tr>
<tr>
+ <td><code>BAD_INTERNAL_STATE<code></td>
+ <td>fatal</td>
+ <td>The internal state of OTBN has become corrupt.</td>
+ </tr>
+ <tr>
<td><code>ILLEGAL_BUS_ACCESS<code></td>
<td>fatal</td>
<td>A bus-accessible register or memory was accessed when not allowed.</td>
diff --git a/hw/ip/otbn/dv/otbnsim/sim/constants.py b/hw/ip/otbn/dv/otbnsim/sim/constants.py
index ae42127..4f403ca 100644
--- a/hw/ip/otbn/dv/otbnsim/sim/constants.py
+++ b/hw/ip/otbn/dv/otbnsim/sim/constants.py
@@ -32,6 +32,7 @@
DMEM_INTG_VIOLATION = 1 << 17
REG_INTG_VIOLATION = 1 << 18
BUS_INTG_VIOLATION = 1 << 19
- ILLEGAL_BUS_ACCESS = 1 << 20
- LIFECYCLE_ESCALATION = 1 << 21
- FATAL_SOFTWARE = 1 << 22
+ BAD_INTERNAL_STATE = 1 << 20
+ ILLEGAL_BUS_ACCESS = 1 << 21
+ LIFECYCLE_ESCALATION = 1 << 22
+ FATAL_SOFTWARE = 1 << 23
diff --git a/hw/ip/otbn/dv/uvm/env/otbn_env_cov.sv b/hw/ip/otbn/dv/uvm/env/otbn_env_cov.sv
index 1b152d0..02d6ace 100644
--- a/hw/ip/otbn/dv/uvm/env/otbn_env_cov.sv
+++ b/hw/ip/otbn/dv/uvm/env/otbn_env_cov.sv
@@ -326,6 +326,7 @@
`DEF_SEEN_CP(err_bits_dmem_intg_violation_cp, value.dmem_intg_violation)
`DEF_SEEN_CP(err_bits_reg_intg_violation_cp, value.reg_intg_violation)
`DEF_SEEN_CP(err_bits_bus_intg_violation_cp, value.bus_intg_violation)
+ `DEF_SEEN_CP(err_bits_bad_internal_state_cp, value.bad_internal_state)
`DEF_SEEN_CP(err_bits_illegal_bus_access_cp, value.illegal_bus_access)
`DEF_SEEN_CP(err_bits_lifecycle_escalation_cp, value.lifecycle_escalation)
@@ -343,8 +344,9 @@
`DEF_SEEN_CP(fatal_alert_cause_dmem_intg_violation_cp, value[1])
`DEF_SEEN_CP(fatal_alert_cause_reg_intg_violation_cp, value[2])
`DEF_SEEN_CP(fatal_alert_cause_bus_intg_violation_cp, value[3])
- `DEF_SEEN_CP(fatal_alert_cause_illegal_bus_access_cp, value[4])
- `DEF_SEEN_CP(fatal_alert_cause_lifecycle_escalation_cp, value[5])
+ `DEF_SEEN_CP(fatal_alert_cause_bad_internal_state_cp, value[4])
+ `DEF_SEEN_CP(fatal_alert_cause_illegal_bus_access_cp, value[5])
+ `DEF_SEEN_CP(fatal_alert_cause_lifecycle_escalation_cp, value[6])
// We want to see an access to FATAL_ALERT_CAUSE in every operational state, but don't need to
// see all possible values that could be read.
diff --git a/hw/ip/otbn/rtl/otbn.sv b/hw/ip/otbn/rtl/otbn.sv
index e57907e..cd80184 100644
--- a/hw/ip/otbn/rtl/otbn.sv
+++ b/hw/ip/otbn/rtl/otbn.sv
@@ -647,6 +647,9 @@
assign hw2reg.err_bits.bus_intg_violation.de = done;
assign hw2reg.err_bits.bus_intg_violation.d = err_bits.bus_intg_violation;
+ assign hw2reg.err_bits.bad_internal_state.de = done;
+ assign hw2reg.err_bits.bad_internal_state.d = err_bits.bad_internal_state;
+
assign hw2reg.err_bits.illegal_bus_access.de = done;
assign hw2reg.err_bits.illegal_bus_access.d = err_bits.illegal_bus_access;
@@ -667,6 +670,8 @@
assign hw2reg.fatal_alert_cause.reg_intg_violation.d = 0;
assign hw2reg.fatal_alert_cause.bus_intg_violation.de = bus_intg_violation;
assign hw2reg.fatal_alert_cause.bus_intg_violation.d = bus_intg_violation;
+ assign hw2reg.fatal_alert_cause.bad_internal_state.de = 0;
+ assign hw2reg.fatal_alert_cause.bad_internal_state.d = 0;
assign hw2reg.fatal_alert_cause.illegal_bus_access.de = illegal_bus_access_d;
assign hw2reg.fatal_alert_cause.illegal_bus_access.d = illegal_bus_access_d;
assign hw2reg.fatal_alert_cause.lifecycle_escalation.de = lifecycle_escalation;
diff --git a/hw/ip/otbn/rtl/otbn_controller.sv b/hw/ip/otbn/rtl/otbn_controller.sv
index 9670822..1b2a45b 100644
--- a/hw/ip/otbn/rtl/otbn_controller.sv
+++ b/hw/ip/otbn/rtl/otbn_controller.sv
@@ -388,6 +388,7 @@
assign err_bits.fatal_software = software_err & software_errs_fatal_i;
assign err_bits.lifecycle_escalation = lifecycle_escalation_i;
assign err_bits.illegal_bus_access = illegal_bus_access_i;
+ assign err_bits.bad_internal_state = 0;
assign err_bits.bus_intg_violation = bus_intg_violation_i;
assign err_bits.reg_intg_violation = rf_base_rd_data_err_i | rf_bignum_rd_data_err_i;
assign err_bits.dmem_intg_violation = lsu_rdata_err_i;
diff --git a/hw/ip/otbn/rtl/otbn_pkg.sv b/hw/ip/otbn/rtl/otbn_pkg.sv
index fb7c498..1c7dd1a 100644
--- a/hw/ip/otbn/rtl/otbn_pkg.sv
+++ b/hw/ip/otbn/rtl/otbn_pkg.sv
@@ -73,6 +73,7 @@
logic fatal_software;
logic lifecycle_escalation;
logic illegal_bus_access;
+ logic bad_internal_state;
logic bus_intg_violation;
logic reg_intg_violation;
logic dmem_intg_violation;
diff --git a/hw/ip/otbn/rtl/otbn_reg_pkg.sv b/hw/ip/otbn/rtl/otbn_reg_pkg.sv
index c972894..ec86e98 100644
--- a/hw/ip/otbn/rtl/otbn_reg_pkg.sv
+++ b/hw/ip/otbn/rtl/otbn_reg_pkg.sv
@@ -108,6 +108,10 @@
struct packed {
logic d;
logic de;
+ } bad_internal_state;
+ struct packed {
+ logic d;
+ logic de;
} illegal_bus_access;
struct packed {
logic d;
@@ -139,6 +143,10 @@
struct packed {
logic d;
logic de;
+ } bad_internal_state;
+ struct packed {
+ logic d;
+ logic de;
} illegal_bus_access;
struct packed {
logic d;
@@ -172,11 +180,11 @@
// HW -> register type
typedef struct packed {
- otbn_hw2reg_intr_state_reg_t intr_state; // [114:113]
- otbn_hw2reg_ctrl_reg_t ctrl; // [112:112]
- otbn_hw2reg_status_reg_t status; // [111:103]
- otbn_hw2reg_err_bits_reg_t err_bits; // [102:79]
- otbn_hw2reg_fatal_alert_cause_reg_t fatal_alert_cause; // [78:65]
+ otbn_hw2reg_intr_state_reg_t intr_state; // [118:117]
+ otbn_hw2reg_ctrl_reg_t ctrl; // [116:116]
+ otbn_hw2reg_status_reg_t status; // [115:107]
+ otbn_hw2reg_err_bits_reg_t err_bits; // [106:81]
+ otbn_hw2reg_fatal_alert_cause_reg_t fatal_alert_cause; // [80:65]
otbn_hw2reg_insn_cnt_reg_t insn_cnt; // [64:33]
otbn_hw2reg_load_checksum_reg_t load_checksum; // [32:0]
} otbn_hw2reg_t;
diff --git a/hw/ip/otbn/rtl/otbn_reg_top.sv b/hw/ip/otbn/rtl/otbn_reg_top.sv
index 817e0bf..0ffe34b 100644
--- a/hw/ip/otbn/rtl/otbn_reg_top.sv
+++ b/hw/ip/otbn/rtl/otbn_reg_top.sv
@@ -188,6 +188,7 @@
logic err_bits_dmem_intg_violation_qs;
logic err_bits_reg_intg_violation_qs;
logic err_bits_bus_intg_violation_qs;
+ logic err_bits_bad_internal_state_qs;
logic err_bits_illegal_bus_access_qs;
logic err_bits_lifecycle_escalation_qs;
logic err_bits_fatal_software_qs;
@@ -195,6 +196,7 @@
logic fatal_alert_cause_dmem_intg_violation_qs;
logic fatal_alert_cause_reg_intg_violation_qs;
logic fatal_alert_cause_bus_intg_violation_qs;
+ logic fatal_alert_cause_bad_internal_state_qs;
logic fatal_alert_cause_illegal_bus_access_qs;
logic fatal_alert_cause_lifecycle_escalation_qs;
logic fatal_alert_cause_fatal_software_qs;
@@ -584,7 +586,32 @@
.qs (err_bits_bus_intg_violation_qs)
);
- // F[illegal_bus_access]: 20:20
+ // F[bad_internal_state]: 20:20
+ prim_subreg #(
+ .DW (1),
+ .SwAccess(prim_subreg_pkg::SwAccessRO),
+ .RESVAL (1'h0)
+ ) u_err_bits_bad_internal_state (
+ .clk_i (clk_i),
+ .rst_ni (rst_ni),
+
+ // from register interface
+ .we (1'b0),
+ .wd ('0),
+
+ // from internal hardware
+ .de (hw2reg.err_bits.bad_internal_state.de),
+ .d (hw2reg.err_bits.bad_internal_state.d),
+
+ // to internal hardware
+ .qe (),
+ .q (),
+
+ // to register interface (read)
+ .qs (err_bits_bad_internal_state_qs)
+ );
+
+ // F[illegal_bus_access]: 21:21
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -609,7 +636,7 @@
.qs (err_bits_illegal_bus_access_qs)
);
- // F[lifecycle_escalation]: 21:21
+ // F[lifecycle_escalation]: 22:22
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -634,7 +661,7 @@
.qs (err_bits_lifecycle_escalation_qs)
);
- // F[fatal_software]: 22:22
+ // F[fatal_software]: 23:23
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -761,7 +788,32 @@
.qs (fatal_alert_cause_bus_intg_violation_qs)
);
- // F[illegal_bus_access]: 4:4
+ // F[bad_internal_state]: 4:4
+ prim_subreg #(
+ .DW (1),
+ .SwAccess(prim_subreg_pkg::SwAccessRO),
+ .RESVAL (1'h0)
+ ) u_fatal_alert_cause_bad_internal_state (
+ .clk_i (clk_i),
+ .rst_ni (rst_ni),
+
+ // from register interface
+ .we (1'b0),
+ .wd ('0),
+
+ // from internal hardware
+ .de (hw2reg.fatal_alert_cause.bad_internal_state.de),
+ .d (hw2reg.fatal_alert_cause.bad_internal_state.d),
+
+ // to internal hardware
+ .qe (),
+ .q (),
+
+ // to register interface (read)
+ .qs (fatal_alert_cause_bad_internal_state_qs)
+ );
+
+ // F[illegal_bus_access]: 5:5
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -786,7 +838,7 @@
.qs (fatal_alert_cause_illegal_bus_access_qs)
);
- // F[lifecycle_escalation]: 5:5
+ // F[lifecycle_escalation]: 6:6
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -811,7 +863,7 @@
.qs (fatal_alert_cause_lifecycle_escalation_qs)
);
- // F[fatal_software]: 6:6
+ // F[fatal_software]: 7:7
prim_subreg #(
.DW (1),
.SwAccess(prim_subreg_pkg::SwAccessRO),
@@ -981,9 +1033,10 @@
reg_rdata_next[17] = err_bits_dmem_intg_violation_qs;
reg_rdata_next[18] = err_bits_reg_intg_violation_qs;
reg_rdata_next[19] = err_bits_bus_intg_violation_qs;
- reg_rdata_next[20] = err_bits_illegal_bus_access_qs;
- reg_rdata_next[21] = err_bits_lifecycle_escalation_qs;
- reg_rdata_next[22] = err_bits_fatal_software_qs;
+ reg_rdata_next[20] = err_bits_bad_internal_state_qs;
+ reg_rdata_next[21] = err_bits_illegal_bus_access_qs;
+ reg_rdata_next[22] = err_bits_lifecycle_escalation_qs;
+ reg_rdata_next[23] = err_bits_fatal_software_qs;
end
addr_hit[8]: begin
@@ -991,9 +1044,10 @@
reg_rdata_next[1] = fatal_alert_cause_dmem_intg_violation_qs;
reg_rdata_next[2] = fatal_alert_cause_reg_intg_violation_qs;
reg_rdata_next[3] = fatal_alert_cause_bus_intg_violation_qs;
- reg_rdata_next[4] = fatal_alert_cause_illegal_bus_access_qs;
- reg_rdata_next[5] = fatal_alert_cause_lifecycle_escalation_qs;
- reg_rdata_next[6] = fatal_alert_cause_fatal_software_qs;
+ reg_rdata_next[4] = fatal_alert_cause_bad_internal_state_qs;
+ reg_rdata_next[5] = fatal_alert_cause_illegal_bus_access_qs;
+ reg_rdata_next[6] = fatal_alert_cause_lifecycle_escalation_qs;
+ reg_rdata_next[7] = fatal_alert_cause_fatal_software_qs;
end
addr_hit[9]: begin
diff --git a/sw/device/lib/dif/dif_otbn.h b/sw/device/lib/dif/dif_otbn.h
index 188607f..ee3b154 100644
--- a/sw/device/lib/dif/dif_otbn.h
+++ b/sw/device/lib/dif/dif_otbn.h
@@ -69,12 +69,14 @@
kDifOtbnErrBitsRegIntgViolation = (1 << 18),
/** A BUS_INTG_VIOLATION error was observed. */
kDifOtbnErrBitsBusIntgViolation = (1 << 19),
+ /** A BAD_INTERNAL_STATE error was observed. */
+ kDifOtbnErrBitsBadInternalState = (1 << 20),
/** An ILLEGAL_BUS_ACCESS error was observed. */
- kDifOtbnErrBitsIllegalBusAccess = (1 << 20),
+ kDifOtbnErrBitsIllegalBusAccess = (1 << 21),
/** A LIFECYCLE_ESCALATION error was observed. */
- kDifOtbnErrBitsLifecycleEscalation = (1 << 21),
+ kDifOtbnErrBitsLifecycleEscalation = (1 << 22),
/** A FATAL_SOFTWARE error was observed. */
- kDifOtbnErrBitsFatalSoftware = (1 << 22),
+ kDifOtbnErrBitsFatalSoftware = (1 << 23),
} dif_otbn_err_bits_t;
/**
diff --git a/sw/device/silicon_creator/lib/drivers/otbn.h b/sw/device/silicon_creator/lib/drivers/otbn.h
index 17e72d5..46b7d53 100644
--- a/sw/device/silicon_creator/lib/drivers/otbn.h
+++ b/sw/device/silicon_creator/lib/drivers/otbn.h
@@ -111,12 +111,14 @@
kOtbnErrBitsRegIntgViolation = (1 << 18),
/** A BUS_INTG_VIOLATION error was observed. */
kOtbnErrBitsBusIntgViolation = (1 << 19),
+ /** A BAD_INTERNAL_STATE error was observed. */
+ kDifOtbnErrBitsBadInternalState = (1 << 20),
/** An ILLEGAL_BUS_ACCESS error was observed. */
- kOtbnErrBitsIllegalBusAccess = (1 << 20),
+ kOtbnErrBitsIllegalBusAccess = (1 << 21),
/** A LIFECYCLE_ESCALATION error was observed. */
- kOtbnErrBitsLifecycleEscalation = (1 << 21),
+ kOtbnErrBitsLifecycleEscalation = (1 << 22),
/** A FATAL_SOFTWARE error was observed. */
- kOtbnErrBitsFatalSoftware = (1 << 22),
+ kOtbnErrBitsFatalSoftware = (1 << 23),
} otbn_err_bits_t;
/**
