[aes, kmac] Use ASSERT_STATIC_LINT_ERROR SVA for non-default Sec params
Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
diff --git a/hw/ip/aes/rtl/aes_control.sv b/hw/ip/aes/rtl/aes_control.sv
index e137926..f103eab 100644
--- a/hw/ip/aes/rtl/aes_control.sv
+++ b/hw/ip/aes/rtl/aes_control.sv
@@ -6,6 +6,8 @@
//
// This module controls the interplay of input/output registers and the AES cipher core.
+`include "prim_assert.sv"
+
module aes_control
import aes_pkg::*;
import aes_reg_pkg::*;
@@ -117,6 +119,10 @@
// Optional delay of manual start trigger
logic start_trigger;
+
+ // Create a lint error to reduce the risk of accidentally enabling this feature.
+ `ASSERT_STATIC_LINT_ERROR(AesSecStartTriggerDelayNonDefault, SecStartTriggerDelay == 0)
+
if (SecStartTriggerDelay > 0) begin : gen_start_delay
// Delay the manual start trigger input for SCA measurements.
localparam int unsigned WidthCounter = $clog2(SecStartTriggerDelay+1);
@@ -135,10 +141,6 @@
end
end
- // Create a lint error to reduce the risk of accidentally enabling this feature.
- logic sec_start_trigger_delay;
- assign sec_start_trigger_delay = count_q[0];
-
end else begin : gen_no_start_delay
// Directly forward the manual start trigger input.
assign start_trigger = start_i;
diff --git a/hw/ip/aes/rtl/aes_prng_clearing.sv b/hw/ip/aes/rtl/aes_prng_clearing.sv
index db99292..b659f6c 100644
--- a/hw/ip/aes/rtl/aes_prng_clearing.sv
+++ b/hw/ip/aes/rtl/aes_prng_clearing.sv
@@ -50,11 +50,9 @@
// the SecSkipPRNGReseeding parameter is set. Performing the reseeding without proper entropy
// provided from CSRNG would result in quickly repeating, fully deterministic PRNG output,
// which prevents meaningful SCA resistance evaluations.
- if (SecSkipPRNGReseeding) begin : gen_skip_prng_reseeding
- // Create a lint error to reduce the risk of accidentally enabling this feature.
- logic sec_skip_prng_reseeding;
- assign sec_skip_prng_reseeding = SecSkipPRNGReseeding;
- end
+
+ // Create a lint error to reduce the risk of accidentally enabling this feature.
+ `ASSERT_STATIC_LINT_ERROR(AesSecSkipPRNGReseedingNonDefault, SecSkipPRNGReseeding == 0)
// LFSR control
assign lfsr_en = data_req_i & data_ack_o;
diff --git a/hw/ip/aes/rtl/aes_prng_masking.sv b/hw/ip/aes/rtl/aes_prng_masking.sv
index f11f50e..d087cfe 100644
--- a/hw/ip/aes/rtl/aes_prng_masking.sv
+++ b/hw/ip/aes/rtl/aes_prng_masking.sv
@@ -77,11 +77,9 @@
// the SecSkipPRNGReseeding parameter is set. Performing the reseeding without proper entropy
// provided from CSRNG would result in quickly repeating, fully deterministic PRNG output,
// which prevents meaningful SCA resistance evaluations.
- if (SecSkipPRNGReseeding) begin : gen_skip_prng_reseeding
- // Create a lint error to reduce the risk of accidentally enabling this feature.
- logic sec_skip_prng_reseeding;
- assign sec_skip_prng_reseeding = SecSkipPRNGReseeding;
- end
+
+ // Create a lint error to reduce the risk of accidentally enabling this feature.
+ `ASSERT_STATIC_LINT_ERROR(AesSecSkipPRNGReseedingNonDefault, SecSkipPRNGReseeding == 0)
// PRNG control
assign prng_en = data_update_i;
@@ -193,11 +191,9 @@
phase_q ? {perm[0], perm[NumChunks-1:1]} : perm;
// Create a lint error to reduce the risk of accidentally enabling this feature.
- if (SecAllowForcingMasks) begin : gen_allow_forcing_masks
- logic sec_allow_forcing_masks;
- assign sec_allow_forcing_masks = force_zero_masks_i;
+ `ASSERT_STATIC_LINT_ERROR(AesSecAllowForcingMasksNonDefault, SecAllowForcingMasks == 0)
- end else begin : gen_unused_force_masks
+ if (SecAllowForcingMasks == 0) begin : gen_unused_force_masks
logic unused_force_zero_masks;
assign unused_force_zero_masks = force_zero_masks_i;
end
diff --git a/hw/ip/kmac/rtl/kmac.sv b/hw/ip/kmac/rtl/kmac.sv
index 19a4b6d..b389387 100644
--- a/hw/ip/kmac/rtl/kmac.sv
+++ b/hw/ip/kmac/rtl/kmac.sv
@@ -321,6 +321,9 @@
end
end
+ // Create a lint error to reduce the risk of accidentally enabling this feature.
+ `ASSERT_STATIC_LINT_ERROR(KmacSecCmdDelayNonDefault, SecCmdDelay == 0)
+
if (SecCmdDelay > 0) begin : gen_cmd_delay_buf
// Delay and buffer commands for SCA measurements.
localparam int unsigned WidthCounter = $clog2(SecCmdDelay+1);
@@ -386,10 +389,6 @@
end
end
- // Create a lint error to reduce the risk of accidentally enabling this feature.
- logic sec_cmd_delay_dummy;
- assign sec_cmd_delay_dummy = cmd_update;
-
end else begin : gen_no_cmd_delay_buf
// Directly forward signals from register IF.
assign cmd_update = reg2hw.cmd.cmd.qe;
diff --git a/hw/ip/kmac/rtl/kmac_app.sv b/hw/ip/kmac/rtl/kmac_app.sv
index df661b3..e14850b 100644
--- a/hw/ip/kmac/rtl/kmac_app.sv
+++ b/hw/ip/kmac/rtl/kmac_app.sv
@@ -368,6 +368,9 @@
.state_o ( st_raw )
);
+ // Create a lint error to reduce the risk of accidentally enabling this feature.
+ `ASSERT_STATIC_LINT_ERROR(KmacSecIdleAcceptSwMsgNonDefault, SecIdleAcceptSwMsg == 0)
+
// Next State & output logic
// SEC_CM: FSM.SPARSE
always_comb begin
@@ -530,12 +533,6 @@
end
end
- if (SecIdleAcceptSwMsg != 1'b0) begin : gen_lint_err
- // Create a lint error to reduce the risk of accidentally enabling this feature.
- logic sec_idle_accept_sw_msg_dummy;
- assign sec_idle_accept_sw_msg_dummy = (st == StIdle);
- end
-
//////////////
// Datapath //
//////////////
