[fpv/lc_ctrl] Add gating conditions for sec_cm assertions
This PR supports gating conditions for sec_cm assertions.
Signed-off-by: Cindy Chen <chencindy@opentitan.org>
diff --git a/hw/ip/lc_ctrl/rtl/lc_ctrl.sv b/hw/ip/lc_ctrl/rtl/lc_ctrl.sv
index 25c6ce6..1677a6f 100644
--- a/hw/ip/lc_ctrl/rtl/lc_ctrl.sv
+++ b/hw/ip/lc_ctrl/rtl/lc_ctrl.sv
@@ -727,10 +727,21 @@
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(CtrlLcFsmCheck_A,
u_lc_ctrl_fsm.u_fsm_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(CtrlLcStateCheck_A,
- u_lc_ctrl_fsm.u_state_regs, alert_tx_o[1])
+ u_lc_ctrl_fsm.u_state_regs, alert_tx_o[1],
+ !$past(otp_lc_data_i.valid) ||
+ u_lc_ctrl_fsm.fsm_state_q inside {ResetSt, EscalateSt, PostTransSt, InvalidSt} ||
+ u_lc_ctrl_fsm.esc_scrap_state0_i ||
+ u_lc_ctrl_fsm.esc_scrap_state1_i)
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(CtrlLcCntCheck_A,
- u_lc_ctrl_fsm.u_cnt_regs, alert_tx_o[1])
- `ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(CtrlKmacIfFsmCheck_A,
- u_lc_ctrl_kmac_if.u_state_regs, alert_tx_o[1])
+ u_lc_ctrl_fsm.u_cnt_regs, alert_tx_o[1],
+ !$past(otp_lc_data_i.valid) ||
+ u_lc_ctrl_fsm.fsm_state_q inside {ResetSt, EscalateSt, PostTransSt, InvalidSt} ||
+ u_lc_ctrl_fsm.esc_scrap_state0_i ||
+ u_lc_ctrl_fsm.esc_scrap_state1_i)
+ `ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(CtrlKmacIfFsmCheck_A,
+ u_lc_ctrl_kmac_if.u_state_regs, alert_tx_o[1],
+ u_lc_ctrl_fsm.fsm_state_q inside {EscalateSt} ||
+ u_lc_ctrl_fsm.esc_scrap_state0_i ||
+ u_lc_ctrl_fsm.esc_scrap_state1_i)
endmodule : lc_ctrl
diff --git a/hw/ip/prim/rtl/prim_assert_sec_cm.svh b/hw/ip/prim/rtl/prim_assert_sec_cm.svh
index 9fbbf94..dac5c88 100644
--- a/hw/ip/prim/rtl/prim_assert_sec_cm.svh
+++ b/hw/ip/prim/rtl/prim_assert_sec_cm.svh
@@ -8,8 +8,8 @@
`define PRIM_ASSERT_SEC_CM_SVH
// Helper macros
-`define ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_, ERR_NAME_) \
- `ASSERT(FpvSecCm``NAME_``, $rose(PRIM_HIER_.ERR_NAME_) |-> ##[0:MAX_CYCLES_] (ALERT_.alert_p)) \
+`define ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_, MAX_CYCLES_, ERR_NAME_) \
+ `ASSERT(FpvSecCm``NAME_``, $rose(PRIM_HIER_.ERR_NAME_) && !(GATE_) |-> ##[0:MAX_CYCLES_] (ALERT_.alert_p)) \
`ifdef INC_ASSERT \
assign PRIM_HIER_.unused_assert_connected = 1'b1; \
`endif \
@@ -17,13 +17,13 @@
PRIM_HIER_.ERR_NAME_ == 0 [*10])
// macros for security countermeasures
-`define ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_ = 7) \
- `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_, err_o)
+`define ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_ = 0, MAX_CYCLES_ = 7) \
+ `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_, MAX_CYCLES_, err_o)
-`define ASSERT_PRIM_DOUBLE_LFSR_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_ = 7) \
- `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_, err_o)
+`define ASSERT_PRIM_DOUBLE_LFSR_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_ = 0, MAX_CYCLES_ = 7) \
+ `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_, MAX_CYCLES_, err_o)
-`define ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_ = 7) \
- `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, MAX_CYCLES_, unused_err_o)
+`define ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_ = 0, MAX_CYCLES_ = 7) \
+ `ASSERT_ERROR_TRIGGER_ALERT(NAME_, PRIM_HIER_, ALERT_, GATE_, MAX_CYCLES_, unused_err_o)
`endif // PRIM_ASSERT_SEC_CM_SVH
