Google Git
Sign in
opensecura/3p/lowrisc/opentitan/ace7b66e360af35fdd652c554e6e233f9672e104^!/.
commit
ace7b66e360af35fdd652c554e6e233f9672e104
[log]
author
Greg Chadwick <gac@lowrisc.org>
Mon Dec 06 10:55:20 2021 +0000
committer
Greg Chadwick <mail@gregchadwick.co.uk>
Tue Dec 07 17:50:01 2021 +0000
tree
5b5ceddc6bab8cc809965808e6e8d2f8a5432018
parent
8e0291b3a8ebbff41952057272e8119fe0aa78ec [diff]
[otbn, rtl] Asserts to conform with X usage guidance

The style guide recommends adding asserts where valid signals are used
to ensure actions they ultimately cause are only happening when the
valids are asserted.

Signed-off-by: Greg Chadwick <gac@lowrisc.org>

diff --git a/hw/ip/otbn/rtl/otbn.sv b/hw/ip/otbn/rtl/otbn.sv
index 2138bd6..84b43d4 100644
--- a/hw/ip/otbn/rtl/otbn.sv
+++ b/hw/ip/otbn/rtl/otbn.sv

@@ -1010,6 +1010,9 @@
   `ASSERT_KNOWN(EdnUrndOKnown_A, edn_urnd_o, clk_edn_i, !rst_edn_ni)
   `ASSERT_KNOWN(OtbnOtpKeyO_A, otbn_otp_key_o, clk_otp_i, !rst_otp_ni)
 
+  // Incoming key must be valid (other inputs go via prim modules that handle the X checks).
+  `ASSERT_KNOWN(KeyMgrKeyValid_A, keymgr_key_i.valid)
+
   // In locked state, the readable registers INSN_CNT, IMEM, and DMEM are expected to always read 0
   // when accessed from the bus. For INSN_CNT, we use "|=>" so that the assertion lines up with
   // "status.q" (a signal that isn't directly accessible here).

diff --git a/hw/ip/otbn/rtl/otbn_core.sv b/hw/ip/otbn/rtl/otbn_core.sv
index b9a1a84..655a41d 100644
--- a/hw/ip/otbn/rtl/otbn_core.sv
+++ b/hw/ip/otbn/rtl/otbn_core.sv

@@ -657,4 +657,9 @@
   // Keep the EDN requests active until they are acknowledged.
   `ASSERT(EdnRndReqStable_A, edn_rnd_req_o & ~edn_rnd_ack_i |=> edn_rnd_req_o)
   `ASSERT(EdnUrndReqStable_A, edn_urnd_req_o & ~edn_urnd_ack_i |=> edn_urnd_req_o)
+
+  `ASSERT(OnlyWriteLoadDataBaseWhenDMemValid_A,
+    rf_bignum_wr_en_ctrl & insn_dec_bignum.rf_wdata_sel == RfWdSelLsu |-> dmem_rvalid_i)
+  `ASSERT(OnlyWriteLoadDataBignumWhenDMemValid_A,
+    rf_base_wr_en_ctrl & insn_dec_base.rf_wdata_sel == RfWdSelLsu |-> dmem_rvalid_i)
 endmodule

diff --git a/hw/ip/otbn/rtl/otbn_instruction_fetch.sv b/hw/ip/otbn/rtl/otbn_instruction_fetch.sv
index 873c885..13f7c5a 100644
--- a/hw/ip/otbn/rtl/otbn_instruction_fetch.sv
+++ b/hw/ip/otbn/rtl/otbn_instruction_fetch.sv

@@ -142,4 +142,5 @@
   // We should always get prefetches correct, the check exists as an integrity check only
   `ASSERT(NoAddressMismatch,
           imem_rvalid_i && insn_fetch_req_valid_i |-> insn_fetch_req_addr_i == insn_prefetch_addr)
+  `ASSERT(FetchEnOnlyIfValidIMem, insn_fetch_en |-> imem_rvalid_i)
 endmodule