[rv_dm] Enumerate all countermeasure IDs and annotate RTL
Signed-off-by: Michael Schaffner <msf@opentitan.org>
diff --git a/hw/ip/rv_dm/data/rv_dm.hjson b/hw/ip/rv_dm/data/rv_dm.hjson
index e7c3fea..03d7b1b 100644
--- a/hw/ip/rv_dm/data/rv_dm.hjson
+++ b/hw/ip/rv_dm/data/rv_dm.hjson
@@ -77,6 +77,20 @@
{ name: "BUS.INTEGRITY",
desc: "End-to-end bus integrity scheme."
}
+ { name: "LC_HW_DEBUG_EN.INTERSIG.MUBI",
+ desc: "The life cycle hardware debug enable signal is multibit encoded."
+ }
+ { name: "DM_EN.CTRL.LC_GATED",
+ desc: '''
+ The debug module is enabled with the LC_HW_DEBUG_EN signal.
+ This enablement is implemented by gating / enabling critical
+ blocks with separately buffered copies of the life cycle signal.
+ This comprises the debug module interface (DMI) attached to the TAP,
+ the reset request line, the system bus access module (SBA), the debug
+ request output, the TL-UL adapter for the debug ROM, and the ifetch indicator
+ being fed into the TL-UL adapter for the debug ROM.
+ '''
+ }
]
regwidth: "32",
registers: {
diff --git a/hw/ip/rv_dm/data/rv_dm_sec_cm_testplan.hjson b/hw/ip/rv_dm/data/rv_dm_sec_cm_testplan.hjson
index f701bf2..2337fdb 100644
--- a/hw/ip/rv_dm/data/rv_dm_sec_cm_testplan.hjson
+++ b/hw/ip/rv_dm/data/rv_dm_sec_cm_testplan.hjson
@@ -29,5 +29,17 @@
milestone: V2S
tests: []
}
+ {
+ name: sec_cm_lc_hw_debug_en_intersig_mubi
+ desc: "Verify the countermeasure(s) LC_HW_DEBUG_EN.INTERSIG.MUBI."
+ milestone: V2S
+ tests: []
+ }
+ {
+ name: sec_cm_dm_en_ctrl_lc_gated
+ desc: "Verify the countermeasure(s) DM_EN.CTRL.LC_GATED."
+ milestone: V2S
+ tests: []
+ }
]
}
diff --git a/hw/ip/rv_dm/rtl/rv_dm.sv b/hw/ip/rv_dm/rtl/rv_dm.sv
index c13510d..64d31f7 100644
--- a/hw/ip/rv_dm/rtl/rv_dm.sv
+++ b/hw/ip/rv_dm/rtl/rv_dm.sv
@@ -21,6 +21,7 @@
input logic clk_i, // clock
input logic rst_ni, // asynchronous reset active low, connect PoR
// here, not the system reset
+ // SEC_CM: LC_HW_DEBUG_EN.INTERSIG.MUBI
input lc_ctrl_pkg::lc_tx_t lc_hw_debug_en_i, // Debug module lifecycle enable/disable
input prim_mubi_pkg::mubi4_t scanmode_i,
input scan_rst_ni,
@@ -194,10 +195,12 @@
logic reset_req_en;
logic ndmreset_req;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign reset_req_en = (lc_hw_debug_en[EnResetReq] == lc_ctrl_pkg::On);
assign ndmreset_req_o = ndmreset_req & reset_req_en;
logic dmi_en;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign dmi_en = (lc_hw_debug_en[EnDmiReq] == lc_ctrl_pkg::On);
dm_csrs #(
@@ -295,6 +298,7 @@
logic sba_en;
tlul_pkg::tl_h2d_t sba_tl_h_o_int;
tlul_pkg::tl_d2h_t sba_tl_h_i_int;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign sba_en = (lc_hw_debug_en[EnSba] == lc_ctrl_pkg::On);
always_comb begin
@@ -354,6 +358,7 @@
logic debug_req_en;
logic debug_req;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign debug_req_en = (lc_hw_debug_en[EnDebugReq] == lc_ctrl_pkg::On);
assign debug_req_o = debug_req & debug_req_en;
@@ -446,11 +451,13 @@
`endif
prim_mubi_pkg::mubi4_t en_ifetch;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign en_ifetch = (lc_hw_debug_en[EnFetch] == lc_ctrl_pkg::On) ?
prim_mubi_pkg::MuBi4True :
prim_mubi_pkg::MuBi4False;
logic rom_en;
+ // SEC_CM: DM_EN.CTRL.LC_GATED
assign rom_en = (lc_hw_debug_en[EnRom] == lc_ctrl_pkg::On);
tlul_adapter_sram #(
