[sram_ctrl] Enable secure FIFO counters
Signed-off-by: Michael Schaffner <msf@opentitan.org>
diff --git a/hw/ip/sram_ctrl/data/sram_ctrl.hjson b/hw/ip/sram_ctrl/data/sram_ctrl.hjson
index 9061610..0ac6851 100644
--- a/hw/ip/sram_ctrl/data/sram_ctrl.hjson
+++ b/hw/ip/sram_ctrl/data/sram_ctrl.hjson
@@ -156,12 +156,15 @@
{ name: "KEY.LOCAL_ESC",
desc: "Scrambling key and nonce are reset to a fixed value upon local escalation due to bus integrity or counter errors, and bus transactions going to the memory will be blocked."
}
- { name: "CTR.REDUN",
+ { name: "INIT.CTR.REDUN",
desc: "The initialization counter is duplicated."
}
{ name: "SCRAMBLE.KEY.SIDELOAD",
desc: "The scrambling key is sideloaded from OTP and thus unreadable by SW."
}
+ { name: "TLUL_FIFO.CTR.REDUN",
+ desc: "The TL-UL response FIFO pointers are implemented with duplicate counters."
+ }
]
regwidth: "32",
diff --git a/hw/ip/sram_ctrl/data/sram_ctrl_sec_cm_testplan.hjson b/hw/ip/sram_ctrl/data/sram_ctrl_sec_cm_testplan.hjson
index 92ac701..8fd88ee 100644
--- a/hw/ip/sram_ctrl/data/sram_ctrl_sec_cm_testplan.hjson
+++ b/hw/ip/sram_ctrl/data/sram_ctrl_sec_cm_testplan.hjson
@@ -137,8 +137,8 @@
tests: ["{name}_sec_cm"]
}
{
- name: sec_cm_ctr_redun
- desc: '''Verify the countermeasure(s) CTR.REDUN.
+ name: sec_cm_init_ctr_redun
+ desc: '''Verify the countermeasure(s) INIT.CTR.REDUN.
Besides the stimulus and checks mentioned in `prim_count_check` and
`sec_cm_key_local_esc`, also have following checks:
@@ -158,5 +158,13 @@
milestone: V2S
tests: ["{name}_smoke"]
}
+ {
+ name: sec_cm_tlul_fifo_ctr_redun
+ desc: '''Verify the countermeasure(s) TLUL_FIFO.CTR.REDUN.
+ '''
+ milestone: V2S
+ tests: ["{name}_sec_cm"]
+ }
+
]
}
diff --git a/hw/ip/sram_ctrl/rtl/sram_ctrl.sv b/hw/ip/sram_ctrl/rtl/sram_ctrl.sv
index 5466238..0ec14ed 100644
--- a/hw/ip/sram_ctrl/rtl/sram_ctrl.sv
+++ b/hw/ip/sram_ctrl/rtl/sram_ctrl.sv
@@ -227,7 +227,7 @@
// We employ two redundant counters to guard against FI attacks.
// If any of the two is glitched and the two counter states do not agree,
// we trigger an alert.
- // SEC_CM: CTR.REDUN
+ // SEC_CM: INIT.CTR.REDUN
prim_count #(
.Width(AddrWidth),
.OutSelDnCnt(0), // count up
@@ -424,7 +424,8 @@
.CmdIntgCheck(1),
.EnableRspIntgGen(1),
.EnableDataIntgGen(0),
- .EnableDataIntgPt(1) // SEC_CM: MEM.INTEGRITY
+ .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
+ .SecFifoPtr (1) // SEC_CM: TLUL_FIFO.CTR.REDUN
) u_tlul_adapter_sram (
.clk_i,
.rst_ni,
@@ -499,6 +500,16 @@
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ERR(LcGateFsmCheck_A,
u_tlul_lc_gate.u_state_regs, alert_tx_o[0])
- // Alert assertions for reg_we onehot check
- `ASSERT_PRIM_REG_WE_ONEHOT_ERROR_TRIGGER_ALERT(RegWeOnehotCheck_A, u_reg_regs, alert_tx_o[0])
+ // Alert assertions for reg_we onehot check.
+ `ASSERT_PRIM_REG_WE_ONEHOT_ERROR_TRIGGER_ALERT(RegWeOnehotCheck_A,
+ u_reg_regs, alert_tx_o[0])
+
+ // Alert assertions for redundant counters.
+ `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(FifoWptrCheck_A,
+ u_tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr,
+ alert_tx_o[0])
+ `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(FifoRptrCheck_A,
+ u_tlul_adapter_sram.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr,
+ alert_tx_o[0])
+
endmodule : sram_ctrl
