Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / f28246b7ba7ba50508d724ca781eb184da51c5d0 / . / hw / ip / flash_ctrl / data / flash_ctrl.sv.tpl
blob: c12dc4852905b32fa70a7c44a53b4fb6c6dfa7ec [file] [log] [blame]
// Copyright lowRISC contributors.
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
//
// Flash Controller Module
//
//
`include "prim_assert.sv"
module flash_ctrl
import flash_ctrl_pkg::*; import flash_ctrl_reg_pkg::*;
#(
parameter logic [NumAlerts-1:0] AlertAsyncOn = {NumAlerts{1'b1}},
parameter flash_key_t RndCnstAddrKey = RndCnstAddrKeyDefault,
parameter flash_key_t RndCnstDataKey = RndCnstDataKeyDefault,
parameter all_seeds_t RndCnstAllSeeds = RndCnstAllSeedsDefault,
parameter lfsr_seed_t RndCnstLfsrSeed = RndCnstLfsrSeedDefault,
parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault,
parameter int ProgFifoDepth = MaxFifoDepth,
parameter int RdFifoDepth = MaxFifoDepth,
parameter bit SecScrambleEn = 1'b1
) (
input clk_i,
input rst_ni,
input rst_shadowed_ni,
input clk_otp_i,
input rst_otp_ni,
// life cycle interface
// SEC_CM: LC_CTRL.INTERSIG.MUBI
input lc_ctrl_pkg::lc_tx_t lc_creator_seed_sw_rw_en_i,
input lc_ctrl_pkg::lc_tx_t lc_owner_seed_sw_rw_en_i,
input lc_ctrl_pkg::lc_tx_t lc_iso_part_sw_rd_en_i,
input lc_ctrl_pkg::lc_tx_t lc_iso_part_sw_wr_en_i,
input lc_ctrl_pkg::lc_tx_t lc_seed_hw_rd_en_i,
input lc_ctrl_pkg::lc_tx_t lc_escalate_en_i,
input lc_ctrl_pkg::lc_tx_t lc_nvm_debug_en_i,
// Bus Interface
input tlul_pkg::tl_h2d_t core_tl_i,
output tlul_pkg::tl_d2h_t core_tl_o,
input tlul_pkg::tl_h2d_t prim_tl_i,
output tlul_pkg::tl_d2h_t prim_tl_o,
input tlul_pkg::tl_h2d_t mem_tl_i,
output tlul_pkg::tl_d2h_t mem_tl_o,
// otp/lc/pwrmgr/keymgr Interface
// SEC_CM: SCRAMBLE.KEY.SIDELOAD
output otp_ctrl_pkg::flash_otp_key_req_t otp_o,
input otp_ctrl_pkg::flash_otp_key_rsp_t otp_i,
input lc_ctrl_pkg::lc_tx_t rma_req_i,
input lc_ctrl_pkg::lc_flash_rma_seed_t rma_seed_i,
output lc_ctrl_pkg::lc_tx_t rma_ack_o,
output pwrmgr_pkg::pwr_flash_t pwrmgr_o,
output keymgr_flash_t keymgr_o,
// IOs
input cio_tck_i,
input cio_tms_i,
input cio_tdi_i,
output logic cio_tdo_en_o,
output logic cio_tdo_o,
// Interrupts
output logic intr_corr_err_o, // Correctable errors encountered
output logic intr_prog_empty_o, // Program fifo is empty
output logic intr_prog_lvl_o, // Program fifo is empty
output logic intr_rd_full_o, // Read fifo is full
output logic intr_rd_lvl_o, // Read fifo is full
output logic intr_op_done_o, // Requested flash operation (wr/erase) done
// Alerts
input prim_alert_pkg::alert_rx_t [flash_ctrl_reg_pkg::NumAlerts-1:0] alert_rx_i,
output prim_alert_pkg::alert_tx_t [flash_ctrl_reg_pkg::NumAlerts-1:0] alert_tx_o,
// Observability
input ast_pkg::ast_obs_ctrl_t obs_ctrl_i,
output logic [7:0] fla_obs_o,
// Flash test interface
input scan_en_i,
input prim_mubi_pkg::mubi4_t scanmode_i,
input scan_rst_ni,
input prim_mubi_pkg::mubi4_t flash_bist_enable_i,
input flash_power_down_h_i,
input flash_power_ready_h_i,
inout [1:0] flash_test_mode_a_io,
inout flash_test_voltage_h_io
);
//////////////////////////////////////////////////////////
// Double check supplied param is not bigger than allowed
//////////////////////////////////////////////////////////
`ASSERT_INIT(FifoDepthCheck_A, (ProgFifoDepth <= MaxFifoDepth) &
(RdFifoDepth <= MaxFifoDepth))
import flash_ctrl_reg_pkg::*;
import prim_mubi_pkg::mubi4_t;
flash_ctrl_core_reg2hw_t reg2hw;
flash_ctrl_core_hw2reg_t hw2reg;
tlul_pkg::tl_h2d_t tl_win_h2d [2];
tlul_pkg::tl_d2h_t tl_win_d2h [2];
// Register module
logic storage_err;
logic update_err;
logic intg_err;
logic eflash_cmd_intg_err;
logic tl_gate_intg_err;
logic tl_prog_gate_intg_err;
// SEC_CM: REG.BUS.INTEGRITY
// SEC_CM: CTRL.CONFIG.REGWEN
// SEC_CM: DATA_REGIONS.CONFIG.REGWEN, DATA_REGIONS.CONFIG.SHADOW
// SEC_CM: INFO_REGIONS.CONFIG.REGWEN, INFO_REGIONS.CONFIG.SHADOW
// SEC_CM: BANK.CONFIG.REGWEN, BANK.CONFIG.SHADOW
flash_ctrl_core_reg_top u_reg_core (
.clk_i,
.rst_ni,
.rst_shadowed_ni,
.tl_i(core_tl_i),
.tl_o(core_tl_o),
.tl_win_o (tl_win_h2d),
.tl_win_i (tl_win_d2h),
.reg2hw,
.hw2reg,
.shadowed_storage_err_o (storage_err),
.shadowed_update_err_o (update_err),
.intg_err_o (intg_err),
.devmode_i (1'b1)
);
bank_cfg_t [NumBanks-1:0] bank_cfgs;
mp_region_cfg_t [MpRegions:0] region_cfgs;
info_page_cfg_t [NumBanks-1:0][InfoTypes-1:0][InfosPerBank-1:0] info_page_cfgs;
flash_ctrl_region_cfg u_region_cfg (
.clk_i,
.rst_ni,
.lc_creator_seed_sw_rw_en_i,
.lc_owner_seed_sw_rw_en_i,
.lc_iso_part_sw_wr_en_i,
.lc_iso_part_sw_rd_en_i,
.bank_cfg_i(reg2hw.mp_bank_cfg_shadowed),
.region_i(reg2hw.mp_region),
.region_cfg_i(reg2hw.mp_region_cfg),
.default_cfg_i(reg2hw.default_region),
% for bank in range(cfg.banks):
% for idx in range(cfg.info_types):
.bank${bank}_info${idx}_cfg_i(reg2hw.bank${bank}_info${idx}_page_cfg),
% endfor
% endfor
.bank_cfg_o(bank_cfgs),
.region_cfgs_o(region_cfgs),
.info_page_cfgs_o(info_page_cfgs)
);
// FIFO Connections
localparam int ProgDepthW = prim_util_pkg::vbits(ProgFifoDepth+1);
localparam int RdDepthW = prim_util_pkg::vbits(RdFifoDepth+1);
logic prog_fifo_wvalid;
logic prog_fifo_wready;
logic prog_fifo_rvalid;
logic prog_fifo_ren;
logic [BusFullWidth-1:0] prog_fifo_wdata;
logic [BusFullWidth-1:0] prog_fifo_rdata;
logic [ProgDepthW-1:0] prog_fifo_depth;
// Program Control Connections
logic prog_flash_req;
logic prog_flash_ovfl;
logic [BusAddrW-1:0] prog_flash_addr;
logic prog_op_valid;
// Read Control Connections
logic rd_flash_req;
logic rd_flash_ovfl;
logic [BusAddrW-1:0] rd_flash_addr;
logic rd_op_valid;
logic rd_ctrl_wen;
logic [BusFullWidth-1:0] rd_ctrl_wdata;
// Erase Control Connections
logic erase_flash_req;
logic [BusAddrW-1:0] erase_flash_addr;
flash_erase_e erase_flash_type;
logic erase_op_valid;
// Done / Error signaling from ctrl modules
logic prog_done, rd_done, erase_done;
flash_ctrl_err_t prog_err, rd_err, erase_err;
logic [BusAddrW-1:0] prog_err_addr, rd_err_addr, erase_err_addr;
// Flash Memory Properties Connections
logic [BusAddrW-1:0] flash_addr;
logic flash_req;
logic flash_rd_done, flash_prog_done, flash_erase_done;
logic flash_mp_err;
logic [BusFullWidth-1:0] flash_prog_data;
logic flash_prog_last;
flash_prog_e flash_prog_type;
logic [BusFullWidth-1:0] flash_rd_data;
logic flash_rd_err;
logic flash_phy_busy;
logic rd_op;
logic prog_op;
logic erase_op;
flash_lcmgr_phase_e phase;
// Flash control arbitration connections to hardware interface
flash_key_t addr_key;
flash_key_t rand_addr_key;
flash_key_t data_key;
flash_key_t rand_data_key;
flash_ctrl_reg2hw_control_reg_t hw_ctrl;
logic hw_req;
logic [BusAddrByteW-1:0] hw_addr;
logic hw_done;
flash_ctrl_err_t hw_err;
logic hw_wvalid;
logic [BusFullWidth-1:0] hw_wdata;
logic hw_wready;
flash_sel_e if_sel;
logic sw_sel;
flash_lcmgr_phase_e hw_phase;
logic lcmgr_err;
logic lcmgr_intg_err;
logic arb_fsm_err;
logic seed_err;
// Flash lcmgr interface to direct read fifo
logic lcmgr_rready;
// Flash control arbitration connections to software interface
logic sw_ctrl_done;
flash_ctrl_err_t sw_ctrl_err;
// Flash control muxed connections
flash_ctrl_reg2hw_control_reg_t muxed_ctrl;
logic [BusAddrByteW-1:0] muxed_addr;
logic op_start;
logic [11:0] op_num_words;
logic [BusAddrW-1:0] op_addr;
logic [BusAddrW-1:0] ctrl_err_addr;
flash_op_e op_type;
flash_part_e op_part;
logic [InfoTypesWidth-1:0] op_info_sel;
flash_erase_e op_erase_type;
flash_prog_e op_prog_type;
logic ctrl_init_busy;
logic ctrl_initialized;
logic fifo_clr;
// sw read fifo interface
logic sw_rfifo_wen;
logic sw_rfifo_wready;
logic [BusFullWidth-1:0] sw_rfifo_wdata;
logic sw_rfifo_full;
logic [RdDepthW-1:0] sw_rfifo_depth;
logic sw_rfifo_rvalid;
logic sw_rfifo_rready;
logic [BusFullWidth-1:0] sw_rfifo_rdata;
// software tlul interface to read fifo
logic adapter_req;
logic adapter_rvalid;
logic adapter_fifo_err;
// software tlul interface to prog fifo
logic sw_wvalid;
logic [BusFullWidth-1:0] sw_wdata;
logic sw_wready;
// lfsr for local entropy usage
logic [31:0] rand_val;
logic lfsr_en;
logic lfsr_seed_en;
// interface to flash phy
flash_rsp_t flash_phy_rsp;
flash_req_t flash_phy_req;
// import commonly used routines
import lc_ctrl_pkg::lc_tx_test_true_strict;
// life cycle connections
lc_ctrl_pkg::lc_tx_t lc_seed_hw_rd_en;
lc_ctrl_pkg::lc_tx_t dis_access;
prim_lc_sync #(
.NumCopies(1)
) u_lc_seed_hw_rd_en_sync (
.clk_i,
.rst_ni,
.lc_en_i(lc_seed_hw_rd_en_i),
.lc_en_o({lc_seed_hw_rd_en})
);
prim_lfsr #(
.EntropyDw(EdnWidth),
.LfsrDw(LfsrWidth),
.StateOutDw(LfsrWidth),
.DefaultSeed(RndCnstLfsrSeed),
.StatePermEn(1),
.StatePerm(RndCnstLfsrPerm)
) u_lfsr (
.clk_i,
.rst_ni,
.seed_en_i(lfsr_seed_en),
.seed_i(rma_seed_i),
.lfsr_en_i(lfsr_en),
.entropy_i('0),
.state_o(rand_val)
);
// flash disable declaration
mubi4_t [FlashDisableLast-1:0] flash_disable;
// flash control arbitration between software and hardware interfaces
flash_ctrl_arb u_ctrl_arb (
.clk_i,
.rst_ni,
// combined disable
.disable_i(flash_disable[ArbFsmDisableIdx]),
// error output shared by both interfaces
.ctrl_err_addr_o(ctrl_err_addr),
// software interface to rd_ctrl / erase_ctrl
.sw_ctrl_i(reg2hw.control),
.sw_addr_i(reg2hw.addr.q),
.sw_ack_o(sw_ctrl_done),
.sw_err_o(sw_ctrl_err),
// software interface to prog_fifo
// if prog operation not selected, software interface
// writes have no meaning
.sw_wvalid_i(sw_wvalid & prog_op_valid),
.sw_wdata_i(sw_wdata),
.sw_wready_o(sw_wready),
// hardware interface to rd_ctrl / erase_ctrl
.hw_req_i(hw_req),
.hw_ctrl_i(hw_ctrl),
// hardware interface indicating operation phase
.hw_phase_i(hw_phase),
// hardware works on word address, however software expects byte address
.hw_addr_i(hw_addr),
.hw_ack_o(hw_done),
.hw_err_o(hw_err),
// hardware interface to rd_fifo
.hw_wvalid_i(hw_wvalid),
.hw_wdata_i(hw_wdata),
.hw_wready_o(hw_wready),
// hardware interface does not talk to prog_fifo
// muxed interface to rd_ctrl / erase_ctrl
.muxed_ctrl_o(muxed_ctrl),
.muxed_addr_o(muxed_addr),
.prog_ack_i(prog_done),
.prog_err_i(prog_err),
.prog_err_addr_i(prog_err_addr),
.rd_ack_i(rd_done),
.rd_err_i(rd_err),
.rd_err_addr_i(rd_err_addr),
.erase_ack_i(erase_done),
.erase_err_i(erase_err),
.erase_err_addr_i(erase_err_addr),
// muxed interface to prog_fifo
.prog_fifo_wvalid_o(prog_fifo_wvalid),
.prog_fifo_wdata_o(prog_fifo_wdata),
.prog_fifo_wready_i(prog_fifo_wready),
// flash phy initilization ongoing
.flash_phy_busy_i(flash_phy_busy),
// clear fifos
.fifo_clr_o(fifo_clr),
// phase indication
.phase_o(phase),
// indication that sw has been selected
.sel_o(if_sel),
.fsm_err_o(arb_fsm_err)
);
assign op_start = muxed_ctrl.start.q;
assign op_num_words = muxed_ctrl.num.q;
assign op_erase_type = flash_erase_e'(muxed_ctrl.erase_sel.q);
assign op_prog_type = flash_prog_e'(muxed_ctrl.prog_sel.q);
assign op_addr = muxed_addr[BusByteWidth +: BusAddrW];
assign op_type = flash_op_e'(muxed_ctrl.op.q);
assign op_part = flash_part_e'(muxed_ctrl.partition_sel.q);
assign op_info_sel = muxed_ctrl.info_sel.q;
assign rd_op = op_type == FlashOpRead;
assign prog_op = op_type == FlashOpProgram;
assign erase_op = op_type == FlashOpErase;
assign sw_sel = if_sel == SwSel;
// hardware interface
flash_ctrl_lcmgr #(
.RndCnstAddrKey(RndCnstAddrKey),
.RndCnstDataKey(RndCnstDataKey),
.RndCnstAllSeeds(RndCnstAllSeeds)
) u_flash_hw_if (
.clk_i,
.rst_ni,
.clk_otp_i,
.rst_otp_ni,
.init_i(reg2hw.init),
.provision_en_i(lc_tx_test_true_strict(lc_seed_hw_rd_en)),
// combined disable
.disable_i(flash_disable[LcMgrDisableIdx]),
// interface to ctrl arb control ports
.ctrl_o(hw_ctrl),
.req_o(hw_req),
.addr_o(hw_addr),
.done_i(hw_done),
.err_i(hw_err),
// interface to ctrl_arb data ports
.wready_i(hw_wready),
.wvalid_o(hw_wvalid),
.wdata_o(hw_wdata),
// interface to hw interface read fifo
.rready_o(lcmgr_rready),
.rvalid_i(~sw_sel & rd_ctrl_wen),
.rdata_i(rd_ctrl_wdata),
// external rma request
.rma_req_i,
.rma_ack_o,
// outgoing seeds
.seeds_o(keymgr_o.seeds),
.seed_err_o(seed_err),
// phase indication
.phase_o(hw_phase),
// phy read buffer enable
.rd_buf_en_o(flash_phy_req.rd_buf_en),
// connection to otp
.otp_key_req_o(otp_o),
.otp_key_rsp_i(otp_i),
.addr_key_o(addr_key),
.data_key_o(data_key),
.rand_addr_key_o(rand_addr_key),
.rand_data_key_o(rand_data_key),
// entropy interface
.edn_req_o(lfsr_seed_en),
.edn_ack_i(1'b1),
.lfsr_en_o(lfsr_en),
.rand_i(rand_val),
// error indication
.fatal_err_o(lcmgr_err),
.intg_err_o(lcmgr_intg_err),
// disable access to flash storage after rma process
.dis_access_o(dis_access),
// init ongoing
.init_busy_o(ctrl_init_busy),
.initialized_o(ctrl_initialized),
.debug_state_o(hw2reg.debug_state.d)
);
// Program FIFO
// Since the program and read FIFOs are never used at the same time, it should really be one
// FIFO with muxed inputs and outputs. This should be addressed once the flash integration
// strategy has been identified
assign prog_op_valid = op_start & prog_op;
tlul_pkg::tl_h2d_t prog_tl_h2d;
tlul_pkg::tl_d2h_t prog_tl_d2h;
// the program path also needs an lc gate to error back when flash is disabled.
// This is because tlul_adapter_sram does not actually have a way of signaling
// write errors, only read errors.
// SEC_CM: PROG_TL_LC_GATE.FSM.SPARSE
tlul_lc_gate u_prog_tl_gate (
.clk_i,
.rst_ni,
.tl_h2d_i(tl_win_h2d[0]),
.tl_d2h_o(tl_win_d2h[0]),
.tl_h2d_o(prog_tl_h2d),
.tl_d2h_i(prog_tl_d2h),
.flush_req_i('0),
.flush_ack_o(),
.resp_pending_o(),
.lc_en_i(lc_ctrl_pkg::mubi4_to_lc_inv(flash_disable[ProgFifoIdx])),
.err_o(tl_prog_gate_intg_err)
);
tlul_adapter_sram #(
.SramAw(1), //address unused
.SramDw(BusWidth),
.ByteAccess(0), //flash may not support byte access
.ErrOnRead(1), //reads not supported
.EnableDataIntgPt(1) //passthrough data integrity
) u_to_prog_fifo (
.clk_i,
.rst_ni,
.tl_i (prog_tl_h2d),
.tl_o (prog_tl_d2h),
.en_ifetch_i (prim_mubi_pkg::MuBi4False),
.req_o (sw_wvalid),
.req_type_o (),
.gnt_i (sw_wready),
.we_o (),
.addr_o (),
.wmask_o (),
.intg_error_o(),
.wdata_o (sw_wdata),
.rdata_i ('0),
.rvalid_i (1'b0),
.rerror_i (2'b0)
);
prim_fifo_sync #(
.Width(BusFullWidth),
.Depth(ProgFifoDepth)
) u_prog_fifo (
.clk_i,
.rst_ni,
.clr_i (reg2hw.fifo_rst.q | fifo_clr | sw_ctrl_done),
.wvalid_i(prog_fifo_wvalid),
.wready_o(prog_fifo_wready),
.wdata_i (prog_fifo_wdata),
.depth_o (prog_fifo_depth),
.full_o (),
.rvalid_o(prog_fifo_rvalid),
.rready_i(prog_fifo_ren),
.rdata_o (prog_fifo_rdata),
.err_o ()
);
assign hw2reg.curr_fifo_lvl.prog.d = MaxFifoWidth'(prog_fifo_depth);
// Program handler is consumer of prog_fifo
logic [1:0] prog_type_en;
assign prog_type_en[FlashProgNormal] = flash_phy_rsp.prog_type_avail[FlashProgNormal] &
reg2hw.prog_type_en.normal.q;
assign prog_type_en[FlashProgRepair] = flash_phy_rsp.prog_type_avail[FlashProgRepair] &
reg2hw.prog_type_en.repair.q;
logic prog_cnt_err;
flash_ctrl_prog u_flash_ctrl_prog (
.clk_i,
.rst_ni,
// Control interface
.op_start_i (prog_op_valid),
.op_num_words_i (op_num_words),
.op_done_o (prog_done),
.op_err_o (prog_err),
.op_addr_i (op_addr),
.op_addr_oob_i ('0),
.op_type_i (op_prog_type),
.type_avail_i (prog_type_en),
.op_err_addr_o (prog_err_addr),
.cnt_err_o (prog_cnt_err),
// FIFO Interface
.data_i (prog_fifo_rdata),
.data_rdy_i (prog_fifo_rvalid),
.data_rd_o (prog_fifo_ren),
// Flash Macro Interface
.flash_req_o (prog_flash_req),
.flash_addr_o (prog_flash_addr),
.flash_ovfl_o (prog_flash_ovfl),
.flash_data_o (flash_prog_data),
.flash_last_o (flash_prog_last),
.flash_type_o (flash_prog_type),
.flash_done_i (flash_prog_done),
.flash_prog_intg_err_i (flash_phy_rsp.prog_intg_err),
.flash_mp_err_i (flash_mp_err)
);
// a read request is seen from software but a read operation is not enabled
// AND there are no pending entries to read from the fifo.
// This indicates software has issued a read when it should not have.
logic rd_no_op_d, rd_no_op_q;
logic sw_rd_op;
assign sw_rd_op = reg2hw.control.start.q & (reg2hw.control.op.q == FlashOpRead);
// If software ever attempts to read when the FIFO is empty AND if it has never
// initiated a transaction, OR when flash is disabled, then it is a read that
// can never complete, error back immediately.
assign rd_no_op_d = adapter_req & ((~sw_rd_op & ~sw_rfifo_rvalid) |
(prim_mubi_pkg::mubi4_test_true_loose(flash_disable[RdFifoIdx])));
always_ff @(posedge clk_i or negedge rst_ni) begin
if (!rst_ni) begin
adapter_rvalid <= 1'b0;
rd_no_op_q <= 1'b0;
end else begin
adapter_rvalid <= adapter_req & sw_rfifo_rvalid;
rd_no_op_q <= rd_no_op_d;
end
end
// tlul adapter represents software's access interface to flash
tlul_adapter_sram #(
.SramAw(1), //address unused
.SramDw(BusWidth),
.ByteAccess(0), //flash may not support byte access
.ErrOnWrite(1), //writes not supported
.EnableDataIntgPt(1),
.SecFifoPtr(1) // SEC_CM: FIFO.CTR.REDUN
) u_to_rd_fifo (
.clk_i,
.rst_ni,
.tl_i (tl_win_h2d[1]),
.tl_o (tl_win_d2h[1]),
.en_ifetch_i (prim_mubi_pkg::MuBi4False),
.req_o (adapter_req),
.req_type_o (),
// if there is no valid read operation, don't hang the
// bus, just let things normally return
.gnt_i (sw_rfifo_rvalid | rd_no_op_d),
.we_o (),
.addr_o (),
.wmask_o (),
.wdata_o (),
.intg_error_o(adapter_fifo_err),
.rdata_i (sw_rfifo_rdata),
.rvalid_i (adapter_rvalid | rd_no_op_q),
.rerror_i ({rd_no_op_q, 1'b0})
);
assign sw_rfifo_wen = sw_sel & rd_ctrl_wen;
assign sw_rfifo_wdata = rd_ctrl_wdata;
assign sw_rfifo_rready = adapter_rvalid;
// the read fifo below is dedicated to the software read path.
prim_fifo_sync #(
.Width(BusFullWidth),
.Depth(RdFifoDepth)
) u_sw_rd_fifo (
.clk_i,
.rst_ni,
.clr_i (reg2hw.fifo_rst.q),
.wvalid_i(sw_rfifo_wen),
.wready_o(sw_rfifo_wready),
.wdata_i (sw_rfifo_wdata),
.full_o (sw_rfifo_full),
.depth_o (sw_rfifo_depth),
.rvalid_o(sw_rfifo_rvalid),
.rready_i(sw_rfifo_rready),
.rdata_o (sw_rfifo_rdata),
.err_o ()
);
assign hw2reg.curr_fifo_lvl.rd.d = sw_rfifo_depth;
logic rd_cnt_err;
// Read handler is consumer of rd_fifo
assign rd_op_valid = op_start & rd_op;
flash_ctrl_rd u_flash_ctrl_rd (
.clk_i,
.rst_ni,
// To arbiter Interface
.op_start_i (rd_op_valid),
.op_num_words_i (op_num_words),
.op_done_o (rd_done),
.op_err_o (rd_err),
.op_err_addr_o (rd_err_addr),
.op_addr_i (op_addr),
.op_addr_oob_i ('0),
.cnt_err_o (rd_cnt_err),
// FIFO Interface
.data_rdy_i (sw_sel ? sw_rfifo_wready : lcmgr_rready),
.data_o (rd_ctrl_wdata),
.data_wr_o (rd_ctrl_wen),
// Flash Macro Interface
.flash_req_o (rd_flash_req),
.flash_addr_o (rd_flash_addr),
.flash_ovfl_o (rd_flash_ovfl),
.flash_data_i (flash_rd_data),
.flash_done_i (flash_rd_done),
.flash_mp_err_i (flash_mp_err),
.flash_rd_err_i (flash_rd_err)
);
// Erase handler does not consume fifo
assign erase_op_valid = op_start & erase_op;
flash_ctrl_erase u_flash_ctrl_erase (
// Software Interface
.op_start_i (erase_op_valid),
.op_type_i (op_erase_type),
.op_done_o (erase_done),
.op_err_o (erase_err),
.op_addr_i (op_addr),
.op_addr_oob_i ('0),
.op_err_addr_o (erase_err_addr),
// Flash Macro Interface
.flash_req_o (erase_flash_req),
.flash_addr_o (erase_flash_addr),
.flash_op_o (erase_flash_type),
.flash_done_i (flash_erase_done),
.flash_mp_err_i (flash_mp_err)
);
// Final muxing to flash macro module
always_comb begin
unique case (op_type)
FlashOpRead: begin
flash_req = rd_flash_req;
flash_addr = rd_flash_addr;
end
FlashOpProgram: begin
flash_req = prog_flash_req;
flash_addr = prog_flash_addr;
end
FlashOpErase: begin
flash_req = erase_flash_req;
flash_addr = erase_flash_addr;
end
default: begin
flash_req = 1'b0;
flash_addr = '0;
end
endcase // unique case (op_type)
end
//////////////////////////////////////
// Info partition properties configuration
//////////////////////////////////////
//////////////////////////////////////
// flash memory properties
//////////////////////////////////////
// direct assignment since prog/rd/erase_ctrl do not make use of op_part
flash_part_e flash_part_sel;
logic [InfoTypesWidth-1:0] flash_info_sel;
assign flash_part_sel = op_part;
assign flash_info_sel = op_info_sel;
// tie off hardware clear path
assign hw2reg.erase_suspend.d = 1'b0;
// Flash memory Properties
// Memory property is page based and thus should use phy addressing
// This should move to flash_phy long term
flash_mp u_flash_mp (
.clk_i,
.rst_ni,
// disable flash through memory protection
.flash_disable_i(flash_disable[MpDisableIdx]),
// hw info configuration overrides
.hw_info_scramble_dis_i(mubi4_t'(reg2hw.hw_info_cfg_override.scramble_dis.q)),
.hw_info_ecc_dis_i(mubi4_t'(reg2hw.hw_info_cfg_override.ecc_dis.q)),
// arbiter interface selection
.if_sel_i(if_sel),
// sw configuration for data partition
.region_cfgs_i(region_cfgs),
.bank_cfgs_i(bank_cfgs),
// sw configuration for info partition
.info_page_cfgs_i(info_page_cfgs),
// read / prog / erase controls
.req_i(flash_req),
.phase_i(phase),
.req_addr_i(flash_addr[BusAddrW-1 -: AllPagesW]),
.req_part_i(flash_part_sel),
.info_sel_i(flash_info_sel),
.addr_ovfl_i(rd_flash_ovfl | prog_flash_ovfl),
.rd_i(rd_op),
.prog_i(prog_op),
.pg_erase_i(erase_op & (erase_flash_type == FlashErasePage)),
.bk_erase_i(erase_op & (erase_flash_type == FlashEraseBank)),
.erase_suspend_i(reg2hw.erase_suspend),
.erase_suspend_done_o(hw2reg.erase_suspend.de),
.rd_done_o(flash_rd_done),
.prog_done_o(flash_prog_done),
.erase_done_o(flash_erase_done),
.error_o(flash_mp_err),
// flash phy interface
.req_o(flash_phy_req.req),
.scramble_en_o(flash_phy_req.scramble_en),
.ecc_en_o(flash_phy_req.ecc_en),
.he_en_o(flash_phy_req.he_en),
.rd_o(flash_phy_req.rd),
.prog_o(flash_phy_req.prog),
.pg_erase_o(flash_phy_req.pg_erase),
.bk_erase_o(flash_phy_req.bk_erase),
.erase_suspend_o(flash_phy_req.erase_suspend),
.rd_done_i(flash_phy_rsp.rd_done),
.prog_done_i(flash_phy_rsp.prog_done),
.erase_done_i(flash_phy_rsp.erase_done)
);
// software interface feedback
// most values (other than flash_phy_busy) should only update when software operations
// are actually selected
assign hw2reg.op_status.done.d = 1'b1;
assign hw2reg.op_status.done.de = sw_ctrl_done;
assign hw2reg.op_status.err.d = 1'b1;
assign hw2reg.op_status.err.de = |sw_ctrl_err;
assign hw2reg.status.rd_full.d = sw_rfifo_full;
assign hw2reg.status.rd_full.de = sw_sel;
assign hw2reg.status.rd_empty.d = ~sw_rfifo_rvalid;
assign hw2reg.status.rd_empty.de = sw_sel;
assign hw2reg.status.prog_full.d = ~prog_fifo_wready;
assign hw2reg.status.prog_full.de = sw_sel;
assign hw2reg.status.prog_empty.d = ~prog_fifo_rvalid;
assign hw2reg.status.prog_empty.de = sw_sel;
assign hw2reg.status.init_wip.d = flash_phy_busy | ctrl_init_busy;
assign hw2reg.status.init_wip.de = 1'b1;
assign hw2reg.status.initialized.d = ctrl_initialized & ~flash_phy_busy;
assign hw2reg.status.initialized.de = 1'b1;
assign hw2reg.control.start.d = 1'b0;
assign hw2reg.control.start.de = sw_ctrl_done;
// if software operation selected, based on transaction start
// if software operation not selected, software is free to change contents
assign hw2reg.ctrl_regwen.d = sw_sel ? !op_start : 1'b1;
// phy status
assign hw2reg.phy_status.init_wip.d = flash_phy_busy;
assign hw2reg.phy_status.init_wip.de = 1'b1;
assign hw2reg.phy_status.prog_normal_avail.d = flash_phy_rsp.prog_type_avail[FlashProgNormal];
assign hw2reg.phy_status.prog_normal_avail.de = 1'b1;
assign hw2reg.phy_status.prog_repair_avail.d = flash_phy_rsp.prog_type_avail[FlashProgRepair];
assign hw2reg.phy_status.prog_repair_avail.de = 1'b1;
// Flash Interface
assign flash_phy_req.addr = flash_addr;
assign flash_phy_req.part = flash_part_sel;
assign flash_phy_req.info_sel = flash_info_sel;
assign flash_phy_req.prog_type = flash_prog_type;
assign flash_phy_req.prog_data = flash_prog_data;
assign flash_phy_req.prog_last = flash_prog_last;
assign flash_phy_req.region_cfgs = region_cfgs;
assign flash_phy_req.addr_key = addr_key;
assign flash_phy_req.data_key = data_key;
assign flash_phy_req.rand_addr_key = rand_addr_key;
assign flash_phy_req.rand_data_key = rand_data_key;
assign flash_phy_req.alert_trig = reg2hw.phy_alert_cfg.alert_trig.q;
assign flash_phy_req.alert_ack = reg2hw.phy_alert_cfg.alert_ack.q;
assign flash_phy_req.jtag_req.tck = cio_tck_i;
assign flash_phy_req.jtag_req.tms = cio_tms_i;
assign flash_phy_req.jtag_req.tdi = cio_tdi_i;
assign flash_phy_req.jtag_req.trst_n = '0;
assign cio_tdo_o = flash_phy_rsp.jtag_rsp.tdo;
assign cio_tdo_en_o = flash_phy_rsp.jtag_rsp.tdo_oe;
assign flash_rd_err = flash_phy_rsp.rd_err;
assign flash_rd_data = flash_phy_rsp.rd_data;
assign flash_phy_busy = flash_phy_rsp.init_busy;
// Interface to pwrmgr
// flash is not idle as long as there is a stateful operation ongoing
logic flash_idle_d;
assign flash_idle_d = ~(flash_phy_req.req &
(flash_phy_req.prog | flash_phy_req.pg_erase | flash_phy_req.bk_erase));
prim_flop #(
.Width(1),
.ResetValue(1'b1)
) u_reg_idle (
.clk_i,
.rst_ni,
.d_i(flash_idle_d),
.q_o(pwrmgr_o.flash_idle)
);
//////////////////////////////////////
// Alert senders
//////////////////////////////////////
logic [NumAlerts-1:0] alert_srcs;
logic [NumAlerts-1:0] alert_tests;
logic fatal_prim_flash_alert, recov_prim_flash_alert;
// An excessive number of recoverable errors may also indicate an attack
logic recov_err;
assign recov_err = (sw_ctrl_done & |sw_ctrl_err) |
flash_phy_rsp.macro_err |
update_err;
logic fatal_err;
assign fatal_err = |reg2hw.fault_status;
logic fatal_std_err;
assign fatal_std_err = |reg2hw.std_fault_status;
lc_ctrl_pkg::lc_tx_t local_esc;
assign local_esc = lc_ctrl_pkg::lc_tx_bool_to_lc_tx(fatal_std_err);
assign alert_srcs = {
recov_prim_flash_alert,
fatal_prim_flash_alert,
fatal_err,
fatal_std_err,
recov_err
};
assign alert_tests = {
reg2hw.alert_test.recov_prim_flash_alert.q & reg2hw.alert_test.recov_prim_flash_alert.qe,
reg2hw.alert_test.fatal_prim_flash_alert.q & reg2hw.alert_test.fatal_prim_flash_alert.qe,
reg2hw.alert_test.fatal_err.q & reg2hw.alert_test.fatal_err.qe,
reg2hw.alert_test.fatal_std_err.q & reg2hw.alert_test.fatal_std_err.qe,
reg2hw.alert_test.recov_err.q & reg2hw.alert_test.recov_err.qe
};
localparam logic [NumAlerts-1:0] IsFatal = {1'b0, 1'b1, 1'b1, 1'b1, 1'b0};
for (genvar i = 0; i < NumAlerts; i++) begin : gen_alert_senders
prim_alert_sender #(
.AsyncOn(AlertAsyncOn[i]),
.IsFatal(IsFatal[i])
) u_alert_sender (
.clk_i,
.rst_ni,
.alert_req_i(alert_srcs[i]),
.alert_test_i(alert_tests[i]),
.alert_ack_o(),
.alert_state_o(),
.alert_rx_i(alert_rx_i[i]),
.alert_tx_o(alert_tx_o[i])
);
end
//////////////////////////////////////
// Flash Disable and execute enable
//////////////////////////////////////
lc_ctrl_pkg::lc_tx_t lc_escalate_en;
prim_lc_sync #(
.NumCopies(1)
) u_lc_escalation_en_sync (
.clk_i,
.rst_ni,
.lc_en_i(lc_escalate_en_i),
.lc_en_o({lc_escalate_en})
);
lc_ctrl_pkg::lc_tx_t escalate_en;
// SEC_CM: MEM.CTRL.LOCAL_ESC
assign escalate_en = lc_ctrl_pkg::lc_tx_or_hi(dis_access, local_esc);
// flash functional disable
lc_ctrl_pkg::lc_tx_t lc_disable;
assign lc_disable = lc_ctrl_pkg::lc_tx_or_hi(lc_escalate_en, escalate_en);
// Normally, faults (those registered in fault_status) should also cause flash access
// to disable. However, most errors encountered by hardware during flash access
// are registered as faults (since they functionally never happen). Out of an abundance
// of caution for the first iteration, we will not kill flash access based on those
// faults immediately just in case there are unexpected corner conditions.
// In other words...cowardice.
// SEC_CM: MEM.CTRL.GLOBAL_ESC
// SEC_CM: MEM_DISABLE.CONFIG.MUBI
mubi4_t lc_conv_disable;
mubi4_t flash_disable_pre_buf;
assign lc_conv_disable = lc_ctrl_pkg::lc_to_mubi4(lc_disable);
assign flash_disable_pre_buf = prim_mubi_pkg::mubi4_or_hi(
lc_conv_disable,
mubi4_t'(reg2hw.dis.q));
prim_mubi4_sync #(
.NumCopies(int'(FlashDisableLast)),
.AsyncOn(0)
) u_disable_buf (
.clk_i,
.rst_ni,
.mubi_i(flash_disable_pre_buf),
.mubi_o(flash_disable)
);
assign flash_phy_req.flash_disable = flash_disable[PhyDisableIdx];
logic [prim_mubi_pkg::MuBi4Width-1:0] sw_flash_exec_en;
mubi4_t flash_exec_en;
// SEC_CM: EXEC.CONFIG.REDUN
prim_sec_anchor_buf #(
.Width(prim_mubi_pkg::MuBi4Width)
) u_exec_en_buf (
.in_i(prim_mubi_pkg::mubi4_bool_to_mubi(reg2hw.exec.q == unsigned'(ExecEn))),
.out_o(sw_flash_exec_en)
);
mubi4_t disable_exec;
assign disable_exec = mubi4_t'(~flash_disable[IFetchDisableIdx]);
assign flash_exec_en = prim_mubi_pkg::mubi4_and_hi(
disable_exec,
mubi4_t'(sw_flash_exec_en)
);
//////////////////////////////////////
// Errors and Interrupts
//////////////////////////////////////
// all software interface errors are treated as synchronous errors
assign hw2reg.err_code.op_err.d = 1'b1;
assign hw2reg.err_code.mp_err.d = 1'b1;
assign hw2reg.err_code.rd_err.d = 1'b1;
assign hw2reg.err_code.prog_err.d = 1'b1;
assign hw2reg.err_code.prog_win_err.d = 1'b1;
assign hw2reg.err_code.prog_type_err.d = 1'b1;
assign hw2reg.err_code.update_err.d = 1'b1;
assign hw2reg.err_code.macro_err.d = 1'b1;
assign hw2reg.err_code.op_err.de = sw_ctrl_err.invalid_op_err;
assign hw2reg.err_code.mp_err.de = sw_ctrl_err.mp_err;
assign hw2reg.err_code.rd_err.de = sw_ctrl_err.rd_err;
assign hw2reg.err_code.prog_err.de = sw_ctrl_err.prog_err;
assign hw2reg.err_code.prog_win_err.de = sw_ctrl_err.prog_win_err;
assign hw2reg.err_code.prog_type_err.de = sw_ctrl_err.prog_type_err;
assign hw2reg.err_code.update_err.de = update_err;
assign hw2reg.err_code.macro_err.de = flash_phy_rsp.macro_err;
assign hw2reg.err_addr.d = {ctrl_err_addr, {BusByteWidth{1'h0}}};
assign hw2reg.err_addr.de = sw_ctrl_err.mp_err |
sw_ctrl_err.rd_err |
sw_ctrl_err.prog_err;
// all hardware interface errors are considered faults
// There are two types of faults
// standard faults - things like fsm / counter / tlul integrity
// custom faults - things like hardware interface not working correctly
assign hw2reg.fault_status.op_err.d = 1'b1;
assign hw2reg.fault_status.mp_err.d = 1'b1;
assign hw2reg.fault_status.rd_err.d = 1'b1;
assign hw2reg.fault_status.prog_err.d = 1'b1;
assign hw2reg.fault_status.prog_win_err.d = 1'b1;
assign hw2reg.fault_status.prog_type_err.d = 1'b1;
assign hw2reg.fault_status.seed_err.d = 1'b1;
assign hw2reg.fault_status.phy_relbl_err.d = 1'b1;
assign hw2reg.fault_status.phy_storage_err.d = 1'b1;
assign hw2reg.fault_status.spurious_ack.d = 1'b1;
assign hw2reg.fault_status.arb_err.d = 1'b1;
assign hw2reg.fault_status.host_gnt_err.d = 1'b1;
assign hw2reg.fault_status.op_err.de = hw_err.invalid_op_err;
assign hw2reg.fault_status.mp_err.de = hw_err.mp_err;
assign hw2reg.fault_status.rd_err.de = hw_err.rd_err;
assign hw2reg.fault_status.prog_err.de = hw_err.prog_err;
assign hw2reg.fault_status.prog_win_err.de = hw_err.prog_win_err;
assign hw2reg.fault_status.prog_type_err.de = hw_err.prog_type_err;
assign hw2reg.fault_status.seed_err.de = seed_err;
assign hw2reg.fault_status.phy_relbl_err.de = flash_phy_rsp.storage_relbl_err;
assign hw2reg.fault_status.phy_storage_err.de = flash_phy_rsp.storage_intg_err;
assign hw2reg.fault_status.spurious_ack.de = flash_phy_rsp.spurious_ack;
assign hw2reg.fault_status.arb_err.de = flash_phy_rsp.arb_err;
assign hw2reg.fault_status.host_gnt_err.de = flash_phy_rsp.host_gnt_err;
// standard faults
assign hw2reg.std_fault_status.reg_intg_err.d = 1'b1;
assign hw2reg.std_fault_status.prog_intg_err.d = 1'b1;
assign hw2reg.std_fault_status.lcmgr_err.d = 1'b1;
assign hw2reg.std_fault_status.lcmgr_intg_err.d = 1'b1;
assign hw2reg.std_fault_status.arb_fsm_err.d = 1'b1;
assign hw2reg.std_fault_status.storage_err.d = 1'b1;
assign hw2reg.std_fault_status.phy_fsm_err.d = 1'b1;
assign hw2reg.std_fault_status.ctrl_cnt_err.d = 1'b1;
assign hw2reg.std_fault_status.fifo_err.d = 1'b1;
assign hw2reg.std_fault_status.reg_intg_err.de = intg_err | eflash_cmd_intg_err |
tl_gate_intg_err | tl_prog_gate_intg_err;
assign hw2reg.std_fault_status.prog_intg_err.de = flash_phy_rsp.prog_intg_err;
assign hw2reg.std_fault_status.lcmgr_err.de = lcmgr_err;
assign hw2reg.std_fault_status.lcmgr_intg_err.de = lcmgr_intg_err;
assign hw2reg.std_fault_status.arb_fsm_err.de = arb_fsm_err;
assign hw2reg.std_fault_status.storage_err.de = storage_err;
assign hw2reg.std_fault_status.phy_fsm_err.de = flash_phy_rsp.fsm_err;
assign hw2reg.std_fault_status.ctrl_cnt_err.de = rd_cnt_err | prog_cnt_err;
assign hw2reg.std_fault_status.fifo_err.de = flash_phy_rsp.fifo_err | adapter_fifo_err;
// Correctable ECC count / address
for (genvar i = 0; i < NumBanks; i++) begin : gen_ecc_single_err_reg
assign hw2reg.ecc_single_err_cnt[i].de = flash_phy_rsp.ecc_single_err[i];
assign hw2reg.ecc_single_err_cnt[i].d = &reg2hw.ecc_single_err_cnt[i].q ?
reg2hw.ecc_single_err_cnt[i].q :
reg2hw.ecc_single_err_cnt[i].q + 1'b1;
assign hw2reg.ecc_single_err_addr[i].de = flash_phy_rsp.ecc_single_err[i];
assign hw2reg.ecc_single_err_addr[i].d = {flash_phy_rsp.ecc_addr[i], {BusByteWidth{1'b0}}};
end
logic sw_rd_fifo_wr_q;
logic prog_fifo_rd_q;
always_ff @(posedge clk_i or negedge rst_ni) begin
if (!rst_ni) begin
sw_rd_fifo_wr_q <= '0;
prog_fifo_rd_q <= '0;
end else begin
sw_rd_fifo_wr_q <= sw_rfifo_wen & sw_rfifo_wready;
prog_fifo_rd_q <= prog_fifo_rvalid & prog_fifo_ren;
end
end
// general interrupt events
logic [LastIntrIdx-1:0] intr_event;
prim_edge_detector #(
.Width(1),
.ResetValue(1),
.EnSync(0)
) u_prog_empty_event (
.clk_i,
.rst_ni,
.d_i(~prog_fifo_rvalid),
.q_sync_o(),
.q_posedge_pulse_o(intr_event[ProgEmpty]),
.q_negedge_pulse_o()
);
prim_intr_hw #(.Width(1)) u_intr_prog_empty (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[ProgEmpty]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.prog_empty.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.prog_empty.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.prog_empty.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.prog_empty.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.prog_empty.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.prog_empty.d),
.intr_o (intr_prog_empty_o)
);
prim_edge_detector #(
.Width(1),
.ResetValue(0),
.EnSync(0)
) u_prog_lvl_event (
.clk_i,
.rst_ni,
.d_i(prog_fifo_rd_q & (reg2hw.fifo_lvl.prog.q == MaxFifoWidth'(prog_fifo_depth))),
.q_sync_o(),
.q_posedge_pulse_o(intr_event[ProgLvl]),
.q_negedge_pulse_o()
);
prim_intr_hw #(.Width(1)) u_intr_prog_lvl (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[ProgLvl]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.prog_lvl.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.prog_lvl.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.prog_lvl.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.prog_lvl.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.prog_lvl.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.prog_lvl.d),
.intr_o (intr_prog_lvl_o)
);
prim_edge_detector #(
.Width(1),
.ResetValue(0),
.EnSync(0)
) u_rd_full_event (
.clk_i,
.rst_ni,
.d_i(sw_rfifo_full),
.q_sync_o(),
.q_posedge_pulse_o(intr_event[RdFull]),
.q_negedge_pulse_o()
);
prim_intr_hw #(.Width(1)) u_intr_rd_full (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[RdFull]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.rd_full.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.rd_full.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.rd_full.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.rd_full.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.rd_full.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.rd_full.d),
.intr_o (intr_rd_full_o)
);
prim_edge_detector #(
.Width(1),
.ResetValue(0),
.EnSync(0)
) u_rd_lvl_event (
.clk_i,
.rst_ni,
.d_i(sw_rd_fifo_wr_q & (reg2hw.fifo_lvl.rd.q == sw_rfifo_depth)),
.q_sync_o(),
.q_posedge_pulse_o(intr_event[RdLvl]),
.q_negedge_pulse_o()
);
prim_intr_hw #(.Width(1)) u_intr_rd_lvl (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[RdLvl]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.rd_lvl.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.rd_lvl.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.rd_lvl.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.rd_lvl.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.rd_lvl.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.rd_lvl.d),
.intr_o (intr_rd_lvl_o)
);
assign intr_event[OpDone] = sw_ctrl_done;
assign intr_event[CorrErr] = |flash_phy_rsp.ecc_single_err;
prim_intr_hw #(.Width(1)) u_intr_op_done (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[OpDone]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.op_done.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.op_done.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.op_done.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.op_done.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.op_done.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.op_done.d),
.intr_o (intr_op_done_o)
);
prim_intr_hw #(.Width(1)) u_intr_corr_err (
.clk_i,
.rst_ni,
.event_intr_i (intr_event[CorrErr]),
.reg2hw_intr_enable_q_i (reg2hw.intr_enable.corr_err.q),
.reg2hw_intr_test_q_i (reg2hw.intr_test.corr_err.q),
.reg2hw_intr_test_qe_i (reg2hw.intr_test.corr_err.qe),
.reg2hw_intr_state_q_i (reg2hw.intr_state.corr_err.q),
.hw2reg_intr_state_de_o (hw2reg.intr_state.corr_err.de),
.hw2reg_intr_state_d_o (hw2reg.intr_state.corr_err.d),
.intr_o (intr_corr_err_o)
);
// Unused bits
logic [BusByteWidth-1:0] unused_byte_sel;
logic [top_pkg::TL_AW-1:0] unused_scratch;
// Unused signals
assign unused_byte_sel = muxed_addr[BusByteWidth-1:0];
assign unused_scratch = reg2hw.scratch;
//////////////////////////////////////
// flash phy module
//////////////////////////////////////
logic flash_host_req;
logic flash_host_req_rdy;
logic flash_host_req_done;
logic flash_host_rderr;
logic [flash_ctrl_pkg::BusFullWidth-1:0] flash_host_rdata;
logic [flash_ctrl_pkg::BusAddrW-1:0] flash_host_addr;
lc_ctrl_pkg::lc_tx_t host_enable;
// if flash disable is activated, error back from the adapter interface immediately
assign host_enable = lc_ctrl_pkg::mubi4_to_lc_inv(flash_disable[HostDisableIdx]);
tlul_pkg::tl_h2d_t gate_tl_h2d;
tlul_pkg::tl_d2h_t gate_tl_d2h;
// SEC_CM: MEM_TL_LC_GATE.FSM.SPARSE
tlul_lc_gate u_tl_gate (
.clk_i,
.rst_ni,
.tl_h2d_i(mem_tl_i),
.tl_d2h_o(mem_tl_o),
.tl_h2d_o(gate_tl_h2d),
.tl_d2h_i(gate_tl_d2h),
.flush_req_i('0),
.flush_ack_o(),
.resp_pending_o(),
.lc_en_i(host_enable),
.err_o(tl_gate_intg_err)
);
// SEC_CM: HOST.BUS.INTEGRITY
tlul_adapter_sram #(
.SramAw(BusAddrW),
.SramDw(BusWidth),
.Outstanding(2),
.ByteAccess(0),
.ErrOnWrite(1),
.CmdIntgCheck(1),
.EnableRspIntgGen(1),
.EnableDataIntgGen(0),
.EnableDataIntgPt(1)
) u_tl_adapter_eflash (
.clk_i,
.rst_ni,
.tl_i (gate_tl_h2d),
.tl_o (gate_tl_d2h),
.en_ifetch_i (flash_exec_en),
.req_o (flash_host_req),
.req_type_o (),
.gnt_i (flash_host_req_rdy),
.we_o (),
.addr_o (flash_host_addr),
.wdata_o (),
.wmask_o (),
.intg_error_o(eflash_cmd_intg_err),
.rdata_i (flash_host_rdata),
.rvalid_i (flash_host_req_done),
.rerror_i ({flash_host_rderr,1'b0})
);
flash_phy #(
.SecScrambleEn(SecScrambleEn)
) u_eflash (
.clk_i,
.rst_ni,
.host_req_i (flash_host_req),
.host_addr_i (flash_host_addr),
.host_req_rdy_o (flash_host_req_rdy),
.host_req_done_o (flash_host_req_done),
.host_rderr_o (flash_host_rderr),
.host_rdata_o (flash_host_rdata),
.flash_ctrl_i (flash_phy_req),
.flash_ctrl_o (flash_phy_rsp),
.tl_i (prim_tl_i),
.tl_o (prim_tl_o),
.obs_ctrl_i,
.fla_obs_o,
.lc_nvm_debug_en_i,
.flash_bist_enable_i,
.flash_power_down_h_i,
.flash_power_ready_h_i,
.flash_test_mode_a_io,
.flash_test_voltage_h_io,
.fatal_prim_flash_alert_o(fatal_prim_flash_alert),
.recov_prim_flash_alert_o(recov_prim_flash_alert),
.scanmode_i,
.scan_en_i,
.scan_rst_ni
);
/////////////////////////////////
// Assertions
/////////////////////////////////
`ASSERT_KNOWN(TlDValidKnownO_A, core_tl_o.d_valid )
`ASSERT_KNOWN(TlAReadyKnownO_A, core_tl_o.a_ready )
`ASSERT_KNOWN_IF(RspPayLoad_A, core_tl_o, core_tl_o.d_valid)
`ASSERT_KNOWN(PrimTlDValidKnownO_A, prim_tl_o.d_valid )
`ASSERT_KNOWN(PrimTlAReadyKnownO_A, prim_tl_o.a_ready )
`ASSERT_KNOWN_IF(PrimRspPayLoad_A, prim_tl_o, prim_tl_o.d_valid)
`ASSERT_KNOWN(MemTlDValidKnownO_A, mem_tl_o.d_valid )
`ASSERT_KNOWN(MemTlAReadyKnownO_A, mem_tl_o.a_ready )
`ASSERT_KNOWN_IF(MemRspPayLoad_A, mem_tl_o, mem_tl_o.d_valid)
`ASSERT_KNOWN(FlashKnownO_A, {flash_phy_req.req, flash_phy_req.rd,
flash_phy_req.prog, flash_phy_req.pg_erase,
flash_phy_req.bk_erase})
`ASSERT_KNOWN_IF(FlashAddrKnown_A, flash_phy_req.addr, flash_phy_req.req)
`ASSERT_KNOWN_IF(FlashProgKnown_A, flash_phy_req.prog_data,
flash_phy_req.prog & flash_phy_req.req)
`ASSERT_KNOWN(IntrProgEmptyKnownO_A, intr_prog_empty_o)
`ASSERT_KNOWN(IntrProgLvlKnownO_A, intr_prog_lvl_o )
`ASSERT_KNOWN(IntrProgRdFullKnownO_A, intr_rd_full_o )
`ASSERT_KNOWN(IntrRdLvlKnownO_A, intr_rd_lvl_o )
`ASSERT_KNOWN(IntrOpDoneKnownO_A, intr_op_done_o )
`ASSERT_KNOWN(IntrErrO_A, intr_corr_err_o )
`ASSERT_KNOWN(TdoKnown_A, cio_tdo_o )
`ASSERT(TdoEnIsOne_A, cio_tdo_en_o === 1'b1)
// combined indication that an operation has started
// This is used only for assertions
logic unused_op_valid;
assign unused_op_valid = prog_op_valid | rd_op_valid | erase_op_valid;
// add more assertions
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(SeedCntAlertCheck_A, u_flash_hw_if.u_seed_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(AddrCntAlertCheck_A, u_flash_hw_if.u_addr_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PageCntAlertCheck_A, u_flash_hw_if.u_page_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(WordCntAlertCheck_A, u_flash_hw_if.u_word_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(WipeIdx_A, u_flash_hw_if.u_wipe_idx_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(ProgCnt_A, u_flash_ctrl_prog.u_cnt,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RdCnt_A, u_flash_ctrl_rd.u_cnt,
alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(LcCtrlFsmCheck_A,
u_flash_hw_if.u_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(LcCtrlRmaFsmCheck_A,
u_flash_hw_if.u_rma_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(ArbFsmCheck_A,
u_ctrl_arb.u_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(TlLcGateFsm_A,
u_tl_gate.u_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(TlProgLcGateFsm_A,
u_prog_tl_gate.u_state_regs, alert_tx_o[1])
for (genvar i=0; i<NumBanks; i++) begin : gen_phy_assertions
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(PhyFsmCheck_A,
u_eflash.gen_flash_cores[i].u_core.u_state_regs, alert_tx_o[1])
`ASSERT_PRIM_FSM_ERROR_TRIGGER_ALERT(PhyProgFsmCheck_A,
u_eflash.gen_flash_cores[i].u_core.gen_prog_data.u_prog.u_state_regs, alert_tx_o[1])
end
`ifdef INC_ASSERT
`define PHY u_eflash.gen_flash_cores[i]
`define PHY_CORE `PHY.u_core
for (genvar i=0; i<NumBanks; i++) begin : gen_phy_cnt_errs
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRspFifoWPtr_A,
`PHY.u_host_rsp_fifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr, alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRspFifoRPtr_A,
`PHY.u_host_rsp_fifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr, alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRdRspFifoWPtr_A,
`PHY_CORE.u_rd.u_rsp_order_fifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRdRspFifoRPtr_A,
`PHY_CORE.u_rd.u_rsp_order_fifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRdDataFifoWPtr_A,
`PHY_CORE.u_rd.u_rd_storage.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyRdDataFifoRPtr_A,
`PHY_CORE.u_rd.u_rd_storage.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr,
alert_tx_o[1])
// Outstanding count error is merged into host_gnt_err instead of being an
// individual count error.
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(PhyHostCnt_A,
`PHY_CORE.u_host_outstanding_cnt, alert_tx_o[2])
end
`endif
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RdFifoWptrCheck_A,
u_to_rd_fifo.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_wptr,
alert_tx_o[1])
`ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RdFifoRptrCheck_A,
u_to_rd_fifo.u_rspfifo.gen_normal_fifo.u_fifo_cnt.gen_secure_ptrs.u_rptr,
alert_tx_o[1])
// Alert assertions for reg_we onehot check
`ASSERT_PRIM_REG_WE_ONEHOT_ERROR_TRIGGER_ALERT(RegWeOnehotCheck_A, u_reg_core, alert_tx_o[1])
// Assertions for countermeasures inside prim_flash
`ifndef PRIM_DEFAULT_IMPL
`define PRIM_DEFAULT_IMPL prim_pkg::ImplGeneric
`endif
if (`PRIM_DEFAULT_IMPL == prim_pkg::ImplGeneric) begin : gen_reg_we_assert_generic
`ASSERT_PRIM_REG_WE_ONEHOT_ERROR_TRIGGER_ALERT(PrimRegWeOnehotCheck_A,
u_eflash.u_flash.gen_generic.u_impl_generic.u_reg_top, alert_tx_o[3])
end
endmodule