From 9174c68d049c720d771dfdc568f40bd8acfa1202 Mon Sep 17 00:00:00 2001 From: bluew Date: Fri, 11 Aug 2023 03:50:36 +0200 Subject: [PATCH 1/6] carfield.mk: Bump nonfree --- carfield.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/carfield.mk b/carfield.mk index 172af84c..120ed3bb 100644 --- a/carfield.mk +++ b/carfield.mk @@ -90,7 +90,7 @@ endif ###################### CAR_NONFREE_REMOTE ?= git@iis-git.ee.ethz.ch:carfield/carfield-nonfree.git -CAR_NONFREE_COMMIT ?= 717358edc2da9e31f4b24622086f6bc756344237 +CAR_NONFREE_COMMIT ?= 728f16e60e6785217a144146cc390b56c44cdb4c ## Clone the non-free verification IP for the Carfield TB car-nonfree-init: From c962b7a26c684dc96e2b417bf72951e9d6dcc89b Mon Sep 17 00:00:00 2001 From: bluew Date: Fri, 11 Aug 2023 04:20:38 +0200 Subject: [PATCH 2/6] carfield.mk: Fix incomplete dependency when building sw make car-sw-build is supposed to build all software for carfield. Doesn't make sense to have them manually invoked by the user. --- carfield.mk | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/carfield.mk b/carfield.mk index 120ed3bb..78f35dbc 100644 --- a/carfield.mk +++ b/carfield.mk @@ -255,7 +255,7 @@ chs-sw-build: chs-sw-all .PHONY: car-sw-build ## Builds carfield application SW and specific libraries. It links against `libcheshire.a`. -car-sw-build: chs-sw-build car-sw-all +car-sw-build: chs-sw-build safed-sw-build pulpd-sw-build car-sw-all .PHONY: car-init ## Shortcut to initialize carfield with all the targets described above. @@ -281,8 +281,13 @@ $(PULPD_ROOT)/regression-tests: $(PULPD_ROOT) # For independent boot of an island, we allow to compile the binary standalone. .PHONY: safed-sw-build pulpd-sw-build -safed-sw-build: safed-sw-all -pulpd-sw-build: pulpd-sw-all +safed-sw-build: + . $(CAR_ROOT)/scripts/safed-env.sh; \ + $(MAKE) safed-sw-all + +pulpd-sw-build: + . $(CAR_ROOT)/scripts/pulpd-env.sh; \ + $(MAKE) pulpd-sw-all ############ # RTL LINT # From 4d47c358956ea4d284358f676e5483a31fec3dec Mon Sep 17 00:00:00 2001 From: bluew Date: Fri, 11 Aug 2023 04:22:29 +0200 Subject: [PATCH 3/6] README.md: Replace shell instructions // is not a `sh` thing --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 74e7c3a5..5a2c6c3a 100644 --- a/README.md +++ b/README.md @@ -57,13 +57,13 @@ Follow these steps to launch a Carfield simulation: * Compile tests for Carfield. Tests resides in `sw/tests`. ``` - // Compile Safety Island standalone software + # Compile Safety Island standalone software source ./scripts/safed-env.sh make safed-sw-build - // Compile Integer cluster standalone software + # Compile Integer cluster standalone software source ./scripts/pulpd-env.sh make pulpd-sw-build - // Compile Cheshire SW + # Compile Cheshire SW make car-sw-build ``` From a6d0faa12f690ebe2d65122d03a0ce2332182c18 Mon Sep 17 00:00:00 2001 From: bluew Date: Fri, 11 Aug 2023 18:43:02 +0200 Subject: [PATCH 4/6] hw: Connect security island bootmode --- hw/carfield.sv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/carfield.sv b/hw/carfield.sv index da2a4afe..57f899d0 100644 --- a/hw/carfield.sv +++ b/hw/carfield.sv @@ -1579,7 +1579,7 @@ secure_subsystem_synth_wrap #( .rst_ni ( security_rst_n ), .pwr_on_rst_ni ( security_pwr_on_rst_n ), .fetch_en_i ( car_regs_reg2hw.security_island_fetch_enable ), - .bootmode_i ( '0 ), + .bootmode_i ( bootmode_ot_i ), .test_enable_i ( test_mode_i ), .irq_ibex_i ( secd_mbox_intr ), // from hostd or safed // JTAG port From a0dcba247f90a830630067bf11b6c9d282ceb663 Mon Sep 17 00:00:00 2001 From: bluew Date: Fri, 11 Aug 2023 19:06:00 +0200 Subject: [PATCH 5/6] treewide: Add secure boot mode * Makes sure that security island comes up after reset together with host domain. This allows the security island to control the boot flow assuming the host domain is put in the correct boot mode too. * Prevents safety island isolate and clock enables from shutting off safety island --- hw/carfield.sv | 17 +++++++++++++---- tb/carfield_fix.sv | 5 +++++ tb/vip_security_island_soc.sv | 9 +++++++++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/hw/carfield.sv b/hw/carfield.sv index 57f899d0..b98f85a9 100644 --- a/hw/carfield.sv +++ b/hw/carfield.sv @@ -66,6 +66,8 @@ module carfield input logic [1:0] bootmode_ot_i, // Safety Island BOOT pins input logic [1:0] bootmode_safe_isln_i, + // Secure Boot Chain mode pin + input logic secure_boot_i, // Host UART Interface output logic uart_tx_o, input logic uart_rx_i, @@ -720,7 +722,9 @@ assign domain_clk_div_changed[L2DomainIdx] = car_regs_reg2hw.l2_clk_div_ assign domain_clk_en[PeriphDomainIdx] = car_regs_reg2hw.periph_clk_en.q; assign domain_clk_en[SafedDomainIdx] = car_regs_reg2hw.safety_island_clk_en.q; -assign domain_clk_en[SecdDomainIdx] = car_regs_reg2hw.security_island_clk_en.q; +// secure boot mode forces security island to come up concurently with host domain. Furthermore, it +// cannot be disabled by design +assign domain_clk_en[SecdDomainIdx] = car_regs_reg2hw.security_island_clk_en.q | secure_boot_i; assign domain_clk_en[IntClusterDomainIdx] = car_regs_reg2hw.pulp_cluster_clk_en.q; assign domain_clk_en[FPClusterDomainIdx] = car_regs_reg2hw.spatz_cluster_clk_en.q; assign domain_clk_en[L2DomainIdx] = car_regs_reg2hw.l2_clk_en.q; @@ -751,7 +755,6 @@ carfield_reg_top #( // TODO: these still need to be connected but can't at this point in time since RTL is missing // car_regs_reg2hw.host_isolate // dummy // car_regs_reg2hw.periph_isolate -// car_regs_reg2hw.security_island_isolate // car_regs_reg2hw.host_fetch_enable // dummy (?) // car_regs_reg2hw.spatz_cluster_fetch_enable @@ -766,7 +769,6 @@ carfield_reg_top #( // car_regs_hw2reg.host_isolate_status // dummy // car_regs_hw2reg.periph_isolate_status -// car_regs_hw2reg.security_island_isolate_status // Temporary assign @@ -785,7 +787,10 @@ assign slave_isolate_req[L2Port1SlvIdx] = 'd0; assign slave_isolate_req[L2Port2SlvIdx] = 'd0; assign slave_isolate_req[EthernetSlvIdx] = 'd0; assign slave_isolate_req[PeriphsSlvIdx] = 'd0; -assign secd_isolate_req = 'd0; +// if secure boot is enabled then security island cannot be isolate under any circumstances +// especially at boot time +assign secd_isolate_req = car_regs_reg2hw.security_island_isolate.q && + !secure_boot_i; always_comb begin: assign_isolated_responses slave_isolated = '0; @@ -810,6 +815,10 @@ assign car_regs_hw2reg.pulp_cluster_isolate_status.de = 1'b1; assign car_regs_hw2reg.spatz_cluster_isolate_status.d = slave_isolated[FPClusterSlvIdx]; assign car_regs_hw2reg.spatz_cluster_isolate_status.de = 1'b1; +// security island only has a master port +assign car_regs_hw2reg.security_island_isolate_status.d = master_isolated_rsp[SecurityIslandMstIdx]; +assign car_regs_hw2reg.security_island_isolate_status.de = 1'b1; + // TODO: propagate isolated signal from security island to register // hyperbus reg req/rsp diff --git a/tb/carfield_fix.sv b/tb/carfield_fix.sv index 5821cc0b..33237673 100644 --- a/tb/carfield_fix.sv +++ b/tb/carfield_fix.sv @@ -73,6 +73,8 @@ module carfield_soc_fixture; logic uart_hostd_tx; logic uart_hostd_rx; + logic secure_boot; + logic uart_secd_tx; logic uart_secd_rx; @@ -149,6 +151,7 @@ module carfield_soc_fixture; .jtag_safety_island_tdo_o ( jtag_safed_tdo ), .bootmode_ot_i ( '0 ), .bootmode_safe_isln_i ( boot_mode_safed ), + .secure_boot_i ( secure_boot ), .uart_tx_o ( uart_hostd_tx ), .uart_rx_i ( uart_hostd_rx ), .uart_ot_tx_o ( uart_secd_tx ), @@ -377,6 +380,8 @@ module carfield_soc_fixture; ) secd_vip ( .clk_vip (), .rst_n_vip (), + // secure boot enabled + .secure_boot ( secure_boot ), // UART interface .uart_tx ( uart_secd_tx ), .uart_rx ( uart_secd_rx ), diff --git a/tb/vip_security_island_soc.sv b/tb/vip_security_island_soc.sv index d57d8361..689c3555 100644 --- a/tb/vip_security_island_soc.sv +++ b/tb/vip_security_island_soc.sv @@ -24,6 +24,8 @@ module vip_security_island_soc ) ( output logic clk_vip, output logic rst_n_vip, + // secure boot enabled + output logic secure_boot, // UART interface input logic uart_tx, output logic uart_rx, @@ -56,6 +58,13 @@ module vip_security_island_soc @(posedge clk); endtask + ///////////////// + // Secure boot // + ///////////////// + + // TODO: secure boot emulation mode is currently not tested + assign secure_boot = 1'b0; + ////////// // JTAG // ////////// From 2d15dbbddee1e7dd09bdaea27b574c36a1365dff Mon Sep 17 00:00:00 2001 From: bluew Date: Mon, 14 Aug 2023 18:24:13 +0200 Subject: [PATCH 6/6] Update README.md --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index 5a2c6c3a..9782e0c4 100644 --- a/README.md +++ b/README.md @@ -57,13 +57,6 @@ Follow these steps to launch a Carfield simulation: * Compile tests for Carfield. Tests resides in `sw/tests`. ``` - # Compile Safety Island standalone software - source ./scripts/safed-env.sh - make safed-sw-build - # Compile Integer cluster standalone software - source ./scripts/pulpd-env.sh - make pulpd-sw-build - # Compile Cheshire SW make car-sw-build ```