treewide: Add secure boot mode

* Makes sure that security island comes up after reset together with host domain. This allows the security island to control the boot flow assuming the host domain is put in the correct boot mode too. * Prevents safety island isolate and clock enables from shutting off safety island
pulp-platform · Aug 14, 2023 · a0dcba2 · a0dcba2
1 parent a6d0faa
commit a0dcba2
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/hw/carfield.sv b/hw/carfield.sv
@@ -66,6 +66,8 @@ module carfield
   input   logic [1:0]                                 bootmode_ot_i,
   // Safety Island BOOT pins
   input   logic [1:0]                                 bootmode_safe_isln_i,
+  // Secure Boot Chain mode pin
+  input   logic                                       secure_boot_i,
   // Host UART Interface
   output logic                                        uart_tx_o,
   input  logic                                        uart_rx_i,
@@ -720,7 +722,9 @@ assign domain_clk_div_changed[L2DomainIdx]         = car_regs_reg2hw.l2_clk_div_
 
 assign domain_clk_en[PeriphDomainIdx]     = car_regs_reg2hw.periph_clk_en.q;
 assign domain_clk_en[SafedDomainIdx]      = car_regs_reg2hw.safety_island_clk_en.q;
-assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q;
+// secure boot mode forces security island to come up concurently with host domain. Furthermore, it
+// cannot be disabled by design
+assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q | secure_boot_i;
 assign domain_clk_en[IntClusterDomainIdx] = car_regs_reg2hw.pulp_cluster_clk_en.q;
 assign domain_clk_en[FPClusterDomainIdx]  = car_regs_reg2hw.spatz_cluster_clk_en.q;
 assign domain_clk_en[L2DomainIdx]         = car_regs_reg2hw.l2_clk_en.q;
@@ -751,7 +755,6 @@ carfield_reg_top #(
 // TODO: these still need to be connected but can't at this point in time since RTL is missing
 // car_regs_reg2hw.host_isolate // dummy
 // car_regs_reg2hw.periph_isolate
-// car_regs_reg2hw.security_island_isolate
 
 // car_regs_reg2hw.host_fetch_enable // dummy (?)
 // car_regs_reg2hw.spatz_cluster_fetch_enable
@@ -766,7 +769,6 @@ carfield_reg_top #(
 
 // car_regs_hw2reg.host_isolate_status // dummy
 // car_regs_hw2reg.periph_isolate_status
-// car_regs_hw2reg.security_island_isolate_status
 
 
 // Temporary assign
@@ -785,7 +787,10 @@ assign slave_isolate_req[L2Port1SlvIdx]      = 'd0;
 assign slave_isolate_req[L2Port2SlvIdx]      = 'd0;
 assign slave_isolate_req[EthernetSlvIdx]     = 'd0;
 assign slave_isolate_req[PeriphsSlvIdx]      = 'd0;
-assign secd_isolate_req                      = 'd0;
+// if secure boot is enabled then security island cannot be isolate under any circumstances
+// especially at boot time
+assign secd_isolate_req                      = car_regs_reg2hw.security_island_isolate.q &&
+                                               !secure_boot_i;
 
 always_comb begin: assign_isolated_responses
   slave_isolated = '0;
@@ -810,6 +815,10 @@ assign car_regs_hw2reg.pulp_cluster_isolate_status.de = 1'b1;
 assign car_regs_hw2reg.spatz_cluster_isolate_status.d = slave_isolated[FPClusterSlvIdx];
 assign car_regs_hw2reg.spatz_cluster_isolate_status.de = 1'b1;
 
+// security island only has a master port
+assign car_regs_hw2reg.security_island_isolate_status.d = master_isolated_rsp[SecurityIslandMstIdx];
+assign car_regs_hw2reg.security_island_isolate_status.de = 1'b1;
+
 // TODO: propagate isolated signal from security island to register
 
 // hyperbus reg req/rsp

diff --git a/tb/carfield_fix.sv b/tb/carfield_fix.sv
@@ -73,6 +73,8 @@ module carfield_soc_fixture;
   logic uart_hostd_tx;
   logic uart_hostd_rx;
 
+  logic secure_boot;
+
   logic uart_secd_tx;
   logic uart_secd_rx;
 
@@ -149,6 +151,7 @@ module carfield_soc_fixture;
     .jtag_safety_island_tdo_o   ( jtag_safed_tdo            ),
     .bootmode_ot_i              ( '0                        ),
     .bootmode_safe_isln_i       ( boot_mode_safed           ),
+    .secure_boot_i              ( secure_boot               ),
     .uart_tx_o                  ( uart_hostd_tx             ),
     .uart_rx_i                  ( uart_hostd_rx             ),
     .uart_ot_tx_o               ( uart_secd_tx              ),
@@ -377,6 +380,8 @@ module carfield_soc_fixture;
   ) secd_vip (
     .clk_vip   (),
     .rst_n_vip (),
+    // secure boot enabled
+    .secure_boot  ( secure_boot      ),
     // UART interface
     .uart_tx      ( uart_secd_tx     ),
     .uart_rx      ( uart_secd_rx     ),

diff --git a/tb/vip_security_island_soc.sv b/tb/vip_security_island_soc.sv
@@ -24,6 +24,8 @@ module vip_security_island_soc
 ) (
   output logic clk_vip,
   output logic rst_n_vip,
+  // secure boot enabled
+  output logic secure_boot,
   // UART interface
   input logic  uart_tx,
   output logic uart_rx,
@@ -56,6 +58,13 @@ module vip_security_island_soc
     @(posedge clk);
   endtask
 
+  /////////////////
+  // Secure boot //
+  /////////////////
+
+  // TODO: secure boot emulation mode is currently not tested
+  assign secure_boot = 1'b0;
+
   //////////
   // JTAG //
   //////////