From a0dcba247f90a830630067bf11b6c9d282ceb663 Mon Sep 17 00:00:00 2001
From: bluew <bluewww@users.noreply.github.com>
Date: Fri, 11 Aug 2023 19:06:00 +0200
Subject: [PATCH] treewide: Add secure boot mode

* Makes sure that security island comes up after reset together with
host domain. This allows the security island to control the boot flow
assuming the host domain is put in the correct boot mode too.
* Prevents safety island isolate and clock enables from shutting off
safety island
---
 hw/carfield.sv                | 17 +++++++++++++----
 tb/carfield_fix.sv            |  5 +++++
 tb/vip_security_island_soc.sv |  9 +++++++++
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/hw/carfield.sv b/hw/carfield.sv
index 57f899d0..b98f85a9 100644
--- a/hw/carfield.sv
+++ b/hw/carfield.sv
@@ -66,6 +66,8 @@ module carfield
   input   logic [1:0]                                 bootmode_ot_i,
   // Safety Island BOOT pins
   input   logic [1:0]                                 bootmode_safe_isln_i,
+  // Secure Boot Chain mode pin
+  input   logic                                       secure_boot_i,
   // Host UART Interface
   output logic                                        uart_tx_o,
   input  logic                                        uart_rx_i,
@@ -720,7 +722,9 @@ assign domain_clk_div_changed[L2DomainIdx]         = car_regs_reg2hw.l2_clk_div_
 
 assign domain_clk_en[PeriphDomainIdx]     = car_regs_reg2hw.periph_clk_en.q;
 assign domain_clk_en[SafedDomainIdx]      = car_regs_reg2hw.safety_island_clk_en.q;
-assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q;
+// secure boot mode forces security island to come up concurently with host domain. Furthermore, it
+// cannot be disabled by design
+assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q | secure_boot_i;
 assign domain_clk_en[IntClusterDomainIdx] = car_regs_reg2hw.pulp_cluster_clk_en.q;
 assign domain_clk_en[FPClusterDomainIdx]  = car_regs_reg2hw.spatz_cluster_clk_en.q;
 assign domain_clk_en[L2DomainIdx]         = car_regs_reg2hw.l2_clk_en.q;
@@ -751,7 +755,6 @@ carfield_reg_top #(
 // TODO: these still need to be connected but can't at this point in time since RTL is missing
 // car_regs_reg2hw.host_isolate // dummy
 // car_regs_reg2hw.periph_isolate
-// car_regs_reg2hw.security_island_isolate
 
 // car_regs_reg2hw.host_fetch_enable // dummy (?)
 // car_regs_reg2hw.spatz_cluster_fetch_enable
@@ -766,7 +769,6 @@ carfield_reg_top #(
 
 // car_regs_hw2reg.host_isolate_status // dummy
 // car_regs_hw2reg.periph_isolate_status
-// car_regs_hw2reg.security_island_isolate_status
 
 
 // Temporary assign
@@ -785,7 +787,10 @@ assign slave_isolate_req[L2Port1SlvIdx]      = 'd0;
 assign slave_isolate_req[L2Port2SlvIdx]      = 'd0;
 assign slave_isolate_req[EthernetSlvIdx]     = 'd0;
 assign slave_isolate_req[PeriphsSlvIdx]      = 'd0;
-assign secd_isolate_req                      = 'd0;
+// if secure boot is enabled then security island cannot be isolate under any circumstances
+// especially at boot time
+assign secd_isolate_req                      = car_regs_reg2hw.security_island_isolate.q &&
+                                               !secure_boot_i;
 
 always_comb begin: assign_isolated_responses
   slave_isolated = '0;
@@ -810,6 +815,10 @@ assign car_regs_hw2reg.pulp_cluster_isolate_status.de = 1'b1;
 assign car_regs_hw2reg.spatz_cluster_isolate_status.d = slave_isolated[FPClusterSlvIdx];
 assign car_regs_hw2reg.spatz_cluster_isolate_status.de = 1'b1;
 
+// security island only has a master port
+assign car_regs_hw2reg.security_island_isolate_status.d = master_isolated_rsp[SecurityIslandMstIdx];
+assign car_regs_hw2reg.security_island_isolate_status.de = 1'b1;
+
 // TODO: propagate isolated signal from security island to register
 
 // hyperbus reg req/rsp
diff --git a/tb/carfield_fix.sv b/tb/carfield_fix.sv
index 5821cc0b..33237673 100644
--- a/tb/carfield_fix.sv
+++ b/tb/carfield_fix.sv
@@ -73,6 +73,8 @@ module carfield_soc_fixture;
   logic uart_hostd_tx;
   logic uart_hostd_rx;
 
+  logic secure_boot;
+
   logic uart_secd_tx;
   logic uart_secd_rx;
 
@@ -149,6 +151,7 @@ module carfield_soc_fixture;
     .jtag_safety_island_tdo_o   ( jtag_safed_tdo            ),
     .bootmode_ot_i              ( '0                        ),
     .bootmode_safe_isln_i       ( boot_mode_safed           ),
+    .secure_boot_i              ( secure_boot               ),
     .uart_tx_o                  ( uart_hostd_tx             ),
     .uart_rx_i                  ( uart_hostd_rx             ),
     .uart_ot_tx_o               ( uart_secd_tx              ),
@@ -377,6 +380,8 @@ module carfield_soc_fixture;
   ) secd_vip (
     .clk_vip   (),
     .rst_n_vip (),
+    // secure boot enabled
+    .secure_boot  ( secure_boot      ),
     // UART interface
     .uart_tx      ( uart_secd_tx     ),
     .uart_rx      ( uart_secd_rx     ),
diff --git a/tb/vip_security_island_soc.sv b/tb/vip_security_island_soc.sv
index d57d8361..689c3555 100644
--- a/tb/vip_security_island_soc.sv
+++ b/tb/vip_security_island_soc.sv
@@ -24,6 +24,8 @@ module vip_security_island_soc
 ) (
   output logic clk_vip,
   output logic rst_n_vip,
+  // secure boot enabled
+  output logic secure_boot,
   // UART interface
   input logic  uart_tx,
   output logic uart_rx,
@@ -56,6 +58,13 @@ module vip_security_island_soc
     @(posedge clk);
   endtask
 
+  /////////////////
+  // Secure boot //
+  /////////////////
+
+  // TODO: secure boot emulation mode is currently not tested
+  assign secure_boot = 1'b0;
+
   //////////
   // JTAG //
   //////////