Merge pull request #125 from pulp-platform/bluewww/secure-boot

Add secure boot pin
pulp-platform · Aug 14, 2023 · 870df13 · 870df13
2 parents 0509675 + 2d15dbb
commit 870df13
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -57,13 +57,6 @@ Follow these steps to launch a Carfield simulation:
 * Compile tests for Carfield. Tests resides in `sw/tests`.
 
   ```
-  // Compile Safety Island standalone software
-  source ./scripts/safed-env.sh
-  make safed-sw-build
-  // Compile Integer cluster standalone software
-  source ./scripts/pulpd-env.sh
-  make pulpd-sw-build
-  // Compile Cheshire SW
   make car-sw-build
   ```
 

diff --git a/carfield.mk b/carfield.mk
@@ -90,7 +90,7 @@ endif
 ######################
 
 CAR_NONFREE_REMOTE ?= [email protected]:carfield/carfield-nonfree.git
-CAR_NONFREE_COMMIT ?= 717358edc2da9e31f4b24622086f6bc756344237
+CAR_NONFREE_COMMIT ?= 728f16e60e6785217a144146cc390b56c44cdb4c
 
 ## Clone the non-free verification IP for the Carfield TB
 car-nonfree-init:
@@ -255,7 +255,7 @@ chs-sw-build: chs-sw-all
 
 .PHONY: car-sw-build
 ## Builds carfield application SW and specific libraries. It links against `libcheshire.a`.
-car-sw-build: chs-sw-build car-sw-all
+car-sw-build: chs-sw-build safed-sw-build pulpd-sw-build car-sw-all
 
 .PHONY: car-init
 ## Shortcut to initialize carfield with all the targets described above.
@@ -281,8 +281,13 @@ $(PULPD_ROOT)/regression-tests: $(PULPD_ROOT)
 
 # For independent boot of an island, we allow to compile the binary standalone.
 .PHONY: safed-sw-build pulpd-sw-build
-safed-sw-build: safed-sw-all
-pulpd-sw-build: pulpd-sw-all
+safed-sw-build:
+	. $(CAR_ROOT)/scripts/safed-env.sh; \
+	$(MAKE) safed-sw-all
+
+pulpd-sw-build:
+	. $(CAR_ROOT)/scripts/pulpd-env.sh; \
+	$(MAKE) pulpd-sw-all
 
 ############
 # RTL LINT #

diff --git a/hw/carfield.sv b/hw/carfield.sv
@@ -66,6 +66,8 @@ module carfield
   input   logic [1:0]                                 bootmode_ot_i,
   // Safety Island BOOT pins
   input   logic [1:0]                                 bootmode_safe_isln_i,
+  // Secure Boot Chain mode pin
+  input   logic                                       secure_boot_i,
   // Host UART Interface
   output logic                                        uart_tx_o,
   input  logic                                        uart_rx_i,
@@ -720,7 +722,9 @@ assign domain_clk_div_changed[L2DomainIdx]         = car_regs_reg2hw.l2_clk_div_
 
 assign domain_clk_en[PeriphDomainIdx]     = car_regs_reg2hw.periph_clk_en.q;
 assign domain_clk_en[SafedDomainIdx]      = car_regs_reg2hw.safety_island_clk_en.q;
-assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q;
+// secure boot mode forces security island to come up concurently with host domain. Furthermore, it
+// cannot be disabled by design
+assign domain_clk_en[SecdDomainIdx]       = car_regs_reg2hw.security_island_clk_en.q | secure_boot_i;
 assign domain_clk_en[IntClusterDomainIdx] = car_regs_reg2hw.pulp_cluster_clk_en.q;
 assign domain_clk_en[FPClusterDomainIdx]  = car_regs_reg2hw.spatz_cluster_clk_en.q;
 assign domain_clk_en[L2DomainIdx]         = car_regs_reg2hw.l2_clk_en.q;
@@ -751,7 +755,6 @@ carfield_reg_top #(
 // TODO: these still need to be connected but can't at this point in time since RTL is missing
 // car_regs_reg2hw.host_isolate // dummy
 // car_regs_reg2hw.periph_isolate
-// car_regs_reg2hw.security_island_isolate
 
 // car_regs_reg2hw.host_fetch_enable // dummy (?)
 // car_regs_reg2hw.spatz_cluster_fetch_enable
@@ -766,7 +769,6 @@ carfield_reg_top #(
 
 // car_regs_hw2reg.host_isolate_status // dummy
 // car_regs_hw2reg.periph_isolate_status
-// car_regs_hw2reg.security_island_isolate_status
 
 
 // Temporary assign
@@ -785,7 +787,10 @@ assign slave_isolate_req[L2Port1SlvIdx]      = 'd0;
 assign slave_isolate_req[L2Port2SlvIdx]      = 'd0;
 assign slave_isolate_req[EthernetSlvIdx]     = 'd0;
 assign slave_isolate_req[PeriphsSlvIdx]      = 'd0;
-assign secd_isolate_req                      = 'd0;
+// if secure boot is enabled then security island cannot be isolate under any circumstances
+// especially at boot time
+assign secd_isolate_req                      = car_regs_reg2hw.security_island_isolate.q &&
+                                               !secure_boot_i;
 
 always_comb begin: assign_isolated_responses
   slave_isolated = '0;
@@ -810,6 +815,10 @@ assign car_regs_hw2reg.pulp_cluster_isolate_status.de = 1'b1;
 assign car_regs_hw2reg.spatz_cluster_isolate_status.d = slave_isolated[FPClusterSlvIdx];
 assign car_regs_hw2reg.spatz_cluster_isolate_status.de = 1'b1;
 
+// security island only has a master port
+assign car_regs_hw2reg.security_island_isolate_status.d = master_isolated_rsp[SecurityIslandMstIdx];
+assign car_regs_hw2reg.security_island_isolate_status.de = 1'b1;
+
 // TODO: propagate isolated signal from security island to register
 
 // hyperbus reg req/rsp
@@ -1579,7 +1588,7 @@ secure_subsystem_synth_wrap #(
   .rst_ni           ( security_rst_n  ),
   .pwr_on_rst_ni    ( security_pwr_on_rst_n ),
   .fetch_en_i       ( car_regs_reg2hw.security_island_fetch_enable ),
-  .bootmode_i       ( '0              ),
+  .bootmode_i       ( bootmode_ot_i   ),
   .test_enable_i    ( test_mode_i     ),
   .irq_ibex_i       ( secd_mbox_intr  ), // from hostd or safed
    // JTAG port

diff --git a/tb/carfield_fix.sv b/tb/carfield_fix.sv
@@ -73,6 +73,8 @@ module carfield_soc_fixture;
   logic uart_hostd_tx;
   logic uart_hostd_rx;
 
+  logic secure_boot;
+
   logic uart_secd_tx;
   logic uart_secd_rx;
 
@@ -149,6 +151,7 @@ module carfield_soc_fixture;
     .jtag_safety_island_tdo_o   ( jtag_safed_tdo            ),
     .bootmode_ot_i              ( '0                        ),
     .bootmode_safe_isln_i       ( boot_mode_safed           ),
+    .secure_boot_i              ( secure_boot               ),
     .uart_tx_o                  ( uart_hostd_tx             ),
     .uart_rx_i                  ( uart_hostd_rx             ),
     .uart_ot_tx_o               ( uart_secd_tx              ),
@@ -377,6 +380,8 @@ module carfield_soc_fixture;
   ) secd_vip (
     .clk_vip   (),
     .rst_n_vip (),
+    // secure boot enabled
+    .secure_boot  ( secure_boot      ),
     // UART interface
     .uart_tx      ( uart_secd_tx     ),
     .uart_rx      ( uart_secd_rx     ),

diff --git a/tb/vip_security_island_soc.sv b/tb/vip_security_island_soc.sv
@@ -24,6 +24,8 @@ module vip_security_island_soc
 ) (
   output logic clk_vip,
   output logic rst_n_vip,
+  // secure boot enabled
+  output logic secure_boot,
   // UART interface
   input logic  uart_tx,
   output logic uart_rx,
@@ -56,6 +58,13 @@ module vip_security_island_soc
     @(posedge clk);
   endtask
 
+  /////////////////
+  // Secure boot //
+  /////////////////
+
+  // TODO: secure boot emulation mode is currently not tested
+  assign secure_boot = 1'b0;
+
   //////////
   // JTAG //
   //////////