Skip to content

Commit

Permalink
[hw,tlul_adapter_reg_racl,rtl] Add RACL protected tlul_adapter_reg
Browse files Browse the repository at this point in the history 
Signed-off-by: Robert Schilling <[email protected]>
  • Loading branch information
@Razer6
Razer6 committed Jan 8, 2025
1 parent 69f3aaa commit 47c3eab
Show file tree
Hide file tree
Showing 3 changed files with 188 additions and 0 deletions.
59 changes: 59 additions & 0 deletions hw/ip/tlul/adapter_reg_racl.core
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
CAPI=2:
# Copyright lowRISC contributors (OpenTitan project).
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
name: "lowrisc:tlul:adapter_reg_racl:0.1"
description: "TL-UL to Register interface adapter with RACL protection"

filesets:
files_rtl:
depend:
- lowrisc:prim:assert
- lowrisc:prim:secded
- lowrisc:tlul:common
- lowrisc:tlul:trans_intg
- lowrisc:systems:top_racl_pkg
files:
- rtl/tlul_adapter_reg_racl.sv
file_type: systemVerilogSource

files_verilator_waiver:
depend:
# common waivers
- lowrisc:lint:common

files_ascentlint_waiver:
depend:
# common waivers
- lowrisc:lint:common

files_veriblelint_waiver:
depend:
# common waivers
- lowrisc:lint:common

parameters:
SYNTHESIS:
datatype: bool
paramtype: vlogdefine


targets:
default: &default_target
filesets:
- tool_verilator ? (files_verilator_waiver)
- tool_ascentlint ? (files_ascentlint_waiver)
- tool_veriblelint ? (files_veriblelint_waiver)
- files_rtl
toplevel: tlul_adapter_reg_racl

lint:
<<: *default_target
default_tool: verilator
parameters:
- SYNTHESIS=true
tools:
verilator:
mode: lint-only
verilator_options:
- "-Wall"
128 changes: 128 additions & 0 deletions hw/ip/tlul/rtl/tlul_adapter_reg_racl.sv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0

`include "prim_assert.sv"

/**
* Tile-Link UL adapter for Register interface with RACL protection
*/

module tlul_adapter_reg_racl
import tlul_pkg::*;
import prim_mubi_pkg::mubi4_t;
#(
parameter bit CmdIntgCheck = 0, // 1: Enable command integrity check
parameter bit EnableRspIntgGen = 0, // 1: Generate response integrity
parameter bit EnableDataIntgGen = 0, // 1: Generate response data integrity
parameter int RegAw = 8, // Width of register address
parameter int RegDw = 32, // Shall be matched with TL_DW
parameter int AccessLatency = 0, // 0: same cycle, 1: next cycle
parameter bit EnableRacl = 0, // 1: Enable RACL checks on access
parameter bit RaclErrorRsp = 1, // 1: Return TLUL error on RACL errors
parameter int RaclPolicySelVec = 0, // RACL policy for this reg adapter
localparam int RegBw = RegDw/8
) (
input clk_i,
input rst_ni,

// TL-UL interface
input tl_h2d_t tl_i,
output tl_d2h_t tl_o,

// control interface
input mubi4_t en_ifetch_i,
output logic intg_error_o,

// RACL interface
input top_racl_pkg::racl_policy_vec_t racl_policies_i,
output logic racl_error_o,
output top_racl_pkg::racl_error_log_t racl_error_log_o,

// Register interface
output logic re_o,
output logic we_o,
output logic [RegAw-1:0] addr_o,
output logic [RegDw-1:0] wdata_o,
output logic [RegBw-1:0] be_o,
input busy_i,
// The following two signals are expected
// to be returned in AccessLatency cycles.
input [RegDw-1:0] rdata_i,
// This can be a write or read error.
input error_i
);
logic racl_read_allowed, racl_write_allowed, racl_error;
logic rd_req, wr_req;
logic [RegDw-1:0] rdata;

tlul_adapter_reg #(
.CmdIntgCheck (CmdIntgCheck),
.EnableRspIntgGen (EnableRspIntgGen),
.EnableDataIntgGen (EnableDataIntgGen),
.RegAw (RegAw),
.RegDw (RegDw),
.AccessLatency AccessLatency),
.CmdIntgCheck (CmdIntgCheck)
tlul_adapter_reg (
.clk_i,
.rst_ni,
.tl_i,
.tl_o,
.en_ifetch_i,
.intg_error_o,
.re_o(rd_req),
.we_o(wr_req),
.addr_o,
.wdata_o,
.be_o,
.busy_i,
.rdata_i(rdata),
.error_i(racl_error)
);

if (EnableRacl) begin : gen_racl_role_logic
// Retrieve RACL role from user bits and one-hot encode that for the comparison bitmap
top_racl_pkg::racl_role_t racl_role;
assign racl_role = top_racl_pkg::tlul_extract_racl_role_bits(tl_i.a_user.rsvd);

top_racl_pkg::racl_role_vec_t racl_role_vec;
prim_onehot_enc #(
.OneHotWidth( $bits(prim_onehot_enc) )
) u_racl_role_encode (
.in_i ( racl_role ),
.en_i ( 1'b1 ),
.out_o( racl_role_vec )
);

assign racl_read_allowed = (|(racl_policies_i[RaclPolicySelVec].read_perm & racl_role_vec));
assign racl_write_allowed = (|(racl_policies_i[RaclPolicySelVec].write_perm & racl_role_vec));

assign racl_error_o = (rd_req & ~racl_read_allowed) | (wr_req & ~racl_write_allowed);
// RACL only generates error responeses if enabled
assign racl_error = racl_error_o & RaclErrorRsp;
// Collect RACL error information
assign racl_error_log_o.read_not_write = tl_i.a_opcode == tlul_pkg::Get;
assign racl_error_log_o.racl_role = racl_role;
assign racl_error_log_o.ctn_uid =
top_racl_pkg::tlul_extract_ctn_uid_bits(tl_i.a_user.rsvd);

end else begin : gen_no_racl_role_logic
assign racl_read_allowed = 1'b1;
assign racl_write_allowed = 1'b1;
assign racl_violation = 1'b0;
assign racl_error = 1'b0;
assign racl_error_o = 1'b0;
assign racl_error_log_o = '0;
end

// Not all RACL policies are used, even if RACL is enabled
logic unused_policy_sel;
assign unused_policy_sel = ^racl_policies_i;

assign we_o = wr_req & racl_write_allowed;
assign re_o = rd_req & racl_read_allowed;
// Mask read data in case of a RACL violation
assign rdata = racl_violation? '1 : rdata_i;

endmodule
1 change: 1 addition & 0 deletions hw/ip/tlul/tlul.core
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ filesets:
- lowrisc:tlul:socket_m1
- lowrisc:tlul:adapter_sram
- lowrisc:tlul:adapter_reg
- lowrisc:tlul:adapter_reg_racl
- lowrisc:tlul:adapter_dmi
- lowrisc:tlul:jtag_dtm
- lowrisc:tlul:sram2tlul
Expand Down

0 comments on commit 47c3eab

Please sign in to comment.