[RTL] ICCM XOR Infection#481
Open
nasahlpa wants to merge 3 commits into
Open
Conversation
e5a31bc to
a16b2dc
Compare
Previously, `el2_ifu_iccm_mem` exposed two different ICCM read signals: - `iccm_rd_data_ecc`: Data from ICCM containing ECC. This signal is used inside `el2_ifu_mem_ctrl` to detect ECC errors. - `iccm_rd_data`: Aligned data without the ECC. This signal is used for the actual instruction execution. As `el2_ifu_iccm_mem` is not within the DCLS domain, a fault injected into `iccm_rd_data` would not be detected, neither by DCLS nor by ECC. This commit moves `iccm_rd_data` into `el2_ifu_mem_ctrl`, which is within the lockstep domain. Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
When enabled, before data is written into ICCM, the data is XORed with its write address. When the data is read back, this is removed by XORing the read address on the data. This creates a tie between write and read address. If read or write address would not match, the XOR in the read step would give garbled data, which is then detected by the ECC check. Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
a16b2dc to
b562402
Compare
|
Coverage report for this PR is available at https://chipsalliance.github.io/Cores-VeeR-EL2//html/dev/481/coverage_dashboard/all, documentation is available at https://chipsalliance.github.io/Cores-VeeR-EL2//html/dev/481/docs_rendered/html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When the optional build argument
iccm_addr_xoris set, the ICCM write word address is XORed into the data that gets stored into the ICCM. On a read, the ICCM read word address is XORed on the fetched data from ICCM. If both addresses match, the plain data is retrieved.If the read address does not match the write address, the address does not cancel. As after the read XOR the ECC check happens, the mismatch is detected by an ECC error. In addition, as the data is garbled, the instruction is corrupted as well.
This serves as an additional fault injection countermeasure.