Skip to content

[RTL] ICCM XOR Infection#481

Open
nasahlpa wants to merge 3 commits into
mainfrom
dev/nasahlpa/iccm_xor_infection
Open

[RTL] ICCM XOR Infection#481
nasahlpa wants to merge 3 commits into
mainfrom
dev/nasahlpa/iccm_xor_infection

Conversation

@nasahlpa

Copy link
Copy Markdown
Collaborator

When the optional build argument iccm_addr_xor is set, the ICCM write word address is XORed into the data that gets stored into the ICCM. On a read, the ICCM read word address is XORed on the fetched data from ICCM. If both addresses match, the plain data is retrieved.

If the read address does not match the write address, the address does not cancel. As after the read XOR the ECC check happens, the mismatch is detected by an ECC error. In addition, as the data is garbled, the instruction is corrupted as well.

This serves as an additional fault injection countermeasure.

@nasahlpa nasahlpa force-pushed the dev/nasahlpa/iccm_xor_infection branch 2 times, most recently from e5a31bc to a16b2dc Compare July 1, 2026 13:20
nasahlpa added 3 commits July 1, 2026 16:06
Previously, `el2_ifu_iccm_mem` exposed two different ICCM read
signals:
- `iccm_rd_data_ecc`: Data from ICCM containing ECC. This signal
  is used inside `el2_ifu_mem_ctrl` to detect ECC errors.
- `iccm_rd_data`: Aligned data without the ECC. This signal is
  used for the actual instruction execution.

As `el2_ifu_iccm_mem` is not within the DCLS domain, a fault
injected into `iccm_rd_data` would not be detected, neither by
DCLS nor by ECC.

This commit moves `iccm_rd_data` into `el2_ifu_mem_ctrl`, which
is within the lockstep domain.

Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
When enabled, before data is written into ICCM, the data is XORed
with its write address. When the data is read back, this is
removed by XORing the read address on the data. This creates a
tie between write and read address.

If read or write address would not match, the XOR in the read step
would give garbled data, which is then detected by the ECC check.

Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
@nasahlpa nasahlpa force-pushed the dev/nasahlpa/iccm_xor_infection branch from a16b2dc to b562402 Compare July 1, 2026 15:05
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant