[RTL] Register file output ports DCLS comparison#482
Conversation
When DCLS and `lockstep_regfile_enable` is enabled, previously, a subset of registers were directly compared. This has two drawbacks: - Area overhead is quite large as multiple registers need to be compared - No comprehensive protection as only a subset of registers were covered. This commit switches from a comparison of a subset of registers to the comparison of the read output ports of the main and the shadow core. This: - Saves area as only the output ports need to be compared - Covers all registers The detection latency is a bit higher as a fault injected into a registes is only detected when the register is read from the RF. However, this is fine as we are interested in detecting a fault when we are consuming the register file value. Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
ec1d774 to
4971ac0
Compare
kgugala
left a comment
There was a problem hiding this comment.
can we have this as another configuration option? Possibility to compare the registers is used in a few cases.
We can add the option to compare register file, but I'd prefer to add it as a configuration option and do not drop CSRs comparison
|
@kgugala is there a reason to maintain the previous implementation? Based on testing and security evaluation we have determined there are coverage gaps. The changes included in this PR will improve overall FI detection while at the same time reducing area cost. |
|
Thanks for the review @kgugala!
Regarding the CSR comparison: it's unchanged in this PR - |
|
Coverage report for this PR is available at https://chipsalliance.github.io/Cores-VeeR-EL2//html/dev/482/coverage_dashboard/all, documentation is available at https://chipsalliance.github.io/Cores-VeeR-EL2//html/dev/482/docs_rendered/html |
When DCLS and
lockstep_regfile_enableis enabled, previously, a subset of registers were directly compared. This has two drawbacks:This commit switches from a comparison of a subset of registers to the comparison of the read output ports of the main and the shadow core. This:
The detection latency is a bit higher as a fault injected into a registes is only detected when the register is read from the RF. However, this is fine as we are interested in detecting a fault when we are consuming the register file value.