User/dev/michnorris/tap mbox integ (#640)

* Add active mode bit to HW_CONFIG reg * New subsystem reg region in soc_ifc_reg * Remove fuse_lms_verify; add fuse_mldsa_revocation, per chipsalliance/Caliptra#235 * Regenerate with fuse regs changes * Move fuse_owner_pk_hash to CPTRA_OWNER_PK_HASH * Add new dedicated lock register for CPTRA_OWNER_PK_HASH * Drive CPTRA_OWNER_PK_HASH swwel appropriately * Update val collateral * Update coverage groups * Regenerate RDL outputs from changes * Addresses #540 * Use cmd line arg to build covergroups/sample include files * Add fw/hw cap, debug_auth_pk regs, debug unlock tokens, subsystem strap bank; rm lifecycle fuse; rename ready_for_fw; regenerate RDL * Remove fuse_life_cycle from soc_ifc_tb * More robust arg parsing * Add MCI base address strap * Upgrade RV core to latest, enable SMEPMP and User Mode (#628) * Override reset_vec to 0x0 with script call option (no longer need to hand-edit script) * Refactor iccm config for maintainability * VeeR core update to latest design file version * Add rev info file to indicate VeeR version consumed * Remove JTAG IDCODE command, as previously done * Route a core_enable signal to conditionally disable internal core TAP access * Add a dmi_active output signal * Updated RV instance for compatibility with latest DMI export signals * Updated VeeR mem export interface splits data/ecc * Enable SMEPMP with 64-entries; enable user-mode * Update directory includes/dependencies * Requires soc_ifc_pkg * Port width fix * First index is for bank number - fix * Move localparams to top of file, so they exist at the first usage * Update license headers on RV core * Regenerate file lists * Revert latch fix that causes Verilator failures * Replace 'repeat' (verilator dislikes) with for-loop; add missing begin-end * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-rv-upgrade' with updated timestamp and hash after successful run * [ENV] Fix path to smoke_test_doe_cg in nightly directed regression list (#632) * Fix path to smoke_test_doe_cg in nightly dir. regression list * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-dir-regr-fix' with updated timestamp and hash after successful run * start of tap mailbox changes * [RTL] Disable RV USER_MODE and SMEPMP (#633) * Reorganize defines.h to match ordering from VeeR repo latest -- but don't change any macro values or add new ones * Disable USER_MODE and SMEPMP (PMP is enabled by default, per chipsalliance/Cores-VeeR-EL2#258) * Syntax fix for clean lint (multibit signal used as boolean) * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-rv-dis-smepmp' with updated timestamp and hash after successful run * csr hmac signing key (#630) * csr hmac signing key implementation uvm hmac collaterals updated to validate the new flow * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/csr_hmac_key' with updated timestamp and hash after successful run * adding swwe to all control bits so they can only be set when ready * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/csr_hmac_key' with updated timestamp and hash after successful run * updating specifications for csr hmac key and key vault changes * details about csr mode in hw spec * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/csr_hmac_key' with updated timestamp and hash after successful run * [TB] Update soc_ifc C lib to support import by caliptra-ss (#637) * Remove inline fn in header so it can be included to caliptra-ss * Restamp repo after rebase * adding tap state to mailbox for tap mailbox feature. * Latest register set + generated RDL outputs + integ spec updates. Does not compile. * Syntax fixes; cleanup for clean compile; regenerated RDL; fixed port connections * adding tap interface to new registers * fixing latch * removed capture condition on security state wires moved dmi reg mode masking to inside soc ifc top fixed register permissions for DBG REQ added flush and debug condition for lifecycle states NOT in MANUF or PROD * fixing port list fixed signal name in soc ifc after moving from caliptra top * Rename SS_SOC_IFC_BASE_ADDR to CPTRA; make SS_GENERIC_FW_EXEC_CTRL 128b; Key Manifest Mask Fuse->256b * github issue 422 - reset value of device lifecycle UNPROVISIONED * missing arcs for dlen latching for new tap mode state transitions * Increase SS_GENERIC_FW_EXEC_CTRL width to 128b * adding readable hw/fw erro rencodings to uncore tap * reverting change for github issue 422 - rejected * typo * Addressing tweak in fuse_reg to better preserve legacy offsets * Remove unused signal declarations * Remove unused signal declarations * in utils.sh: 'date +%s' is more portable than 'EPOCHSECONDS' * Remove ss_dbg_prod_enable output bit * revert the live security state capture, instead capture on reset only update the security state capture if dbg level is appropriately set * MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/michnorris/tap_mbox_integ' with updated timestamp and hash after successful run * [RTL] Convert AXI_ID to AXI_USER (#642) * Convert AXI_ID to AXI_USER * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-axi-user' with updated timestamp and hash after successful run * Revert default user value of 1 - this is driven in TB when needed * MICROSOFT AUTOMATED PIPELINE: Stamp 'cwhitehead-msft-axi-user' with updated timestamp and hash after successful run * Fix a few comments that refer to AXI ID (now AXI USER) --------- Co-authored-by: Caleb Whitehead <cwhitehead@microsoft.com> Co-authored-by: Caleb <11879229+calebofearth@users.noreply.github.com>
chipsalliance · Nov 21, 2024 · 343ed42 · 343ed42
1 parent 4ae54c3
commit 343ed42
Show file tree

Hide file tree

Showing 40 changed files with 6,942 additions and 2,215 deletions.
diff --git a/.github/scripts/utils.sh b/.github/scripts/utils.sh
@@ -32,8 +32,8 @@ wait_for_phrase () {
     fi
 
     # Wait for the phrase
-    DEADLINE=$((${EPOCHSECONDS} + 30))
-    while [ ${EPOCHSECONDS} -lt ${DEADLINE} ]
+    DEADLINE=$(($(date +%s) + 30))
+    while [ $(date +%s) -lt ${DEADLINE} ]
     do
         # Check for the phrase
         grep "$2" "$1" >/dev/null

diff --git a/.github/workflow_metadata/pr_hash b/.github/workflow_metadata/pr_hash
@@ -1 +1 @@
-6104519ceefcd79a47c8c890b053f79f50e15d8213ab0685984df75f95b1273d5eff69ea0dc07cd2d53536d9ed52f88a
+b6ec230dfa7a26af9d7afc9566ae35622d609f78924b5a1cf4a952192baf6b86da8803708136956fb9aaac5903a643a4
diff --git a/.github/workflow_metadata/pr_timestamp b/.github/workflow_metadata/pr_timestamp
@@ -1 +1 @@
-1732036724
+1732148023
diff --git a/docs/CaliptraIntegrationSpecification.md b/docs/CaliptraIntegrationSpecification.md
@@ -63,8 +63,7 @@ The following table describes integration parameters.
 | **Defines** | **Defines file** | **Description** |
 | :--------- | :--------- | :--------- |
 | CALIPTRA_INTERNAL_TRNG  | config_defines.svh | Defining this enables the internal TRNG source. |
-| CALIPTRA_INTERNAL_UART  | config_defines.svh | Defining this enables the internal UART.        |
-| CALIPTRA_INTERNAL_QSPI  | config_defines.svh | Defining this enables the internal QSPI.        |
+| CALIPTRA_MODE_SUBSYSTEM | config_defines.svh | Defining this enables Caliptra to operate in subsystem mode. This includes features such as the debug unlock flow, AXI DMA (for recovery flow), subsystem level straps, among other capabilites. See [Caliptra Subsystem Architectural Flows](https://github.com/chipsalliance/Caliptra/blob/main/doc/Caliptra.md#caliptra-subsystem-architectural-flows) for more details |
 | USER_ICG                | config_defines.svh | If added by an integrator, provides the name of the custom clock gating module that is used in [clk_gate.sv](../src/libs/rtl/clk_gate.sv). USER_ICG replaces the clock gating module, CALIPTRA_ICG, defined in [caliptra_icg.sv](../src/libs/rtl/caliptra_icg.sv). This substitution is only performed if integrators also define TECH_SPECIFIC_ICG. |
 | TECH_SPECIFIC_ICG       | config_defines.svh | Defining this causes the custom, integrator-defined clock gate module (indicated by the USER_ICG macro) to be used in place of the native Caliptra clock gate module. |
 | USER_EC_RV_ICG          | config_defines.svh | If added by an integrator, provides the name of the custom clock gating module that is used in the RISC-V core. USER_EC_RV_ICG replaces the clock gating module, TEC_RV_ICG, defined in [beh_lib.sv](../src/riscv_core/veer_el2/rtl/lib/beh_lib.sv). This substitution is only performed if integrators also define TECH_SPECIFIC_EC_RV_ICG. |
@@ -150,12 +149,25 @@ The following tables describe the interface signals.
 | jtag_trst_n | 1 | input | Asynchronous assertion<br>Synchronous deassertion to jtag_tck | |
 | jtag_tdo | 1 | output | Synchronous to jtag_tck | |
 
-*Table 10: UART interface*
-
-| Signal name | Width | Driver | Synchronous (as viewed from Caliptra’s boundary) | Description |
-| :--------- | :--------- | :--------- | :--------- | :--------- |
-| uart_tx | 1 | output | | UART transmit pin |
-| uart_rx | 1 | input  | | UART receive pin  |
+*Table 10: Subsystem Straps and Control*
+
+| Signal name | Width      | Driver     | Synchronous (as viewed from Caliptra’s boundary) | Description |
+| :---------- | :--------- | :--------- | :----------------------------------------------- | :--------- |
+|  strap_ss_caliptra_base_addr                              | 64  | Input Strap | Synchronous to clk | |
+|  strap_ss_mci_base_addr                                   | 64  | Input Strap | Synchronous to clk | |
+|  strap_ss_recovery_ifc_base_addr                          | 64  | Input Strap | Synchronous to clk | |
+|  strap_ss_otp_fc_base_addr                                | 64  | Input Strap | Synchronous to clk | |
+|  strap_ss_uds_seed_base_addr                              | 64  | Input Strap | Synchronous to clk | |
+|  strap_ss_prod_debug_unlock_auth_pk_hash_reg_bank_offset  | 32  | Input Strap | Synchronous to clk | |
+|  strap_ss_num_of_prod_debug_unlock_auth_pk_hashes         | 32  | Input Strap | Synchronous to clk | |
+|  strap_ss_strap_generic_0                                 | 32  | Input Strap | Synchronous to clk | |
+|  strap_ss_strap_generic_1                                 | 32  | Input Strap | Synchronous to clk | |
+|  strap_ss_strap_generic_2                                 | 32  | Input Strap | Synchronous to clk | |
+|  strap_ss_strap_generic_3                                 | 32  | Input Strap | Synchronous to clk | |
+|  ss_debug_intent                                          | 1   | Input Strap | Synchronous to clk | Sample on cold reset. Used in Subsystem mode only. Indicates that the SoC is in debug mode and a user intends to request unlock of debug mode through the TAP mailbox. In Passive mode, integrators shall tie this input to 0. |
+|  ss_dbg_manuf_enable                                      | 1   | Output      | Synchronous to clk | |
+|  ss_soc_dbg_unlock_level                                  | 64  | Output      | Synchronous to clk | |
+|  ss_generic_fw_exec_ctrl                                  | 128 | Output      | Synchronous to clk | |
 
 *Table 11: Security and miscellaneous*
 
@@ -228,6 +240,7 @@ Caliptra firmware internally has the capability to force release the mailbox bas
 ### Straps
 
 Straps are signal inputs to Caliptra that are sampled once on reset exit, and the latched value persists throughout the remaining uptime of the system. Straps are sampled on either caliptra pwrgood signal deassertion or cptra\_noncore\_rst\_b deassertion – refer to interface table for list of straps.
+In 2.0, Caliptra adds support for numerous Subsystem-level straps. These straps are initialized on cold boot to the value from the external port, but may also be rewritten by the SoC firmware at any time prior to CPTRA_FUSE_WR_DONE being set. Once written and locked, the values of these straps persist until a cold reset.
 
 ### Obfuscation key
 
@@ -247,11 +260,11 @@ SoC must ensure that there are no SCAN cells on the flops that latch this key in
 
 ## Late binding interface signals
 
-The interface signals GENERIC\_INPUT\_WIRES and GENERIC\_OUTPUT\_WIRES are placeholders on the SoC interface reserved for late binding features. This may include any feature that is required for correct operation of the design in the final integrated SoC and that may not be accommodated through existing interface signaling (such as the mailbox).
+The interface signals GENERIC\_INPUT\_WIRES, GENERIC\_OUTPUT\_WIRES, and strap\_ss\_strap\_generic\_N are placeholders on the SoC interface reserved for late binding features. This may include any feature that is required for correct operation of the design in the final integrated SoC and that may not be accommodated through existing interface signaling (such as the mailbox).
 
-While these late binding interface pins are generic in nature until assigned a function, integrators must not define non-standard use cases for these pins. Defining standard use cases ensures that the security posture of Caliptra in the final implementation is not degraded relative to the consortium design intent. Bits in GENERIC\_INPUT\_WIRES that don't have a function defined in Caliptra must be tied to a 0-value. These undefined input bits shall not be connected to any flip flops (which would allow run-time transitions on the value).
+While these late binding interface pins are generic in nature until assigned a function, integrators must not define non-standard use cases for these pins. Defining standard use cases ensures that the security posture of Caliptra in the final implementation is not degraded relative to the consortium design intent. Bits in GENERIC\_INPUT\_WIRES and strap\_ss\_strap\_generic\_N that don't have a function defined in Caliptra must be tied to a 0-value. These undefined input bits shall not be connected to any flip flops (which would allow run-time transitions on the value).
 
-Each wire connects to a register in the SoC Interface register bank through which communication to the internal microprocessor may be facilitated. Each signal is 64 bits in size.
+Each wire connects to a register in the SoC Interface register bank through which communication to the internal microprocessor may be facilitated. Each of the generic wire signals is 64 bits in size. The size of the generic strap is indicated in Table 10.
 
 Activity on any bit of the GENERIC\_INPUT\_WIRES triggers a notification interrupt to the microcontroller indicating a bit toggle.
 
@@ -514,7 +527,7 @@ The following memories are exported:
 * Instruction Closely-Coupled Memory (ICCM)
 * Data Closely Coupled Memory (DCCM)
 
-Table 4 indicates the signals contained in the memory interface. Direction is relative to the exported memory wrapper that is instantiated outside of the Caliptra subsystem (that is, from the testbench perspective).
+Table 8 indicates the signals contained in the memory interface. Direction is relative to the exported memory wrapper that is instantiated outside of the Caliptra subsystem (that is, from the testbench perspective).
 
 ## SRAM timing behavior
 * [Writes] Input wren signal is asserted simultaneously with input data and address. Input data is stored at the input address 1 clock cycle later.