diff --git a/src/fuse_ctrl/data/otp_ctrl.rdl b/src/fuse_ctrl/data/otp_ctrl.rdl index 9dc9a9f19..686037d8e 100644 --- a/src/fuse_ctrl/data/otp_ctrl.rdl +++ b/src/fuse_ctrl/data/otp_ctrl.rdl @@ -16,7 +16,7 @@ //////////////////////////////////////////////////////////////// // Fuse Contrller Registers -parameter int OtpByteAddrWidth = 12; +//parameter int OtpByteAddrWidth = 12; addrmap caliptra_otp_ctrl { reg { @@ -28,8 +28,8 @@ addrmap caliptra_otp_ctrl { field { sw = rw; onwrite = woclr; - desc = "An errr has occurred in the OTP contrller. Check the !!ERR_CODE register to get more information."; - } OTP_ERrR[1:1]; + desc = "An error has occurred in the OTP contrller. Check the !!ERR_CODE register to get more information."; + } OTP_error[1:1]; } INTERRUPT_STATE @ 0x0; reg { @@ -41,8 +41,8 @@ addrmap caliptra_otp_ctrl { field { sw = rw; onwrite = woclr; - desc = "Enable interrupt when otp_errr is set."; - } OTP_ERrR[1:1]; + desc = "Enable interrupt when otp_error is set."; + } OTP_error[1:1]; } INTERRUPT_ENABLE @ 0x4; reg { @@ -52,23 +52,23 @@ addrmap caliptra_otp_ctrl { } OTP_OPERATION_DONE[0:0]; field { sw = w; - desc = "Write 1 to force otp_errr to 1."; - } OTP_ERrR[1:1]; + desc = "Write 1 to force otp_error to 1."; + } OTP_error[1:1]; } INTERRUPT_TEST @ 0x8; reg { field { sw = w; desc = "Write 1 to trigger one alert event of this kind."; - } FATAL_MACr_ERrR[0:0]; + } FATAL_MACr_error[0:0]; field { sw = w; desc = "Write 1 to trigger one alert event of this kind."; - } FATAL_CHECK_ERrR[1:1]; + } FATAL_CHECK_error[1:1]; field { sw = w; desc = "Write 1 to trigger one alert event of this kind."; - } FATAL_BUS_INTEG_ERrR[2:2]; + } FATAL_BUS_INTEG_error[2:2]; field { sw = w; desc = "Write 1 to trigger one alert event of this kind."; @@ -82,60 +82,60 @@ addrmap caliptra_otp_ctrl { reg { field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } VENDOR_TEST_ERrR[0:0]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } VENDOR_TEST_error[0:0]; field { sw = r; - desc = Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } NON_SECRET_FUSES_ERrR[1:1]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } NON_SECRET_FUSES_error[1:1]; field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } SECRET0_ERrR[2:2]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } SECRET0_error[2:2]; field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } SECRET1_ERrR[3:3]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } SECRET1_error[3:3]; field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } SECRET2_ERrR[4:4]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } SECRET2_error[4:4]; field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } SECRET3_ERrR[5:5]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } SECRET3_error[5:5]; field { sw = r; - desc = "Set to 1 if an errr occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } LIFE_CYCLE_ERrR[6:6]; + desc = "Set to 1 if an error occurred in this partition.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } LIFE_CYCLE_error[6:6]; field { sw = r; - desc = "Set to 1 if an errr occurred in the DAI.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } DAI_ERrR[7:7]; + desc = "Set to 1 if an error occurred in the DAI.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } DAI_error[7:7]; field { sw = r; - desc = "Set to 1 if an errr occurred in the LCI.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; - } LCI_ERrR[8:8]; + desc = "Set to 1 if an error occurred in the LCI.\nIf set to 1, SW should check the !!ERR_CODE register at the corresponding index."; + } LCI_error[8:8]; field { sw = r; - desc = "Set to 1 if an integrity or consistency check times out.\nThis raises an fatal_check_errr alert and is an unrecoverable errr condition."; - } TIMEOUT_ERrR[9:9]; + desc = "Set to 1 if an integrity or consistency check times out.\nThis raises an fatal_check_error alert and is an unrecoverable error condition."; + } TIMEOUT_error[9:9]; field { sw = r; - desc = "Set to 1 if the LFSR timer FSM has reached an invalid state.\nThis raises an fatal_check_errr alert and is an unrecoverable errr condition."; - } LFSR_FSM_ERrR[10:10]; + desc = "Set to 1 if the LFSR timer FSM has reached an invalid state.\nThis raises an fatal_check_error alert and is an unrecoverable error condition."; + } LFSR_FSM_error[10:10]; field { sw = r; - desc = "Set to 1 if the scrambling datapath FSM has reached an invalid state.\nThis raises an fatal_check_errr alert and is an unrecoverable errr condition."; - } SCRAMBLING_FSM_ERrR[11:11]; + desc = "Set to 1 if the scrambling datapath FSM has reached an invalid state.\nThis raises an fatal_check_error alert and is an unrecoverable error condition."; + } SCRAMBLING_FSM_error[11:11]; field { sw = r; - desc = "Set to 1 if the key derivation FSM has reached an invalid state.\nThis raises an fatal_check_errr alert and is an unrecoverable errr condition."; - } KEY_DERIV_FSM_ERrR[12:12]; + desc = "Set to 1 if the key derivation FSM has reached an invalid state.\nThis raises an fatal_check_error alert and is an unrecoverable error condition."; + } KEY_DERIV_FSM_error[12:12]; field { sw = r; - desc = "This bit is set to 1 if a fatal bus integrity fault is detected.\nThis errr triggers a fatal_bus_integ_errr alert."; - } BUS_INTEG_ERrR[13:13]; + desc = "This bit is set to 1 if a fatal bus integrity fault is detected.\nThis error triggers a fatal_bus_integ_error alert."; + } BUS_INTEG_error[13:13]; field { sw = r; desc = "Set to 1 if the DAI is idle and ready to accept commands."; @@ -152,33 +152,39 @@ addrmap caliptra_otp_ctrl { * Default prperties for Register File * --------------------------------- */ - name = "Errr Code Register Block"; - desc = "Set of registers to implement errr_code functionality - for Fuse Contrller. + name = "error Code Register Block"; + desc = "Set of registers to implement error_code functionality + for Fuse Contrller."; - default regwidth = 32; // reg prperty - default accesswidth = 32; // reg prperty - default sw = r; // field prperty - default hw = hwo; // field prperty + default regwidth = 32; // reg property + default accesswidth = 32; // reg property + default sw = r; // field property + default hw = w; // field property /* ------------------------------------ * Register definitions * -----------------------------------*/ reg err_code_reg_t { - name = "ERR_CODE"; - desc = "This register holds information about errr conditions that occurred in the agents\ninteracting with the OTP macr via the internal bus. The errr codes should be checked\nif the partitions, DAI or LCI flag an errr in the !!STATUS register, or when an\n!!INTR_STATE.otp_errr has been triggered. Note that all errrs trigger an otp_errr\ninterrupt, and in addition some errrs may trigger either an fatal_macr_errr or an\nfatal_check_errr alert."; - - default sw = r; // field prperty - default hw = hwo; // field prperty - - field { desc = "No errr condition has occurred.";} NO_ERrR = 3'h0; - field { desc = "Returned if the OTP macr command was invalid or did not complete successfully\ndue to a macr malfunction.\nThis errr should never occur during normal operation and is not recoverable.\nThis errr triggers an fatal_macr_errr alert.";} MACr_ERrR = 3'h1; - field { desc = "A correctable ECC errr has occured during an OTP read operation.\nThe corresponding contrller automatically recovers frm this errr when\nissuing a new command.";} MACr_ECC_CORR_ERrR = 3'h2; - field { desc = "An uncorrectable ECC errr has occurred during an OTP read operation.\nThis errr should never occur during normal operation and is not recoverable.\nIf this errr is present this may be a sign that the device is malfunctioning.\nThis errr triggers an fatal_macr_errr alert.";} MACr_ECC_UNCORR_ERrR = 3'h3; - field { desc = "This errr is returned if a prgramming operation attempted to clear a bit that has previously been prgrammed to 1.\nThe corresponding contrller automatically recovers frm this errr when issuing a new command.\n\nNote however that the affected OTP word may be left in an inconsistent state if this errr occurs.\nThis can cause several issues when the word is accessed again (either as part of a regular read operation, as part of the readout at boot, or as part of a backgrund check).\n\nIt is important that SW ensures that each word is only written once, since this can render the device useless.";} MACr_WRITE_BLANK_ERrR = 3'h4; - field { desc = "This errr indicates that a locked memory region has been accessed.\nThe corresponding contrller automatically recovers frm this errr when issuing a new command.";} ACCESS_ERrR = 3'h5; - field { desc = "An ECC, integrity or consistency mismatch has been detected in the buffer registers.\nThis errr should never occur during normal operation and is not recoverable.\nThis errr triggers an fatal_check_errr alert.";} CHECK_FAIL_ERrR = 3'h6; - field { desc = "The FSM of the corresponding contrller has reached an invalid state, or the FSM has\nbeen moved into a terminal errr state due to an escalation action via lc_escalate_en_i.\nThis errr should never occur during normal operation and is not recoverable.\nIf this errr is present, this is a sign that the device has fallen victim to\nan invasive attack. This errr triggers an fatal_check_errr alert.";} FSM_STATE_ERrR = 3'h7; + desc = "This register holds information about error conditions that occurred in the agents + interacting with the OTP macr via the internal bus. The error codes should be checked + if the partitions, DAI or LCI flag an error in the !!STATUS register, or when an + !!INTR_STATE.otp_error has been triggered. Note that all errors trigger an otp_error + interrupt, and in addition some errors may trigger either an fatal_macr_error or an + fatal_check_error alert."; + + default sw = r; // field property + default hw = w; // field property + + field { desc = "No error condition has occurred.";} NO_error = 3'h0; + field { desc = "Returned if the OTP macr command was invalid or did not complete successfully + due to a macr malfunction. This error should never occur during normal operation and is not recoverable. + This error triggers an fatal_macr_error alert.";} MACr_error = 3'h1; + field { desc = "A correctable ECC error has occured during an OTP read operation.\nThe corresponding contrller automatically recovers frm this error when\nissuing a new command.";} MACr_ECC_CORR_error = 3'h2; + field { desc = "An uncorrectable ECC error has occurred during an OTP read operation.\nThis error should never occur during normal operation and is not recoverable.\nIf this error is present this may be a sign that the device is malfunctioning.\nThis error triggers an fatal_macr_error alert.";} MACr_ECC_UNCORR_error = 3'h3; + field { desc = "This error is returned if a prgramming operation attempted to clear a bit that has previously been prgrammed to 1.\nThe corresponding contrller automatically recovers frm this error when issuing a new command.\n\nNote however that the affected OTP word may be left in an inconsistent state if this error occurs.\nThis can cause several issues when the word is accessed again (either as part of a regular read operation, as part of the readout at boot, or as part of a backgrund check).\n\nIt is important that SW ensures that each word is only written once, since this can render the device useless.";} MACr_WRITE_BLANK_error = 3'h4; + field { desc = "This error indicates that a locked memory region has been accessed.\nThe corresponding contrller automatically recovers frm this error when issuing a new command.";} ACCESS_error = 3'h5; + field { desc = "An ECC, integrity or consistency mismatch has been detected in the buffer registers.\nThis error should never occur during normal operation and is not recoverable.\nThis error triggers an fatal_check_error alert.";} CHECK_FAIL_error = 3'h6; + field { desc = "The FSM of the corresponding contrller has reached an invalid state, or the FSM has\nbeen moved into a terminal error state due to an escalation action via lc_escalate_en_i.\nThis error should never occur during normal operation and is not recoverable.\nIf this error is present, this is a sign that the device has fallen victim to\nan invasive attack. This error triggers an fatal_check_error alert.";} FSM_STATE_error = 3'h7; }; /* ----------- Registers -----------*/ @@ -198,27 +204,24 @@ addrmap caliptra_otp_ctrl { reg { desc = "Register write enable for all direct access interface registers."; - sw = rw; - onwrite = wzclr; - hw = rw; - hwext = true; + default sw = rw; + default onwrite = wzc; + default hw = rw; + //default hwext = true; field { desc = "This bit contrls whether the DAI registers can be written.\nWrite 0 to it in order to clear the bit.\n\nNote that the hardware also modulates this bit and sets it to 0 temporarily\nduring an OTP operation such that the corresponding address and data registers\ncannot be modified while an operation is pending. The !!DAI_IDLE status bit\nwill also be set to 0 in such a case."; reset = 0x1; - } [0:0]; + } REGWEN [0:0]; } DIRECT_ACCESS_REGWEN @ 0x38; reg { desc = "Command register for direct accesses."; - sw = w; - onwrite = woclr; - hw = r; - hwext = true; - reset = 0x0; - prperty { - name = "write_prtect"; - value = "DIRECT_ACCESS_REGWEN[0] == 1"; // Write allowed only if DIRECT_ACCESS_REGWEN[0] is 1 - }; + default sw = w; + default onwrite = wzc; + default hw = r; + //hwext = true; + default reset = 0x0; + default swwe = DIRECT_ACCESS_REGWEN; field { desc = "Initiates a readout sequence that reads the location specified\nby !!DIRECT_ACCESS_ADDRESS. The command places the data read into\n!!DIRECT_ACCESS_RDATA_0 and !!DIRECT_ACCESS_RDATA_1 (for 64bit partitions)."; } RD [0:0]; @@ -232,16 +235,13 @@ addrmap caliptra_otp_ctrl { reg { desc = "Address register for direct accesses."; - sw = rw; - hw = r; - reset = 0x0; - prperty { - name = "write_prtect"; - value = "DIRECT_ACCESS_REGWEN[0] == 1"; // Write allowed only if DIRECT_ACCESS_REGWEN[0] is 1 - }; + default sw = rw; + default hw = r; + default reset = 0x0; + default swwe = DIRECT_ACCESS_REGWEN; field { desc = "This is the address for the OTP word to be read or written thrugh\nthe direct access interface. Note that the address is aligned to the access size\ninternally, hence bits 1:0 are ignored for 32bit accesses, and bits 2:0 are ignored\nfor 64bit accesses.\n\nFor the digest calculation command, set this register to the partition base offset."; - } [OtpByteAddrWidth-1:0]; + } ADDRESS [11:0]; } DIRECT_ACCESS_ADDRESS @ 0x40; regfile dir_acc_wdata_t { @@ -251,30 +251,27 @@ addrmap caliptra_otp_ctrl { name = "Direct Access Wdata Register Block"; desc = "Set of registers to implement wdata functionality - for Fuse Contrller. - reset = 0x0; - prperty { - name = "write_prtect"; - value = "DIRECT_ACCESS_REGWEN[0] == 1"; // Write allowed only if DIRECT_ACCESS_REGWEN[0] is 1 - }; - - default regwidth = 32; // reg prperty - default accesswidth = 32; // reg prperty - default sw = r; // field prperty - default hw = hwo; // field prperty - defalt hwext = true; + for Fuse Contrller."; + default reset = 0x0; + default swwe = DIRECT_ACCESS_REGWEN; + default regwidth = 32; // reg property + default accesswidth = 32; // reg property + default sw = r; // field property + default hw = w; // field property + //defalt hwext = true; /* ------------------------------------ * Register definitions * -----------------------------------*/ reg dai_wdata_t { - name = "DIRECT_ACCESS_WDATA"; - desc = "Write data for direct accesses.\n Hardware automatically determines the access granule (32bit or 64bit) based on which\n partition is being written to.\n"; + desc = "Write data for direct accesses. + Hardware automatically determines the access granule (32bit or 64bit) based on which + partition is being written to."; default sw = r; // field prperty - default hw = hwo; // field prperty + default hw = w; // field prperty - field { desc = "wdata.";} [31:0]; + field { desc = "wdata.";} WDATA [31:0]; }; /* ------------- Registers --------------*/ @@ -292,26 +289,27 @@ addrmap caliptra_otp_ctrl { name = "Direct Access Wdata Register Block"; desc = "Set of registers to implement wdata functionality - for Fuse Contrller. - reset = 0x0; + for Fuse Contrller."; + default reset = 0x0; default regwidth = 32; // reg prperty default accesswidth = 32; // reg prperty default sw = r; // field prperty - default hw = hwo; // field prperty - default hwext = true; + default hw = w; // field prperty + //default hwext = true; /* ------------------------------------ * Register definitions * -----------------------------------*/ reg dai_rdata_t { - name = "DIRECT_ACCESS_RDATA"; - desc = "Read data for direct accesses.\n Hardware automatically determines the access granule (32bit or 64bit) based on which\n partition is read frm.\n"; + desc = "Read data for direct accesses. + Hardware automatically determines the access granule (32bit or 64bit) based on which + partition is read from."; default sw = r; // field prperty - default hw = hwo; // field prperty + default hw = w; // field prperty - field { desc = "rdata.";} [31:0]; + field { desc = "rdata.";} RDATA [31:0]; }; /* ------------- Registers --------------*/ @@ -324,114 +322,111 @@ addrmap caliptra_otp_ctrl { reg { desc = "Register write enable for !!CHECK_TRIGGER."; - sw = rw; - onwrite = wzclr; - hw = na; + default sw = rw; + default onwrite = wzc; + default hw = na; field { - desc = "When cleared to 0, the !!CHECK_TRIGGER register cannot be written anymore.\nWrite 0 to clear this bit."; + desc = "When cleared to 0, the !!CHECK_TRIGGER register cannot be written anymore. + Write 0 to clear this bit."; reset = 0x1; - } [0:0]; + } REGWEN [0:0]; } CHECK_TRIGGER_REGWEN @ 0x54; reg { desc = "Command register for direct accesses."; - sw = w1c; - hw = r0; - hwext = true; - reset = 0x0; - prperty { - name = "write_prtect"; - value = "CHECK_TRIGGER_REGWEN[0] == 1"; // Write allowed only if CHECK_TRIGGER_REGWEN[0] is 1 - }; - field { - desc = "Writing 1 to this bit triggers an integrity check. SW should monitor !!STATUS.CHECK_PENDING\nand wait until the check has been completed. If there are any errrs, those will be flagged\nin the !!STATUS and !!ERR_CODE registers, and via the interrupts and alerts."; + default sw = w; + default onwrite = woclr; + default hw = r; // Needs to read 0 + //hwext = true; + default reset = 0x0; + default swwe = CHECK_TRIGGER_REGWEN; + field { + desc = "Writing 1 to this bit triggers an integrity check. SW should monitor !!STATUS.CHECK_PENDING + and wait until the check has been completed. If there are any errors, those will be flagged + in the !!STATUS and !!ERR_CODE registers, and via the interrupts and alerts."; } INTEGRITY[0:0]; field { - desc = "Writing 1 to this bit triggers a consistency check. SW should monitor !!STATUS.CHECK_PENDING\nand wait until the check has been completed. If there are any errrs, those will be flagged\nin the !!STATUS and !!ERR_CODE registers, and via interrupts and alerts."; + desc = "Writing 1 to this bit triggers a consistency check. SW should monitor !!STATUS.CHECK_PENDING\nand wait until the check has been completed. If there are any errors, those will be flagged\nin the !!STATUS and !!ERR_CODE registers, and via interrupts and alerts."; } CONSISTENCY[1:1]; } CHECK_TRIGGER @ 0x58; reg { desc = "Register write enable for !!INTEGRITY_CHECK_PERIOD and !!CONSISTENCY_CHECK_PERIOD."; - sw = w; - onwrite = wzclr; - hw = na; + default sw = w; + default onwrite = wzc; + default hw = na; field { desc = "When cleared to 0, !!INTEGRITY_CHECK_PERIOD and !!CONSISTENCY_CHECK_PERIOD registers cannot be written anymore.\nWrite 0 to clear this bit."; reset = 0x1; - } [0:0]; + } REGWEN [0:0]; } CHECK_REGWEN @ 0x5C; reg { desc = "Timeout value for the integrity and consistency checks."; - sw = rw; - hw = r; - prperty { - name = "write_prtect"; - value = "CHECK_REGWEN[0] == 1"; // Write allowed only if CHECK_REGWEN[0] is 1 - }; - field { - desc = "Timeout value in cycles for the for the integrity and consistency checks. If an integrity or consistency\ncheck does not complete within the timeout window, an errr will be flagged in the !!STATUS register,\nan otp_errr interrupt will be raised, and an fatal_check_errr alert will be sent out. The timeout should\nbe set to a large value to stay on the safe side. The maximum check time can be upper bounded by the\nnumber of cycles it takes to readout, scramble and digest the entire OTP array. Since this amounts to\nrughly 25k cycles, it is recommended to set this value to at least 100'000 cycles in order to stay on the\nsafe side. A value of zer disables the timeout mechanism (default)."; + default sw = rw; + default hw = r; + default swwe = CHECK_REGWEN; + field { + desc = "Timeout value in cycles for the for the integrity and consistency checks. If an integrity or consistency + check does not complete within the timeout window, an error will be flagged in the !!STATUS register, + an otp_error interrupt will be raised, and an fatal_check_error alert will be sent out. The timeout should + be set to a large value to stay on the safe side. The maximum check time can be upper bounded by the + number of cycles it takes to readout, scramble and digest the entire OTP array. Since this amounts to + rughly 25k cycles, it is recommended to set this value to at least 100'000 cycles in order to stay on the + safe side. A value of zer disables the timeout mechanism (default)."; reset = 0x0; - } [31:0]; + } TIMEOUT [31:0]; } CHECK_TIMEOUT @ 0x60; reg { desc = "This value specifies the maximum period that can be generated pseudo-randomly.\nOnly applies to the HW_CFG* and SECRET* partitions once they are locked."; - sw = rw; - hw = r; - prperty { - name = "write_prtect"; - value = "CHECK_REGWEN[0] == 1"; // Write allowed only if CHECK_REGWEN[0] is 1 - }; - field { - desc = "The pseudo-random period is generated using a 40bit LFSR internally, and this register defines\nthe bit mask to be applied to the LFSR output in order to limit its range. The value of this\nregister is left shifted by 8bits and the lower bits are set to 8'hFF in order to form the 40bit mask.\nA recommended value is 0x3_FFFF, corresponding to a maximum period of ~2.8s at 24MHz.\nA value of zer disables the timer (default). Note that a one-off check can always be triggered via\n!!CHECK_TRIGGER.INTEGRITY."; + default sw = rw; + default hw = r; + default swwe = CHECK_REGWEN; + field { + desc = "The pseudo-random period is generated using a 40bit LFSR internally, and this register defines + the bit mask to be applied to the LFSR output in order to limit its range. The value of this + register is left shifted by 8bits and the lower bits are set to 8'hFF in order to form the 40bit mask. + A recommended value is 0x3_FFFF, corresponding to a maximum period of ~2.8s at 24MHz. + A value of zer disables the timer (default). Note that a one-off check can always be triggered via + !!CHECK_TRIGGER.INTEGRITY."; reset = 0x0; - } [31:0]; + } PERIOD [31:0]; } INTEGRITY_CHECK_PERIOD @ 0x64; reg { desc = "This value specifies the maximum period that can be generated pseudo-randomly.\nThis applies to the LIFE_CYCLE partition and the HW_CFG* and SECRET* partitions once they are locked."; - sw = rw; - hw = r; - prperty { - name = "write_prtect"; - value = "CHECK_REGWEN[0] == 1"; // Write allowed only if CHECK_REGWEN[0] is 1 - }; + default sw = rw; + default hw = r; + default swwe = CHECK_REGWEN; field { desc = "The pseudo-random period is generated using a 40bit LFSR internally, and this register defines\nthe bit mask to be applied to the LFSR output in order to limit its range. The value of this\nregister is left shifted by 8bits and the lower bits are set to 8'hFF in order to form the 40bit mask.\nA recommended value is 0x3FF_FFFF, corresponding to a maximum period of ~716s at 24MHz.\nA value of zer disables the timer (default). Note that a one-off check can always be triggered via\n!!CHECK_TRIGGER.CONSISTENCY."; reset = 0x0; - } [31:0]; + } PERIOD [31:0]; } CONSISTENCY_CHECK_PERIOD @ 0x68; reg { desc = "Runtime read lock for the VENDOR_TEST partition."; - sw = rw; - onwrite = wzclr; - hw = r; - prperty { - name = "write_prtect"; - value = "DIRECT_ACCESS_REGWEN[0] == 1"; // Write allowed only if DIRECT_ACCESS_REGWEN[0] is 1 - }; + default sw = rw; + default onwrite = wzc; + default hw = r; + default swwe = DIRECT_ACCESS_REGWEN; field { desc = "When cleared to 0, read access to the VENDOR_TEST partition is locked.\nWrite 0 to clear this bit."; reset = 0x1; - } [0:0]; + } READ_LOCK [0:0]; } VENDOR_TEST_READ_LOCK @ 0x6C; reg { desc = "Runtime read lock for the NON_SECRET_FUSES partition."; - sw = rw; - onwrite = wzclr; - hw = r; - prperty { - name = "write_prtect"; - value = "DIRECT_ACCESS_REGWEN[0] == 1"; // Write allowed only if DIRECT_ACCESS_REGWEN[0] is 1 - }; + default sw = rw; + default onwrite = wzc; + default hw = r; + default swwe = DIRECT_ACCESS_REGWEN; field { desc = "When cleared to 0, read access to the NON_SECRET_FUSES_READ_LOCK partition is locked.\nWrite 0 to clear this bit."; reset = 0x1; - } [0:0]; + } READ_LOCK [0:0]; } NON_SECRET_FUSES_READ_LOCK @ 0x70; regfile digest_t { @@ -440,28 +435,31 @@ addrmap caliptra_otp_ctrl { * --------------------------------- */ name = "DIGEST"; desc = "Digest register block"; - reset = 0x0; + default reset = 0x0; default sw = r; default hw = r; - default hwext = true; + //default hwext = true; /* ------------------------------------ * Register definitions * -----------------------------------*/ reg digest_reg_t { name = "DIGEST"; - desc = "Integrity digest for partition.\n The integrity digest is 0 by default. Software must write this\n digest value via the direct access interface in order to lock the partition.\n After a reset, write access to the VENDOR_TEST partition is locked and\n the digest becomes visible in this CSR.\n"; + desc = "Integrity digest for partition. + The integrity digest is 0 by default. Software must write this + digest value via the direct access interface in order to lock the partition. + After a reset, write access to the VENDOR_TEST partition is locked and\n the digest becomes visible in this CSR."; default sw = r; // field prperty - default hw = hwo; // field prperty + default hw = w; // field prperty - field { desc = "Digest.";} [31:0]; + field { desc = "Digest.";} DIGEST [31:0]; }; /* ------------- Registers --------------*/ - dai_rdata_t DIGEST_0 @ 0x0; // - dai_rdata_t DIGEST_1 @ 0x4; // + digest_reg_t DIGEST_0 @ 0x0; // + digest_reg_t DIGEST_1 @ 0x4; // /* --------------------------------------*/ }; @@ -474,28 +472,30 @@ addrmap caliptra_otp_ctrl { * --------------------------------- */ name = "SECRET_DIGEST"; desc = "Secret digest register block"; - reset = 0x0; + default reset = 0x0; default sw = r; default hw = r; - default hwext = true; + //default hwext = true; /* ------------------------------------ * Register definitions * -----------------------------------*/ reg secret_digest_reg_t { name = "SECRET_DIGEST"; - desc = "Integrity digest for secret partition.\n The integrity digest is 0 by default. The digest calculation can be triggered via the !!DIRECT_ACCESS_CMD.\n After a reset, the digest then becomes visible in this CSR, and the corresponding partition becomes write-locked.\n"; + desc = "Integrity digest for secret partition. + The integrity digest is 0 by default. The digest calculation can be triggered via the !!DIRECT_ACCESS_CMD. + After a reset, the digest then becomes visible in this CSR, and the corresponding partition becomes write-locked."; default sw = r; // field prperty - default hw = hwo; // field prperty + default hw = w; // field prperty - field { desc = "Digest.";} [31:0]; + field { desc = "Digest.";} DIGEST [31:0]; }; /* ------------- Registers --------------*/ - dai_rdata_t DIGEST_0 @ 0x0; // - dai_rdata_t DIGEST_1 @ 0x4; // + secret_digest_reg_t DIGEST_0 @ 0x0; // + secret_digest_reg_t DIGEST_1 @ 0x4; // /* --------------------------------------*/ };