U-mode control by localparam (critical and secondary)#333
U-mode control by localparam (critical and secondary)#333MikeOpenHWGroup wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses CVE2 Issue #332 by further disabling latent U-mode behavior in the CSR block via a localparam gate, ensuring the core cannot enter U-mode and that U-related CSR behavior is suppressed.
Changes:
- Added a
UmodeEnabledlocalparam andumode_controlsignal to centrally gate U-mode-related behavior. - Gated
mstatus/dcsrWARL behavior andMRETupdate logic to prevent transitions toPRIV_LVL_Uwhen U-mode is disabled. - Updated reset/state defaults and debug trigger matching (
tdata0) to reflect U-mode being disabled.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cairo-caplan
left a comment
There was a problem hiding this comment.
Thank you for the PR, @MikeOpenHWGroup
My only comment for now would be to use only UmodeEnabled instead of also umode_control.
| localparam int unsigned UmodeEnabled = 0; | ||
|
|
||
| logic umode_control; | ||
| assign umode_control = logic'(UmodeEnabled); |
There was a problem hiding this comment.
After analyzing all the modifications they are sound, pass the basic UVM tests and SEC fails only for the modified signals i.e.:
cve2_top.u_cve2_core.cs_registers_i.u_mstatus_csr.wr_data_i cve2_top.u_cve2_core.cs_registers_i.u_mstack_csr.rdata_q cve2_top.u_cve2_core.cs_registers_i.u_dcsr_csr.wr_data_i cve2_top.u_cve2_core.cs_registers_i.tmatch_control_rdata.3 cve2_top.u_cve2_core.cs_registers_i.csr_rdata_o
But then, how about using only UmodeEnabled instead of UmodeEnabled and umode_control ?
They both have the same value and should not change at simulation time. To be more clear, UmodeEnabled could be declared as below, and all occurrences of umode_control would be substituted by UmodeEnabled .
localparam logic UmodeEnabled = 1'b0;There was a problem hiding this comment.
Yes, I knew that this would break SEC. AFAIK, there is no way to avoid this as we are changing the logic by disabling U-mode. @davideschiavone can you comment?
There was a problem hiding this comment.
Makes total sense. We are breaking SEC because this is a real bug as we were not supposed to support UMODE
I did this intentionally. My reasoning is that the |
This PR include a number of fixes for CVE2 Issue #332.