Skip to content

Latest commit

 

History

History
141 lines (108 loc) · 26.9 KB

interfaces.md

File metadata and controls

141 lines (108 loc) · 26.9 KB

Hardware Interfaces

All hardware interfaces of the debug system are documented in the PULP RISC-V Debug System Documentation, with the exception of the bus interfaces, which are converted to TL-UL by this wrapper.

Signals

Referring to the Comportable guideline for peripheral device functionality, the module rv_dm has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: clk_lc_i
  • Bus Device Interfaces (TL-UL): regs_tl_d, mem_tl_d, dbg_tl_d
  • Bus Host Interfaces (TL-UL): sba_tl_h
  • Peripheral Pins for Chip IO: none
  • Interrupts: none
Port Name Package::Struct Type Act Width Description
next_dm_addr rv_dm_pkg::next_dm_addr uni rcv 1 32bit word address of the next debug module. Set to 0x0 if this is the last debug module in the chain.
jtag jtag_pkg::jtag req_rsp rsp 1 JTAG signals for the RISC-V TAP.
lc_hw_debug_en lc_ctrl_pkg::lc_tx uni rcv 1 Multibit life cycle hardware debug enable signal coming from life cycle controller, asserted when the hardware debug mechanisms are enabled in the system.
lc_dft_en lc_ctrl_pkg::lc_tx uni rcv 1 Multibit life cycle hardware debug enable signal coming from life cycle controller, asserted when the DFT mechanisms are enabled in the system.
pinmux_hw_debug_en lc_ctrl_pkg::lc_tx uni rcv 1 Multibit life cycle hardware debug enable signal coming from pinmux. This is a latched version of the lc_hw_debug_en signal and is only used to gate the JTAG / TAP side of the RV_DM. It is used to keep a debug session live while the rest of the system undergoes an NDM reset.
otp_dis_rv_dm_late_debug prim_mubi_pkg::mubi8 uni rcv 1
unavailable logic uni rcv 1 This signal indicates to the debug module that the main processor is not available for debug (e.g. due to a low-power state).
ndmreset_req logic uni req 1 Non-debug module reset request going to the system reset infrastructure.
dmactive logic uni req 1 This signal indicates whether the debug module is active and can be used to prevent power down of the core and bus-attached peripherals.
debug_req logic [rv_dm_reg_pkg::NrHarts-1:0] uni req 1 This is the debug request interrupt going to the main processor.
lc_escalate_en lc_ctrl_pkg::lc_tx uni rcv 1 Escalation enable signal coming from life cycle controller, used for invalidating the latched lc_hw_debug_en state inside the strap sampling logic.
lc_check_byp_en lc_ctrl_pkg::lc_tx uni rcv 1 Check bypass enable signal coming from life cycle controller, used for invalidating the latched lc_hw_debug_en state inside the strap sampling logic. This signal is asserted whenever the life cycle controller performs a life cycle transition. Its main use is to skip any background checks inside the life cycle partition of the OTP controller while a life cycle transition is in progress.
strap_en logic uni rcv 1 This signal is pulsed high by the power manager after reset in order to sample the HW straps.
strap_en_override logic uni rcv 1 This signal transitions from 0 -> 1 by the lc_ctrl manager after volatile RAW_UNLOCK in order to re-sample the HW straps. The signal must stay at 1 until reset. Note that this is only used in test chips when SecVolatileRawUnlockEn = 1. Otherwise this signal is unused.
sba_tl_h tlul_pkg::tl req_rsp req 1
regs_tl_d tlul_pkg::tl req_rsp rsp 1
mem_tl_d tlul_pkg::tl req_rsp rsp 1
dbg_tl_d tlul_pkg::tl req_rsp rsp 1

Security Alerts

Alert Name Description
fatal_fault This fatal alert is triggered when a fatal TL-UL bus integrity fault is detected.

Security Countermeasures

Countermeasure ID Description
RV_DM.BUS.INTEGRITY End-to-end bus integrity scheme.
RV_DM.LC_HW_DEBUG_EN.INTERSIG.MUBI The life cycle hardware debug enable signal is multibit encoded.
RV_DM.LC_DFT_EN.INTERSIG.MUBI The life cycle hardware DFT enable signal is multibit encoded.
RV_DM.OTP_DIS_RV_DM_LATE_DEBUG.INTERSIG.MUBI The OTP chicken switch to disable late debug enablement is multibit encoded.
RV_DM.DM_EN.CTRL.LC_GATED The debug module is enabled via a combination of the multibit encoded LC_DFT_EN, LC_HW_DEBUG_EN and OTP_DIS_RV_DM_LATE_DEBUG signals, as well as the LATE_DEBUG_ENABLE CSR. This enablement is implemented by gating / enabling critical blocks with separately buffered copies of the life cycle signal. This comprises the debug module interface (DMI) attached to the TAP, the reset request line, the system bus access module (SBA), the debug request output, the TL-UL adapter for the debug ROM, and the ifetch indicator being fed into the TL-UL adapter for the debug ROM. In terms of gating conditions, the debug module implements a mechanism that allows for a 'late' debug enable in the DEV life cycle state: - Debug is always enabled unconditionally in DFT-enabled life cycle states (TEST_UNLOCKED* and RMA). - Debug is always enabled unconditionally in the DEV life cycle state iff OTP_DIS_RV_DM_LATE_DEBUG is set to kMuBi8True. - Debug is conditionally enabled based on the value of the LATE_DEBUG_ENABLE CSR in the DEV life cycle state iff OTP_DIS_RV_DM_LATE_DEBUG is set to kMuBi8False (or any invalid MuBi value). - Debug is always disabled in all other life cycle states.
RV_DM.SBA_TL_LC_GATE.FSM.SPARSE The control FSM inside the TL-UL gating primitive is sparsely encoded.
RV_DM.MEM_TL_LC_GATE.FSM.SPARSE The control FSM inside the TL-UL gating primitive is sparsely encoded.
RV_DM.EXEC.CTRL.MUBI The instruction fetch enable signal that is modulated with LC_HW_DEBUG_EN and that feeds into the TL-UL adapter is multibit encoded.

Life Cycle Control

Debug system functionality is controlled by the HW_DEBUG_EN function of the life cycle controller. Note that in order to support the non-debug module (NDM) reset functionality, there are two HW_DEBUG_EN signal inputs in the rv_dm module:

  input  lc_ctrl_pkg::lc_tx_t lc_hw_debug_en_i,
  input  lc_ctrl_pkg::lc_tx_t pinmux_hw_debug_en_i,

The first one comes directly from the life cycle controller and is a "live" value, decoded from the current life cycle state. The second one is a latched version coming from the strap sampling and TAP selection logic inside the pinmux. When NDM reset is triggered the life cycle controller is reset, but the debug module is not, so the latched variant of the signal keeps the JTAG side of the debug module operational.

JTAG

The debug system provides a standard JTAG (IEEE Std 1149.1-2013) port for external debug access. All JTAG logic is clocked with an externally supplied test clock (tck). The protocol used for this JTAG port is specified in the RISC-V Debug Specification as JTAG Debug Transport Module (DTM).

input  logic               tck_i,           // JTAG test clock pad
input  logic               tms_i,           // JTAG test mode select pad
input  logic               trst_ni,         // JTAG test reset pad
input  logic               td_i,            // JTAG test data input pad
output logic               td_o,            // JTAG test data output pad
output logic               tdo_oe_o         // Data out output enable

System interface

The debug system is able to reset the system through its JTAG connection; the non-debug module reset (ndmreset_req_o) signals this intent. It is up to the larger system design to specify which parts of the system are actually reset by this signal.

The dmactive_o signals that some kind of debugging is ongoing. Use this signal to prevent the power down of the core and bus-attached peripherals, which might be accessed by the debug system.

output logic                  ndmreset_o,  // non-debug module reset
output logic                  dmactive_o,  // debug module is active

Core interface

Most communication between the core and the debug system is performed through the debug memory. To enter debug mode due to an external debug request, the debug system provides a debug_req_o interrupt. If the core is unavailable to the debug system, e.g. because it is powered down or in a locked-down state, the unavailable_i signal can signal this condition to the debug system.

output logic [NrHarts-1:0]    debug_req_o, // async debug request
input  logic [NrHarts-1:0]    unavailable_i, // communicate whether the hart is unavailable
                                             // (e.g.: power down)

TL-UL device for debug memory

The debug system implements execution-based debug according to the RISC-V Debug Specification. Most interactions between the core and the debug system are performed through the debug memory, a bus-exposed memory. The memory needs to be accessible from the core instruction and data interfaces. A full memory map is part of the PULP RISC-V Debug System Documentation.

input  tlul_pkg::tl_h2d_t tl_d_i,
output tlul_pkg::tl_d2h_t tl_d_o,

TL-UL host for System Bus Access (SBA)

Bus-attached peripherals can be accessed through the debug system, a functionality called System Bus Access (SBA) in the RISC-V Debug Specification. It is up to the interconnect fabric to decide which peripherals are actually accessible. The debug system wrapper provides a TL-UL host bus interface for SBA.

Note, when bus errors (either address errors or integrity errors) occur on the SBA TL-UL path, alerts are not triggered. Instead the error status is fed into the PULP RISC-V Debug System for status indication.

// bus host, for system bus accesses
output tlul_pkg::tl_h2d_t  tl_h_o,
input  tlul_pkg::tl_d2h_t  tl_h_i,