zkr: entropy source access control for seed csr

2 years ago · 6dbc8cad8a
2 changed files with 20 additions and 0 deletions
--- a/riscv/csrs.cc
+++ b/riscv/csrs.cc
@ -303,6 +303,14 @@ bool mseccfg_csr_t::get_rlb() const noexcept {
  return (read() & MSECCFG_RLB);
 }

+bool mseccfg_csr_t::get_useed() const noexcept {
+  return (read() & MSECCFG_USEED);
+}
+
+bool mseccfg_csr_t::get_sseed() const noexcept {
+  return (read() & MSECCFG_SSEED);
+}
+
 bool mseccfg_csr_t::unlogged_write(const reg_t val) noexcept {
  if (proc->n_pmp == 0)
    return false;
@ -1440,6 +1448,16 @@ void seed_csr_t::verify_permissions(insn_t insn, bool write) const {
  if (!proc->extension_enabled(EXT_ZKR) || !write)
    throw trap_illegal_instruction(insn.bits());
  csr_t::verify_permissions(insn, write);
+
+  if (state->v) {
+    if (state->mseccfg->get_sseed() && write)
+      throw trap_virtual_instruction(insn.bits());
+    else
+      throw trap_illegal_instruction(insn.bits());
+  } else if ((state->prv == PRV_U && !state->mseccfg->get_useed()) ||
+             (state->prv == PRV_S && !state->mseccfg->get_sseed())) {
+      throw trap_illegal_instruction(insn.bits());
+  }
 }

 reg_t seed_csr_t::read() const noexcept {
--- a/riscv/csrs.h
+++ b/riscv/csrs.h
@ -150,6 +150,8 @@ class mseccfg_csr_t: public basic_csr_t {
  bool get_mml() const noexcept;
  bool get_mmwp() const noexcept;
  bool get_rlb() const noexcept;
+  bool get_useed() const noexcept;
+  bool get_sseed() const noexcept;
 protected:
  virtual bool unlogged_write(const reg_t val) noexcept override;
 };