[flash_ctrl/doc] Add MEM.ADDR_INFECTION feature

This commit adds the MEM.ADDR_INFECTION to the documentation that
has been added with #23557

Signed-off-by: Pascal Nasahl <[email protected]>

hw/ip_templates/flash_ctrl/data/flash_ctrl.hjson.tpl

@@ -272,6 +272,13 @@
         The bus integrity scheme for flash is different from other comportable modules.
       '''
     }
+    { name: "MEM.ADDR_INFECTION",
+      desc: '''
+        On host reads, the address of the request is XORed with the data inside the read pipeline.
+        The request address is removed from the data before returning the data over TL-UL.
+        A mismatch triggers a data integrity error.
+      '''
+    }
     { name: "SCRAMBLE.KEY.SIDELOAD",
       desc: "The scrambling key is sideloaded from OTP and thus unreadable by SW."
     }

hw/ip_templates/flash_ctrl/doc/interfaces.md.tpl

@@ -72,6 +72,7 @@ ${"##"} Security Countermeasures
 | FLASH_CTRL.REG.BUS.INTEGRITY               | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
 | FLASH_CTRL.HOST.BUS.INTEGRITY              | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
 | FLASH_CTRL.MEM.BUS.INTEGRITY               | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
+| FLASH_CTRL.MEM.ADDR_INFECTION              | On host reads, the address of the request is XORed with the data inside the read pipeline. The request address is removed from the data before returning the data over TL-UL. A mismatch triggers a data integrity error.                          |
 | FLASH_CTRL.SCRAMBLE.KEY.SIDELOAD           | The scrambling key is sideloaded from OTP and thus unreadable by SW.                                                                                                                                                                               |
 | FLASH_CTRL.LC_CTRL.INTERSIG.MUBI           | Life cycle control signals are used control information partition access and flash debug access. See secret information partition, isolated information partitions and jtag connection in documentation for more details.                          |
 | FLASH_CTRL.CTRL.CONFIG.REGWEN              | Configurations cannot be changed when an operation is ongoing.                                                                                                                                                                                     |

hw/ip_templates/flash_ctrl/doc/theory_of_operation.md

@@ -507,3 +507,11 @@ The expected waveform from the perspective of the physical controller is shown b
   {name: 'flash_ctrl_o.prog_done', wave: '0....10.10...10'},
 ]}
 ```
+
+### Read Data Infection Feature
+
+This feature aims to provide additional security against fault injection attacks targeting the addresses of host flash read requests.
+By default, on each host read request, the data fetched from the underyling memory is infected with the address used for the memory access.
+Before returning the data to the host over the bus, the address is removed from the infected data.
+When the address used for the infection matches the original address, the plain data is restored.
+Otherwise, faulty data is generated, which can be detected by the data integrity mechanism.

hw/ip_templates/flash_ctrl/rtl/flash_ctrl.sv.tpl

@@ -1297,6 +1297,7 @@ module flash_ctrl
   );
 
   // SEC_CM: HOST.BUS.INTEGRITY
+  // SEC_CM: MEM.ADDR_INFECTION
   tlul_adapter_sram #(
     .SramAw(BusAddrW),
     .SramDw(BusWidth),

hw/top_earlgrey/ip_autogen/flash_ctrl/data/flash_ctrl.hjson

@@ -261,6 +261,13 @@
         The bus integrity scheme for flash is different from other comportable modules.
       '''
     }
+    { name: "MEM.ADDR_INFECTION",
+      desc: '''
+        On host reads, the address of the request is XORed with the data inside the read pipeline.
+        The request address is removed from the data before returning the data over TL-UL.
+        A mismatch triggers a data integrity error.
+      '''
+    }
     { name: "SCRAMBLE.KEY.SIDELOAD",
       desc: "The scrambling key is sideloaded from OTP and thus unreadable by SW."
     }

hw/top_earlgrey/ip_autogen/flash_ctrl/doc/interfaces.md

@@ -72,6 +72,7 @@ Referring to the [Comportable guideline for peripheral device functionality](htt
 | FLASH_CTRL.REG.BUS.INTEGRITY               | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
 | FLASH_CTRL.HOST.BUS.INTEGRITY              | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
 | FLASH_CTRL.MEM.BUS.INTEGRITY               | End-to-end bus integrity scheme. Since there are multiple access points for flash, please see Transmission Integrity Faults in the documentation for more details. The bus integrity scheme for flash is different from other comportable modules. |
+| FLASH_CTRL.MEM.ADDR_INFECTION              | On host reads, the address of the request is XORed with the data inside the read pipeline. The request address is removed from the data before returning the data over TL-UL. A mismatch triggers a data integrity error.                          |
 | FLASH_CTRL.SCRAMBLE.KEY.SIDELOAD           | The scrambling key is sideloaded from OTP and thus unreadable by SW.                                                                                                                                                                               |
 | FLASH_CTRL.LC_CTRL.INTERSIG.MUBI           | Life cycle control signals are used control information partition access and flash debug access. See secret information partition, isolated information partitions and jtag connection in documentation for more details.                          |
 | FLASH_CTRL.CTRL.CONFIG.REGWEN              | Configurations cannot be changed when an operation is ongoing.                                                                                                                                                                                     |

hw/top_earlgrey/ip_autogen/flash_ctrl/doc/theory_of_operation.md

@@ -507,3 +507,11 @@ The expected waveform from the perspective of the physical controller is shown b
   {name: 'flash_ctrl_o.prog_done', wave: '0....10.10...10'},
 ]}
 ```
+
+### Read Data Infection Feature
+
+This feature aims to provide additional security against fault injection attacks targeting the addresses of host flash read requests.
+By default, on each host read request, the data fetched from the underyling memory is infected with the address used for the memory access.
+Before returning the data to the host over the bus, the address is removed from the infected data.
+When the address used for the infection matches the original address, the plain data is restored.
+Otherwise, faulty data is generated, which can be detected by the data integrity mechanism.

hw/top_earlgrey/ip_autogen/flash_ctrl/rtl/flash_ctrl.sv

@@ -1298,6 +1298,7 @@ module flash_ctrl
   );
 
   // SEC_CM: HOST.BUS.INTEGRITY
+  // SEC_CM: MEM.ADDR_INFECTION
   tlul_adapter_sram #(
     .SramAw(BusAddrW),
     .SramDw(BusWidth),

util/reggen/countermeasure.py

@@ -43,6 +43,7 @@
     'REGREN',
     'SHADOW',
     'SCRAMBLE',
+    'ADDR_INFECTION',
     'INTEGRITY',
     'READBACK',
     'ADDR_INFECTION',