This chapter outlines the security enhancements defined for the Debug Module as non-ISA extension. The debug operations listed below are modified by the non-ISA extension. All features in this chapter must be implemented in Debug Module to achieve external debug security. If any hart in the system implements the Sdsec extension, the Debug Module must also implement the non-ISA extension. The debug operations affected by the non-ISA extension include:
-
Halt
-
Reset
-
Keepalive
-
Abstract commands (Access Register, Quick Access, Access Memory)
-
System bus access
The ISA and non-ISA external debug security extensions impose security constraints and introduce non-backward-compatible changes. The presence of the extensions can be determined by polling the allsecured or/and anysecured bits in dmstatus Details of newly introduced fields in dmstatus. If the field allsecured or anysecured is set to 1, it represents that all or any selected harts adopt the Sdsec extension. When any hart adopts the Sdsec extension, it indicates the Debug Module implements Debug Module Security Extension as described in this chapter.
The halt behavior for a hart is detailed in [sdsecextdbg]. According to The RISC-V Debug Specification cite:[dbgspec], a halt request must be responded within one second. However, this constraint must be removed as the request might be pending due to the situations where debugging is disallowed. In the case of halt-on-reset request, the request is only acknowledged by the hart when it is permitted to debug after the deassertion of reset. Besides, when a Quick Access abstract command is issued to a hart while the hart is not yet allowed to debug, the Quick Access cannot halt the hart, and the Debug Module will receive a security error fault (cmderr=6).
|
Note
|
The halt action in Quick Access is handled differently because other types of halts can be canceled by external debugger when debugging is disallowed, while the Quick Access command can only complete successfully or respond with an error. Otherwise, the debug interface to the selected hart will appear to be hung. Additionally, reset is not always applicable to the hart to recover from a hang situation. To avoid such situations, the halt action in Quick Access must be handled separately by the hart. |
The hartreset operation resets selected harts. When M-mode is not allowed to be debugged, the hart will raise a security fault error to Debug Module. The debugger could monitor the error by polling allsecfault or/and anysecfault in dmstatus.
The ndmreset operation is a system-level reset not tied to hart privilege levels and reset the entire system (excluding the Debug Module). It can only be secured by the system. Thus, it must be de-featured. The debugger can determine support for the ndmreset operation by setting the field to 1 and subsequently verifying the returned value upon reading.
The keepalive bit serves as an optional request for the hart to remain available for debugging. This bit only takes effect when M-mode is allowed to be debugged; otherwise, the hart behaves as if the bit is not set.
The hart’s response to abstract commands is detailed in [sdsecextdbg]. The following subsection delineates the constraints when the Debug Module issues the abstract commands.
The field aamvirtual in the command (at 0x17 in the Debug Module) determines whether the Access Memory command uses a physical or virtual address. When an Access Memory command is issued with aamvirtual=0, the hart must check whether the physical access is allowed to access memory. The hart responds with an exception to the Debug Module when M-mode is not permitted to debug, tvm (in mstatus) is set to 1, and mode (in satp) enables any kind of virtual translation. In the event of an exception, the Debug Module set cmderr to 3 and clear the data registers to 0.
When M-mode debugging is not allowed (mdbgen=0) for a hart, any Quick Access operation will be discarded, causing cmderr being set to 6.
|
Note
|
Quick Access abstract commands effect a halt, execution of Program Buffer, and resume of the selected hart. However, it is undesirable for these Quick Access halts to remain pending until debug is allowed, since the debugger blocks while waiting for the Quick Access to complete. Returning an error only for Quick Access commands received when debug is not allowed would require the hart to distinguish between Quick Access halt requests and other halt requests. Because Quick Access is merely an optimized flow and not required for any usage models, it was decided to avoid burdening the hart with extra hardware. Therefore, Quick Access is forbiden when mdbgen is 0.
|
The System Bus Access must be checked by bus initiator protection mechanisms such as IOPMP cite:[iopmp], WorldGuard cite:[worldguard]. The bus protection unit can return error to Debug Module on illegal access, in that case, Debug Module will set sberror to 6 (security fault error).
|
Note
|
Trusted entities like RoT should configure IOPMP or equivalent protection before granting debug access to M-mode. Similarly, M-mode should apply the protection before enabling supervisor domain debug. |
A dedicated error code, security fault error (cmderr 6), is included in cmderr of abstractcs (at 0x16 in Debug Module). Issuance of abstract commands under disallowed circumstance sets cmderr to 6. Additionally, the bus security fault error (sberror 6) is introduced in sberror of sbcs (at 0x38 in Debug Module) to denote errors related to system bus access.
The error raised by resethaltreq, reset can be identified through the fields allsecfault and anysecfault in dmstatus. Error status bits are internally maintained for each hart, with the allsecfault and anysecfault fields indicating the error status of the currently selected harts. These error statuses are sticky and can only be cleared by writing 1 to acksecfault in dmcs2.
The state element nsecdbg is introduced to retain full debugging capabilities, as if the extensions in this specification were not implemented. When nsecdbg is set to 1:
-
All debug operations are executed with M-mode privilege (equivalent to having
mdbgenset to 1) for all harts in the system. -
The ndmreset operation is allowed.
-
The
relaxedprivfield may be configurable. -
System Bus Access may bypass the bus initiator protections.
[NOTE] During the early stages of a chip’s lifecycle, such as when developing the boot process, it is desirable to debug from the initial system state. The nsecdbg should only be set to 1 when the entire system is authorized for unrestricted debugging.
{reg: [
{bits: 20, name: 'defined in Debug Module'},
{bits: 1, name: 'anysecured'},
{bits: 1, name: 'allsecured'},
{bits: 3, name: 'defined in Debug Module'},
{bits: 1, name: 'anysecfault'},
{bits: 1, name: 'allsecfault'},
{bits: 5, name: '0'},
], config:{lanes: 3, hspace:1024}}
| Field | Description | Access | Reset |
|---|---|---|---|
allsecured |
The field is 1 when all currently selected harts implement Sdsec extension |
R |
- |
anysecured |
The field is 1 when any currently selected hart implements Sdsec extension |
R |
- |
allsecfault |
The field is 1 when all currently selected harts have raised security fault due to reset or keepalive operation. |
R |
- |
anysecfault |
The field is 1 when any currently selected hart has raised security fault due to reset or keepalive operation. |
R |
- |
{reg: [
{bits: 12, name: 'defined in Debug Module'},
{bits: 1, name: 'acksecfault'},
{bits: 19, name: '0'},
], config:{lanes: 2, hspace:1024}}
| Field | Description | Access | Reset |
|---|---|---|---|
acksecfault |
0 (nop): No effect. 1 (ack): Clears error status bits for any selected harts. |
W1 |
- |