Repo which contains the design of the secured Ibex core, as shown in COCO: Co-Design and Co-Verification of Masked Software Implementations onCPUs.
The design is based on commit #863fb56eb166d of the original Ibex core.
- rtl: contains the hardware design of the modified Ibex core.
- secure.sv: allows to enable/disable certain security features
- shared/rtl: contains the secure RAM implementation
We implemented the following security features:
REGREAD_SECURE
: gating mechanism for reads from the register fileREGWRITE_SECURE
: gating mechanism for writes to the register fileMEM_SECURE
: use secure RAMMD_SECURE
: gating mechanism for multiplication unitSHIFT_SECURE
: gating mechanism for shifter in ALUADDER_SECURE
: gating mechanism for adder in ALUCSR_SECURE
: gating mechanism for CSR unit
Each of these features is standalone, i.e., disabling REGREAD_SECURE
but enabling all other features will still work. Disabling can be done by uncommenting the respective line in secure.sv.
We did not add an enabling/disabling mechanism for clearing the hidden LSU state.
Configurations can be made by altering a
and b
in ram_1p_secure.v:
a
: number of 32-bit cells per blockb
: number of blocks
In-block addressing is done using one-hot encoded addresses.