zkr: entropy source access control for seed csr

2 files changed, 20 insertions, 0 deletions

diff --git a/riscv/csrs.cc b/riscv/csrs.cc
index 635faae..65d1689 100644
--- a/riscv/csrs.cc
+++ b/riscv/csrs.cc
@@ -303,6 +303,14 @@ bool mseccfg_csr_t::get_rlb() const noexcept {
   return (read() & MSECCFG_RLB);
 }
 
+bool mseccfg_csr_t::get_useed() const noexcept {
+  return (read() & MSECCFG_USEED);
+}
+
+bool mseccfg_csr_t::get_sseed() const noexcept {
+  return (read() & MSECCFG_SSEED);
+}
+
 bool mseccfg_csr_t::unlogged_write(const reg_t val) noexcept {
   if (proc->n_pmp == 0)
     return false;
@@ -1440,6 +1448,16 @@ void seed_csr_t::verify_permissions(insn_t insn, bool write) const {
   if (!proc->extension_enabled(EXT_ZKR) || !write)
     throw trap_illegal_instruction(insn.bits());
   csr_t::verify_permissions(insn, write);
+
+  if (state->v) {
+    if (state->mseccfg->get_sseed() && write)
+      throw trap_virtual_instruction(insn.bits());
+    else
+      throw trap_illegal_instruction(insn.bits());
+  } else if ((state->prv == PRV_U && !state->mseccfg->get_useed()) ||
+             (state->prv == PRV_S && !state->mseccfg->get_sseed())) {
+      throw trap_illegal_instruction(insn.bits());
+  }
 }
 
 reg_t seed_csr_t::read() const noexcept {
diff --git a/riscv/csrs.h b/riscv/csrs.h
index ad165b6..fd36992 100644
--- a/riscv/csrs.h
+++ b/riscv/csrs.h
@@ -150,6 +150,8 @@ class mseccfg_csr_t: public basic_csr_t {
   bool get_mml() const noexcept;
   bool get_mmwp() const noexcept;
   bool get_rlb() const noexcept;
+  bool get_useed() const noexcept;
+  bool get_sseed() const noexcept;
  protected:
   virtual bool unlogged_write(const reg_t val) noexcept override;
 };