Example - 1

Register SECURE_ME is located at address 0xF00. Amirror of this register called COPY_OF_SECURE_ME isat location 0x800F00. The register SECURE_ME isprotected from malicious agents and only allowsaccess to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (asindicated by acl_oh_allowlist). The identity of theinitiator of the transaction is indicated by theone hot input, incoming_id. This is checked againstthe acl_oh_allowlist (which contains a list ofinitiators that are allowed to access the asset). Though this example is shown in Verilog, it willapply to VHDL as well.

acl_oh_allowlist <= 32'h8312; 



q <= 32'h0;data_out <= 32'h0;
beginend


q <= (addr_auth & write_auth) ? data_in: q;data_out <= q;
beginend
if (!rst_n)elseend
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n);output [31:0] data_out;input [31:0] data_in, incoming_id, address;input clk, rst_n;wire write_auth, addr_auth;reg [31:0] data_out, acl_oh_allowlist, q;assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @*assign addr_auth = (address == 32'hF00) ? 1: 0;always @ (posedge clk or negedge rst_n)endmodule

assign addr_auth = (address == 32'hF00) ? 1: 0;

The bugged line of code is repeated in the Badexample above. Weakness arises from the fact that theSECURE_ME register can be modified by writing to theshadow register COPY_OF_SECURE_ME, the address ofCOPY_OF_SECURE_ME should also be included in the check.That buggy line of code should instead be replaced asshown in the Good Code Snippet below.

assign addr_auth = (address == 32'hF00 || address == 32'h800F00) ? 1: 0;