opentitan icon indicating copy to clipboard operation
opentitan copied to clipboard
verified publisher icon lowRISC

[flash_ctrl] Reduce severity of ECC error from fatal to recoverable

Open jettr opened this issue 2 years ago • 1 comments

Description

We want to give the option for one stage of FW (e.g. ROM) to be able to read a potential candidate for the next stage of FW (ROM_EXT), and treat an ECC failure as a corrupted potential image (similar to signature verification failure) instead of resetting the chip.

See more background discussion in #21353

jettr avatar Feb 22 '24 21:02 jettr

After having more context, I think this option makes a lot of sense. IIUC, the alert classification inside the alert handler is quite flexible: once the FW stage of interest has passed, the severity of the corresponding alert can be raised again at the alert handler end. The only difference to the current implementation would then be that the alert would no longer be sticky at flash_ctrl end. But already today, ECC errors inside flash_ctrl don't completely lock up flash_ctrl. It's just that the alert is sticky right now.

vogelpi avatar Feb 22 '24 22:02 vogelpi

I've now prepared a PR to fix this here: #22431.

vogelpi avatar Apr 04 '24 16:04 vogelpi