[ci,scripts] Add countermeasure check to ci and azure

Fixes #10071

Signed-off-by: Guillermo Maturana <[email protected]>

azure-pipelines.yml

@@ -142,6 +142,10 @@ jobs:
  steps:
  - template: ci/checkout-template.yml
  - template: ci/install-package-dependencies.yml
+ # Check that all earlgrey countermeasures are implemented.
+ - bash: ci/scripts/check-countermeasures.sh earlgrey
+ displayName: Check countermeasures for top_earlgrey
+ continueOnError: True
  # Bazel test suites are a common cause of problematic tags. Check test suites
  # before checking for other tag issues.
  - bash: ci/scripts/check_bazel_test_suites.py
@@ -304,6 +308,10 @@ jobs:
  verilator --version
  verible-verilog-lint --version
  displayName: Display environment
+ # Check that all englishbreakfast countermeasures are implemented.
+ - bash: ci/scripts/check-countermeasures.sh englishbreakfast
+ displayName: Check countermeasures for top_englishbreakfast
+ continueOnError: True
  - bash: ci/scripts/build-chip-verilator.sh englishbreakfast
  displayName: Build simulation with Verilator
  - template: ci/upload-artifacts-template.yml

ci/scripts/check-countermeasures.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+# Checks the coutermeasures for a given top from its hjson file.
+
+set -e
+
+if [ $# != 1 ]; then
+ echo >&2 "Usage: check-countermeasures.sh <toplevel-name>"
+ exit 1
+fi
+hjson_file="hw/top_$1/data/top_$1.hjson"
+if [ ! -f ${hjson_file} ]; then
+ echo >&2 "Missing hjson file for $1: expected file ${hjson_file} not found."
+ echo >&2 " For example, use \"earlgrey\" for top_earlgrey.hjson."
+ exit 1
+fi
+
+./util/topgen.py -t ${hjson_file} --check-cm || {
+ echo -n "##vso[task.logissue type=error]"
+ echo "Countermeasure check failed."
+ exit 1
+}