[ast] Notice of AST locking via ePMP deprecation

[moidx]

Description

The earlgrey_es_sival design uses the following ePMP configuration to restrict access to the OTP and AST memory regions:

 0: 40130000 NAPOT L--- sz=00001000     ; OTP MMIO lockout.
 1: 40480000 NAPOT L--- sz=00000400     ; AST MMIO lockout.
 2: 20010400 ----- ---- sz=00000000     ; OWNER code start.
 3: 20013cac   TOR -X-R sz=000038ac     ; OWNER code end.
 4: 00000000 ----- ---- sz=00000000     ; OWNER data (if using remap window, else unused).
 5: 00000000 ----- ---- sz=00000000
 6: 00000000 ----- ---- sz=00000000
 7: 00000000 ----- ---- sz=00000000
 8: 00000000 ----- ---- sz=00000000
 9: 00000000 ----- ---- sz=00000000
10: 20000400 ----- ---- sz=00000000     ; ROM_EXT code start.
11: 20005bc8   TOR -X-R sz=000057c8     ; ROM_EXT code end.
12: 20000000 NAPOT ---R sz=00100000     ; FLASH data (1 MB).
13: 00010000 NAPOT -XWR sz=00001000     ; RvDM region (not PROD, RMA/DEV only).
14: 40000000 NAPOT --WR sz=10000000     ; MMIO region.
15: 10000000 NAPOT --WR sz=00020000     ; RAM region.
mseccfg = 00000002                      ; RLB=0, MMWP=1, MML=0.

For EarlGrey-PROD, we will be removing the AST and OTP locks from ePMP as Silicon Owners require the availability of all 16 ePMP entries. ROM_EXT will lock access to the OTP CREATOR_SW_CFG region, but will not apply any additional locking to AST registers.

AST should implement a read locking mechanism if AST reads are to be restricted from Silicon Owner stages.

Summary of changes

• [x] https://github.com/lowRISC/opentitan/pull/23392

[moidx]

CC @OTshimeon, @sha-ron. Once we get confirmation this is OK from AST's perspective, we'll move this issue to the ROM_EXT milestone to complete the changes.

[sha-ron]

We have a way to lock for read, write inside AST so I think it is ok. @zi-v please approve.

[zi-v]

OK

[moidx]

Thanks @sha-ron and @zi-v for providing confirmation. Moving this issue to the ROM_EXT milestone to track the remaining lockdown implementation for OTP.