hw-security-signofflisted

# HW Security Sign-Off ## Purpose Define the handoff contract between Foundry (builder) and Forge (security auditor) for hardware security sign-off. Ensure all security-critical design artifacts are delivered, reviewed, and approved before tape-out commitment. ## Scope Constraints Coordinates the handoff process between builder and auditor roles. Does not perform the security review itself (delegates to rtl-security-review, microarch-analysis, physical-design-security). Does not modify design files. ## Inputs - Design name and tape-out target date - Security-critical modules identified by Foundry - Trust boundary definitions - Threat model (if available) or threat categories in scope - Any prior security review findings ## Input Sanitization No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets. ## Procedure ### Progress Checklist - [ ] Step 1: Verify builder artifact delivery - [ ] Step 2: Validate security scope agreement - [ ] Step 3: Coordinate security reviews - [ ] Step 4: Track finding resolution - [ ] Step 5: Issue sign-off decision ### Step 1: Verify Builder Artifact Delivery Foundry must deliver the following before security review begins: - [ ] RTL source for all security-critical modules (final, synthesis-ready) - [ ] Security-critical module list with trust boundary annotations - [ ] Register map with access control policy per register - [ ] FSM state diagrams for security-relevant state mach