From 1c90b1aa3dbfb4e62039683ee6049ae8af608498 Mon Sep 17 00:00:00 2001 From: dehanj Date: Mon, 25 Mar 2024 09:34:14 +0100 Subject: [PATCH] Add release notes for TK1-24.03 Clarifying earlier release notes. --- doc/release_notes.md | 83 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 75 insertions(+), 8 deletions(-) diff --git a/doc/release_notes.md b/doc/release_notes.md index 86a2727..5173cde 100644 --- a/doc/release_notes.md +++ b/doc/release_notes.md @@ -2,6 +2,73 @@ Descriptions of the tagged TKey releases. + +## TK1-24.03 + +This is an official release of the "Bellatrix" version of the Tillitis' +TKey. This version is ready for general use. + +Using OCI image `ghcr.io/tillitis/tkey-builder:4`, built from +`../contrib/Dockerfile`, and the generic +`../hw/application_fpga/data/uds.hex` and +`../hw/application_fpga/data/udi.hex`, a clean build should generate +the following digest: + +``` +321924aa3b26507f2a02325750e63c83b306c7831f8e2c87e8d198cecf8cc1c1 application_fpga.bin +``` + +### FPGA +- Security Monitor now prevents access to RAM outside of the physical + memory. If it detects an access outside of the RAM address space, it + will halt the CPU. +- CPU Monitor changes name to Security monitor, which CPU Monitor is a + part of. Prepare for more functions in the future. +- Support incremental builds for the bitstream, when changing UDS/UDI + between builds. Requires tkey-builder:3 or higher. +- Update Verilog linter to Verilog-2005 and fixed warnings. +- Complete testbenches and add 9 tests for the FPGA cores. + +### Firmware +- Protect zeroisation against compiler optimisation by using + secure_wipe(), fixing a memset() that was removed during + compilation. +- Make memeq() function side channel silent. +- Change memory constants to defines instead of an enum, to be + compatible with ISO C. +- Deprecate TK1_MMIO_TK1_RAM_ASLR and introduce + TK1_MMIO_TK1_RAM_ADDR_RAND instead to distinguish from OS-level + ASLR. +- Use pedantic warnings while building firmware and fixed warnings. +- Use clang-tidy in CI. +- Fix warnings from splint. + +### TP1 +- New plastic clip o and update of BOM. +- Build TP1 firmware in CI. + +### CH552 +- Fixed a bug where a byte of data could in some rare circumstances be + dropped, causing a client app to hang. +- General clean-up of code, translated all comments to English. + +### TK1 +- New injection moulded plastic case + +### tkey-builder +- Updated to version 3. Bumping Ubuntu to 23.10, Yosys to 0.36 and + nextpnr to 0.6. +- Updated to version 4. Bumping pico-sdk to 1.5.1, adding clang-tidy + and splint. + +### Docs +- Fixing broken links, cleaning up docs and READMEs. +- Clarify warm boot attack mitigations and scope for Bellatrix in + threat model. + +For full change log [see](https://github.com/tillitis/tillitis-key1/compare/TK1-23.03.2...TK1-24.03) + + ## TK1-23.03.2 This is the official release of the "Bellatrix" version of the @@ -87,12 +154,12 @@ f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fp will start flashing red. Note that the CPU will stay in the trap state until the TKey device is disconnected. -- (HW) The RAM memory now includes an initial adress and scrambling - mechanism to make it harder to find assets generated by and - stored in the RAM by applications. The address space layout - randomizarion (ASLR) and data value scrambling is set up by the - firmware before the application is loaded, and does not affect - how applications executes. +- (HW) The RAM memory now includes an address randomisation and data + scrambling mechanism to make it harder for someone outside of the + CPU to find assets generated by and stored in the RAM by + applications. This randomisation and scrambling is set up by + firmware before the application is loaded, and does not affect how + applications executes. - (HW) The UART Rx FIFO now allows applications to read out the number of bytes received and not yet consumed by the application. @@ -142,8 +209,8 @@ f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fp PicoRV32. Please compile your programs with the Zmmul extension, `-march=rv32iczmmul` for `clang`. -- (HW) The UDI is locked down and can now only be accessed by - firmware, not applications. +- (HW) The UDI is locked down and can only be accessed by firmware, to + prevent applications from tracking a particular TKey. - (HW) The timer MMIO API now takes separate start and stop bits for triggering the respective action, mitigating a time-of-check to