mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-08-10 07:29:59 -04:00
Make sensitive assets only readable/writable before system_mode is set
After the first time system_mode is set to one, the assets will no longer be read- or writeable, even if system_mode is set to zero at a later syscall. This is to make sure syscalls does not have the same privilege as the firmware has at first boot. We need to monitor when system_mode is set to one, otherwise we might accedentially lock the assets before actually leaving firmware, for example if firmware would use a function set in any of the registers used in system_mode_ctrl. Co-authored-by: Mikael Ågren <mikael@tillitis.se>
This commit is contained in:
Daniel Jobson
parent
690bb53267
commit
2abe93cf06
4 changed files with 25 additions and 12 deletions
|
|
@ -21,6 +21,7 @@ module tk1 #(
|
||||||
|
|
||||||
input wire cpu_trap,
|
input wire cpu_trap,
|
||||||
output wire system_mode,
|
output wire system_mode,
|
||||||
|
output wire rw_locked,
|
||||||
|
|
||||||
input wire [31 : 0] cpu_addr,
|
input wire [31 : 0] cpu_addr,
|
||||||
input wire cpu_instr,
|
input wire cpu_instr,
|
||||||
|
|
@ -128,6 +129,8 @@ module tk1 #(
|
||||||
reg rom_executable_new;
|
reg rom_executable_new;
|
||||||
reg rom_executable_we;
|
reg rom_executable_we;
|
||||||
|
|
||||||
|
reg rw_locked_reg;
|
||||||
|
|
||||||
reg [ 2 : 0] led_reg;
|
reg [ 2 : 0] led_reg;
|
||||||
reg led_we;
|
reg led_we;
|
||||||
|
|
||||||
|
|
@ -202,6 +205,7 @@ module tk1 #(
|
||||||
assign ready = tmp_ready;
|
assign ready = tmp_ready;
|
||||||
|
|
||||||
assign system_mode = system_mode_reg;
|
assign system_mode = system_mode_reg;
|
||||||
|
assign rw_locked = rw_locked_reg;
|
||||||
|
|
||||||
assign force_trap = force_trap_reg;
|
assign force_trap = force_trap_reg;
|
||||||
|
|
||||||
|
|
@ -266,6 +270,7 @@ module tk1 #(
|
||||||
if (!reset_n) begin
|
if (!reset_n) begin
|
||||||
system_mode_reg <= 1'h0;
|
system_mode_reg <= 1'h0;
|
||||||
rom_executable_reg <= 1'h1;
|
rom_executable_reg <= 1'h1;
|
||||||
|
rw_locked_reg <= 1'h0;
|
||||||
led_reg <= 3'h6;
|
led_reg <= 3'h6;
|
||||||
gpio1_reg <= 2'h0;
|
gpio1_reg <= 2'h0;
|
||||||
gpio2_reg <= 2'h0;
|
gpio2_reg <= 2'h0;
|
||||||
|
|
@ -307,6 +312,10 @@ module tk1 #(
|
||||||
|
|
||||||
if (system_mode_we) begin
|
if (system_mode_we) begin
|
||||||
system_mode_reg <= system_mode_new;
|
system_mode_reg <= system_mode_new;
|
||||||
|
|
||||||
|
if (system_mode_new) begin
|
||||||
|
rw_locked_reg <= 1'h1;
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (rom_executable_we) begin
|
if (rom_executable_we) begin
|
||||||
|
|
@ -533,13 +542,13 @@ module tk1 #(
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_APP_START) begin
|
if (address == ADDR_APP_START) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
app_start_we = 1'h1;
|
app_start_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_APP_SIZE) begin
|
if (address == ADDR_APP_SIZE) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
app_size_we = 1'h1;
|
app_size_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -549,31 +558,31 @@ module tk1 #(
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_BLAKE2S) begin
|
if (address == ADDR_BLAKE2S) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
blake2s_addr_we = 1'h1;
|
blake2s_addr_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_SYSCALL) begin
|
if (address == ADDR_SYSCALL) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
syscall_addr_we = 1'h1;
|
syscall_addr_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
|
if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
cdi_mem_we = 1'h1;
|
cdi_mem_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_RAM_ADDR_RAND) begin
|
if (address == ADDR_RAM_ADDR_RAND) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
ram_addr_rand_we = 1'h1;
|
ram_addr_rand_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (address == ADDR_RAM_DATA_RAND) begin
|
if (address == ADDR_RAM_DATA_RAND) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
ram_data_rand_we = 1'h1;
|
ram_data_rand_we = 1'h1;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -659,7 +668,7 @@ module tk1 #(
|
||||||
end
|
end
|
||||||
|
|
||||||
if ((address >= ADDR_UDI_FIRST) && (address <= ADDR_UDI_LAST)) begin
|
if ((address >= ADDR_UDI_FIRST) && (address <= ADDR_UDI_LAST)) begin
|
||||||
if (!system_mode_reg) begin
|
if (!rw_locked_reg) begin
|
||||||
tmp_read_data = udi_rdata;
|
tmp_read_data = udi_rdata;
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ module uds (
|
||||||
input wire clk,
|
input wire clk,
|
||||||
input wire reset_n,
|
input wire reset_n,
|
||||||
|
|
||||||
input wire system_mode,
|
input wire rw_locked,
|
||||||
|
|
||||||
input wire cs,
|
input wire cs,
|
||||||
input wire [ 2 : 0] address,
|
input wire [ 2 : 0] address,
|
||||||
|
|
@ -89,7 +89,7 @@ module uds (
|
||||||
if (cs) begin
|
if (cs) begin
|
||||||
tmp_ready = 1'h1;
|
tmp_ready = 1'h1;
|
||||||
|
|
||||||
if (!system_mode) begin
|
if (!rw_locked) begin
|
||||||
if (uds_rd_reg[address[2 : 0]] == 1'h0) begin
|
if (uds_rd_reg[address[2 : 0]] == 1'h0) begin
|
||||||
uds_rd_we = 1'h1;
|
uds_rd_we = 1'h1;
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,7 @@ module application_fpga (
|
||||||
wire [31 : 0] tk1_read_data;
|
wire [31 : 0] tk1_read_data;
|
||||||
wire tk1_ready;
|
wire tk1_ready;
|
||||||
wire system_mode;
|
wire system_mode;
|
||||||
|
wire rw_locked;
|
||||||
wire force_trap;
|
wire force_trap;
|
||||||
wire [14 : 0] ram_addr_rand;
|
wire [14 : 0] ram_addr_rand;
|
||||||
wire [31 : 0] ram_data_rand;
|
wire [31 : 0] ram_data_rand;
|
||||||
|
|
@ -277,7 +278,7 @@ module application_fpga (
|
||||||
.clk(clk),
|
.clk(clk),
|
||||||
.reset_n(reset_n),
|
.reset_n(reset_n),
|
||||||
|
|
||||||
.system_mode(system_mode),
|
.rw_locked(rw_locked),
|
||||||
|
|
||||||
.cs(uds_cs),
|
.cs(uds_cs),
|
||||||
.address(uds_address),
|
.address(uds_address),
|
||||||
|
|
@ -321,6 +322,7 @@ module application_fpga (
|
||||||
.reset_n(reset_n),
|
.reset_n(reset_n),
|
||||||
|
|
||||||
.system_mode(system_mode),
|
.system_mode(system_mode),
|
||||||
|
.rw_locked (rw_locked),
|
||||||
|
|
||||||
.cpu_addr (cpu_addr),
|
.cpu_addr (cpu_addr),
|
||||||
.cpu_instr (cpu_instr),
|
.cpu_instr (cpu_instr),
|
||||||
|
|
|
||||||
|
|
@ -155,6 +155,7 @@ module application_fpga_sim (
|
||||||
wire [31 : 0] tk1_read_data;
|
wire [31 : 0] tk1_read_data;
|
||||||
wire tk1_ready;
|
wire tk1_ready;
|
||||||
wire system_mode;
|
wire system_mode;
|
||||||
|
wire rw_locked;
|
||||||
wire force_trap;
|
wire force_trap;
|
||||||
wire [14 : 0] ram_addr_rand;
|
wire [14 : 0] ram_addr_rand;
|
||||||
wire [31 : 0] ram_data_rand;
|
wire [31 : 0] ram_data_rand;
|
||||||
|
|
@ -288,7 +289,7 @@ module application_fpga_sim (
|
||||||
.clk(clk),
|
.clk(clk),
|
||||||
.reset_n(reset_n),
|
.reset_n(reset_n),
|
||||||
|
|
||||||
.system_mode(system_mode),
|
.rw_locked(rw_locked),
|
||||||
|
|
||||||
.cs(uds_cs),
|
.cs(uds_cs),
|
||||||
.address(uds_address),
|
.address(uds_address),
|
||||||
|
|
@ -334,6 +335,7 @@ module application_fpga_sim (
|
||||||
.reset_n(reset_n),
|
.reset_n(reset_n),
|
||||||
|
|
||||||
.system_mode(system_mode),
|
.system_mode(system_mode),
|
||||||
|
.rw_locked (rw_locked),
|
||||||
|
|
||||||
.cpu_addr (cpu_addr),
|
.cpu_addr (cpu_addr),
|
||||||
.cpu_instr (cpu_instr),
|
.cpu_instr (cpu_instr),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue