Make sensitive assets only readable/writable before system_mode is set

After the first time system_mode is set to one, the assets will no longer be read- or writeable, even if system_mode is set to zero at a later syscall. This is to make sure syscalls does not have the same privilege as the firmware has at first boot. We need to monitor when system_mode is set to one, otherwise we might accedentially lock the assets before actually leaving firmware, for example if firmware would use a function set in any of the registers used in system_mode_ctrl. Co-authored-by: Mikael Ågren <mikael@tillitis.se>
2025-04-25 09:29:21 -04:00 · 2024-11-15 11:19:40 +01:00 · 2024-11-15 11:19:40 +01:00 · 2cfd80dd8e
commit 2cfd80dd8e
parent 1500fe3c8e
1 changed files with 15 additions and 8 deletions
--- a/hw/application_fpga/core/tk1/rtl/tk1.v
+++ b/hw/application_fpga/core/tk1/rtl/tk1.v
@ -126,6 +126,8 @@ module tk1 (
  reg           rom_executable_new;
  reg           rom_executable_we;

+  reg           rw_locked_reg;
+
  reg  [ 2 : 0] led_reg;
  reg           led_we;

@ -264,6 +266,7 @@ module tk1 (
    if (!reset_n) begin
      system_mode_reg    <= 1'h0;
      rom_executable_reg <= 1'h1;
+      rw_locked_reg      <= 1'h0;
      led_reg            <= 3'h6;
      gpio1_reg          <= 2'h0;
      gpio2_reg          <= 2'h0;
@ -305,6 +308,10 @@ module tk1 (

      if (system_mode_we) begin
        system_mode_reg <= system_mode_new;
+
+        if (system_mode_new) begin
+          rw_locked_reg <= 1'h1;
+        end
      end

      if (rom_executable_we) begin
@ -531,13 +538,13 @@ module tk1 (
        end

        if (address == ADDR_APP_START) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            app_start_we = 1'h1;
          end
        end

        if (address == ADDR_APP_SIZE) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            app_size_we = 1'h1;
          end
        end
@ -547,31 +554,31 @@ module tk1 (
        end

        if (address == ADDR_BLAKE2S) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            blake2s_addr_we = 1'h1;
          end
        end

        if (address == ADDR_SYSCALL) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            syscall_addr_we = 1'h1;
          end
        end

        if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            cdi_mem_we = 1'h1;
          end
        end

        if (address == ADDR_RAM_ADDR_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            ram_addr_rand_we = 1'h1;
          end
        end

        if (address == ADDR_RAM_DATA_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            ram_data_rand_we = 1'h1;
          end
        end
@ -657,7 +664,7 @@ module tk1 (
        end

        if ((address >= ADDR_UDI_FIRST) && (address <= ADDR_UDI_LAST)) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
            tmp_read_data = udi_rdata;
          end
        end