From 4086911c3bd5b23175655620ff0476d899b11d91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joachim=20Str=C3=B6mbergson?= Date: Tue, 7 Mar 2023 15:06:47 +0100 Subject: [PATCH] Add release notes for Bellatrix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Michael Cardell Widerkrantz Signed-off-by: Joachim Strömbergson , Michael Cardell Widerkrantz --- doc/release_notes.md | 87 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 83 insertions(+), 4 deletions(-) diff --git a/doc/release_notes.md b/doc/release_notes.md index f962e3a..852a15e 100644 --- a/doc/release_notes.md +++ b/doc/release_notes.md @@ -3,11 +3,90 @@ Descriptions of the tagged TKey releases. -## Tag XYZ +## TK1-23.03 +This is the official release of the "Bellatrix" version of +the Tillitis TKey device. This version is ready for general +use. + +Given the Docker config, and the generic UDS.hex and UDI.hex, +a clean build should generate the following digest: +``` +shasum -a256 application_fpga.bin +f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fpga.bin +``` + + +### New and improved functionality + +- (ALL) The TKey HW design, FW, protocol and first applications has + been audited by a third party. No major issues was found, but the + audit have lead to several updates, changes and fixes to improve + the security and robustness. The third party report will be + published when completed. + +- (APPS) Applications can now use the whole 128 kByte RAM. + +- (FW) The firmware now use the `FW_RAM` for the stack. It keeps no + .bss or .data segments and only uses RAM for loading the + application. + +- (FW) The firmware has been hardened and the state machine simplified + to reduce the number of commands that can be used and in which + order. + +- (FW) Steady white LED while waiting for initial commands. LED off + while loading app. + +- (HW) The memory system now has an execution monitor. The monitor + detects attempts at reading instructions from the firmware ram. + The execution monitor can alwo, when enabled by an application, + detect attempts at reading instructions from the application + stack. If any such attempt is detected, the memory system will + force the CPU to read an illegal instruction, triggering the + trap state in the CPU. + + Note that the execution monitor can only be enabled, not + disabled. The address range registers defining the region + protected by the monitor can only be set when the monitor + has not yet been enabled. + +- (HW) The CPU trap signal is now connected to an illegal instruction + trap indicator. When an illegal instruction is detected, the RGB LED + will start flashing red. Note that the CPU will stay in the trap + state until the TKey device is disconnected. + +- (HW) The RAM memory now includes an initial adress and scrambling + mechanism to make it harder to find assets generated by and + stored in the RAM by applications. The address space layout + randomizarion (ASLR) and data value scrambling is set up by the + firmware before the application is loaded, and does not affect + how applications executes. + +- (HW) The UART Rx FIFO now allows applications to read out the + number of bytes received and not yet consumed by the application. + +- (HW) The FPGA bitstream can now be stored in the non volatile + configuration memory (NVCM). This is done using of a new icestorm + tool developed partly in the projecy and sponsored by Tillitis + and Mullvad. The tool supports locking down NVCM access after + writing the FPGA bitstream to the memory. + +- (TOOLS) There is now a Docker config setting up all tools as needed + +- (TOOLS) There is now a version of iceprog able to write to the FPGA + bitstream to the NVCM and lock the NVCM from external access + + +### Bugs fixed +- No known bugs have been fixed. Numerous issues has been closed. + + +### Limitations + +- The RAM address and data scrambling in this release is not + cryptographically secure. It his however randomized every time + a TKey device is powered up. -XYZ is a general release of the development kit first presented -as a limited engineering-release. The main changes are polishing, -completion and bug fixing since the engineering-releases. ## engineering-release-2