mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-01-17 02:17:14 -05:00
Add release notes for Bellatrix
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se> Signed-off-by: Joachim Strömbergson <joachim@assured.se>, Michael Cardell Widerkrantz <mc@tillitis.se>
This commit is contained in:
parent
dbb7e61509
commit
4086911c3b
@ -3,11 +3,90 @@
|
|||||||
Descriptions of the tagged TKey releases.
|
Descriptions of the tagged TKey releases.
|
||||||
|
|
||||||
|
|
||||||
## Tag XYZ
|
## TK1-23.03
|
||||||
|
This is the official release of the "Bellatrix" version of
|
||||||
|
the Tillitis TKey device. This version is ready for general
|
||||||
|
use.
|
||||||
|
|
||||||
|
Given the Docker config, and the generic UDS.hex and UDI.hex,
|
||||||
|
a clean build should generate the following digest:
|
||||||
|
```
|
||||||
|
shasum -a256 application_fpga.bin
|
||||||
|
f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fpga.bin
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### New and improved functionality
|
||||||
|
|
||||||
|
- (ALL) The TKey HW design, FW, protocol and first applications has
|
||||||
|
been audited by a third party. No major issues was found, but the
|
||||||
|
audit have lead to several updates, changes and fixes to improve
|
||||||
|
the security and robustness. The third party report will be
|
||||||
|
published when completed.
|
||||||
|
|
||||||
|
- (APPS) Applications can now use the whole 128 kByte RAM.
|
||||||
|
|
||||||
|
- (FW) The firmware now use the `FW_RAM` for the stack. It keeps no
|
||||||
|
.bss or .data segments and only uses RAM for loading the
|
||||||
|
application.
|
||||||
|
|
||||||
|
- (FW) The firmware has been hardened and the state machine simplified
|
||||||
|
to reduce the number of commands that can be used and in which
|
||||||
|
order.
|
||||||
|
|
||||||
|
- (FW) Steady white LED while waiting for initial commands. LED off
|
||||||
|
while loading app.
|
||||||
|
|
||||||
|
- (HW) The memory system now has an execution monitor. The monitor
|
||||||
|
detects attempts at reading instructions from the firmware ram.
|
||||||
|
The execution monitor can alwo, when enabled by an application,
|
||||||
|
detect attempts at reading instructions from the application
|
||||||
|
stack. If any such attempt is detected, the memory system will
|
||||||
|
force the CPU to read an illegal instruction, triggering the
|
||||||
|
trap state in the CPU.
|
||||||
|
|
||||||
|
Note that the execution monitor can only be enabled, not
|
||||||
|
disabled. The address range registers defining the region
|
||||||
|
protected by the monitor can only be set when the monitor
|
||||||
|
has not yet been enabled.
|
||||||
|
|
||||||
|
- (HW) The CPU trap signal is now connected to an illegal instruction
|
||||||
|
trap indicator. When an illegal instruction is detected, the RGB LED
|
||||||
|
will start flashing red. Note that the CPU will stay in the trap
|
||||||
|
state until the TKey device is disconnected.
|
||||||
|
|
||||||
|
- (HW) The RAM memory now includes an initial adress and scrambling
|
||||||
|
mechanism to make it harder to find assets generated by and
|
||||||
|
stored in the RAM by applications. The address space layout
|
||||||
|
randomizarion (ASLR) and data value scrambling is set up by the
|
||||||
|
firmware before the application is loaded, and does not affect
|
||||||
|
how applications executes.
|
||||||
|
|
||||||
|
- (HW) The UART Rx FIFO now allows applications to read out the
|
||||||
|
number of bytes received and not yet consumed by the application.
|
||||||
|
|
||||||
|
- (HW) The FPGA bitstream can now be stored in the non volatile
|
||||||
|
configuration memory (NVCM). This is done using of a new icestorm
|
||||||
|
tool developed partly in the projecy and sponsored by Tillitis
|
||||||
|
and Mullvad. The tool supports locking down NVCM access after
|
||||||
|
writing the FPGA bitstream to the memory.
|
||||||
|
|
||||||
|
- (TOOLS) There is now a Docker config setting up all tools as needed
|
||||||
|
|
||||||
|
- (TOOLS) There is now a version of iceprog able to write to the FPGA
|
||||||
|
bitstream to the NVCM and lock the NVCM from external access
|
||||||
|
|
||||||
|
|
||||||
|
### Bugs fixed
|
||||||
|
- No known bugs have been fixed. Numerous issues has been closed.
|
||||||
|
|
||||||
|
|
||||||
|
### Limitations
|
||||||
|
|
||||||
|
- The RAM address and data scrambling in this release is not
|
||||||
|
cryptographically secure. It his however randomized every time
|
||||||
|
a TKey device is powered up.
|
||||||
|
|
||||||
XYZ is a general release of the development kit first presented
|
|
||||||
as a limited engineering-release. The main changes are polishing,
|
|
||||||
completion and bug fixing since the engineering-releases.
|
|
||||||
|
|
||||||
## engineering-release-2
|
## engineering-release-2
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user