mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2024-12-29 17:36:26 -05:00
Add release notes for Bellatrix
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se> Signed-off-by: Joachim Strömbergson <joachim@assured.se>, Michael Cardell Widerkrantz <mc@tillitis.se>
This commit is contained in:
parent
dbb7e61509
commit
4086911c3b
@ -3,11 +3,90 @@
|
||||
Descriptions of the tagged TKey releases.
|
||||
|
||||
|
||||
## Tag XYZ
|
||||
## TK1-23.03
|
||||
This is the official release of the "Bellatrix" version of
|
||||
the Tillitis TKey device. This version is ready for general
|
||||
use.
|
||||
|
||||
Given the Docker config, and the generic UDS.hex and UDI.hex,
|
||||
a clean build should generate the following digest:
|
||||
```
|
||||
shasum -a256 application_fpga.bin
|
||||
f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fpga.bin
|
||||
```
|
||||
|
||||
|
||||
### New and improved functionality
|
||||
|
||||
- (ALL) The TKey HW design, FW, protocol and first applications has
|
||||
been audited by a third party. No major issues was found, but the
|
||||
audit have lead to several updates, changes and fixes to improve
|
||||
the security and robustness. The third party report will be
|
||||
published when completed.
|
||||
|
||||
- (APPS) Applications can now use the whole 128 kByte RAM.
|
||||
|
||||
- (FW) The firmware now use the `FW_RAM` for the stack. It keeps no
|
||||
.bss or .data segments and only uses RAM for loading the
|
||||
application.
|
||||
|
||||
- (FW) The firmware has been hardened and the state machine simplified
|
||||
to reduce the number of commands that can be used and in which
|
||||
order.
|
||||
|
||||
- (FW) Steady white LED while waiting for initial commands. LED off
|
||||
while loading app.
|
||||
|
||||
- (HW) The memory system now has an execution monitor. The monitor
|
||||
detects attempts at reading instructions from the firmware ram.
|
||||
The execution monitor can alwo, when enabled by an application,
|
||||
detect attempts at reading instructions from the application
|
||||
stack. If any such attempt is detected, the memory system will
|
||||
force the CPU to read an illegal instruction, triggering the
|
||||
trap state in the CPU.
|
||||
|
||||
Note that the execution monitor can only be enabled, not
|
||||
disabled. The address range registers defining the region
|
||||
protected by the monitor can only be set when the monitor
|
||||
has not yet been enabled.
|
||||
|
||||
- (HW) The CPU trap signal is now connected to an illegal instruction
|
||||
trap indicator. When an illegal instruction is detected, the RGB LED
|
||||
will start flashing red. Note that the CPU will stay in the trap
|
||||
state until the TKey device is disconnected.
|
||||
|
||||
- (HW) The RAM memory now includes an initial adress and scrambling
|
||||
mechanism to make it harder to find assets generated by and
|
||||
stored in the RAM by applications. The address space layout
|
||||
randomizarion (ASLR) and data value scrambling is set up by the
|
||||
firmware before the application is loaded, and does not affect
|
||||
how applications executes.
|
||||
|
||||
- (HW) The UART Rx FIFO now allows applications to read out the
|
||||
number of bytes received and not yet consumed by the application.
|
||||
|
||||
- (HW) The FPGA bitstream can now be stored in the non volatile
|
||||
configuration memory (NVCM). This is done using of a new icestorm
|
||||
tool developed partly in the projecy and sponsored by Tillitis
|
||||
and Mullvad. The tool supports locking down NVCM access after
|
||||
writing the FPGA bitstream to the memory.
|
||||
|
||||
- (TOOLS) There is now a Docker config setting up all tools as needed
|
||||
|
||||
- (TOOLS) There is now a version of iceprog able to write to the FPGA
|
||||
bitstream to the NVCM and lock the NVCM from external access
|
||||
|
||||
|
||||
### Bugs fixed
|
||||
- No known bugs have been fixed. Numerous issues has been closed.
|
||||
|
||||
|
||||
### Limitations
|
||||
|
||||
- The RAM address and data scrambling in this release is not
|
||||
cryptographically secure. It his however randomized every time
|
||||
a TKey device is powered up.
|
||||
|
||||
XYZ is a general release of the development kit first presented
|
||||
as a limited engineering-release. The main changes are polishing,
|
||||
completion and bug fixing since the engineering-releases.
|
||||
|
||||
## engineering-release-2
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user