From 53c5e70795ec912f31578871b5e481e4153d50c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joachim=20Str=C3=B6mbergson?= Date: Mon, 3 Jun 2024 14:13:34 +0200 Subject: [PATCH] FPGA: Update names for RAM randomization API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update: - README - testbench - Symbolic names and variables in fw - registers - port name and wires - Update fpga and fw digests Signed-off-by: Joachim Strömbergson --- .../application_fpga.bin.sha256 | 2 +- hw/application_fpga/core/tk1/README.md | 16 ++++--- hw/application_fpga/core/tk1/rtl/tk1.v | 44 +++++++++---------- hw/application_fpga/core/tk1/tb/tb_tk1.v | 12 ++--- hw/application_fpga/firmware.bin.sha512 | 1 + hw/application_fpga/fw/tk1/main.c | 8 ++-- hw/application_fpga/fw/tk1_mem.h | 2 + hw/application_fpga/rtl/application_fpga.v | 14 +++--- 8 files changed, 53 insertions(+), 46 deletions(-) diff --git a/hw/application_fpga/application_fpga.bin.sha256 b/hw/application_fpga/application_fpga.bin.sha256 index fb36dd1..22a420c 100644 --- a/hw/application_fpga/application_fpga.bin.sha256 +++ b/hw/application_fpga/application_fpga.bin.sha256 @@ -1 +1 @@ -809eedf8a582b2b985292ea35102b6dd23c501202ea1c9c3b13dfdb4ff934e8e application_fpga.bin +c6105a3f769c0846a9619e194ed3bc171467612b9fef9edc1aaeda4941316ff5 application_fpga.bin diff --git a/hw/application_fpga/core/tk1/README.md b/hw/application_fpga/core/tk1/README.md index b83a784..2c10be5 100644 --- a/hw/application_fpga/core/tk1/README.md +++ b/hw/application_fpga/core/tk1/README.md @@ -136,15 +136,19 @@ bitstreams without having to do a full FPGA build. ### RAM memory protecion ``` - ADDR_RAM_ASLR: 0x40 - ADDR_RAM_SCRAMBLE: 0x41 + ADDR_RAM_ADDR_RAND: 0x40 + ADDR_RAM_DATA_RAND: 0x41 ``` These write only registers control how the data in the RAM is -scrambled as a way of protecting the data. The ADDR_RAM_ASLR control -how the addresses are scrambled. The ADDR_RAM_SCRAMBLE control how the -data itself is scrambled. FW writes random values to these registers -during boot. +randomized as a way of protecting the data. The randomization is +implemented using a pseudo random number generator with a state +initalized by a seed. + +The ADDR_RAM_ADDR_RAND store the seed for how the addresses are +randomized over the memory space. The ADDR_RAM_DATA_RAND store the +seed for how the data itself is randomized. FW writes random seed +values to these registers during boot. ### Security monitor diff --git a/hw/application_fpga/core/tk1/rtl/tk1.v b/hw/application_fpga/core/tk1/rtl/tk1.v index bde7c38..350530f 100644 --- a/hw/application_fpga/core/tk1/rtl/tk1.v +++ b/hw/application_fpga/core/tk1/rtl/tk1.v @@ -25,8 +25,8 @@ module tk1( input wire cpu_valid, output wire force_trap, - output wire [14 : 0] ram_aslr, - output wire [31 : 0] ram_scramble, + output wire [14 : 0] ram_addr_rand, + output wire [31 : 0] ram_data_rand, `ifdef INCLUDE_SPI_MASTER output wire spi_ss, @@ -86,8 +86,8 @@ module tk1( localparam ADDR_UDI_FIRST = 8'h30; localparam ADDR_UDI_LAST = 8'h31; - localparam ADDR_RAM_ASLR = 8'h40; - localparam ADDR_RAM_SCRAMBLE = 8'h41; + localparam ADDR_RAM_ADDR_RAND = 8'h40; + localparam ADDR_RAM_DATA_RAND = 8'h41; localparam ADDR_CPU_MON_CTRL = 8'h60; localparam ADDR_CPU_MON_FIRST = 8'h61; @@ -141,10 +141,10 @@ module tk1( reg [2 : 0] cpu_trap_led_new; reg cpu_trap_led_we; - reg [14 : 0] ram_aslr_reg; - reg ram_aslr_we; - reg [31 : 0] ram_scramble_reg; - reg ram_scramble_we; + reg [14 : 0] ram_addr_rand_reg; + reg ram_addr_rand_we; + reg [31 : 0] ram_data_rand_reg; + reg ram_data_rand_we; reg cpu_mon_en_reg; reg cpu_mon_en_we; @@ -193,8 +193,8 @@ module tk1( assign gpio3 = gpio3_reg; assign gpio4 = gpio4_reg; - assign ram_aslr = ram_aslr_reg; - assign ram_scramble = ram_scramble_reg; + assign ram_addr_rand = ram_addr_rand_reg; + assign ram_data_rand = ram_data_rand_reg; //---------------------------------------------------------------- @@ -273,8 +273,8 @@ module tk1( cpu_mon_en_reg <= 1'h0; cpu_mon_first_reg <= 32'h0; cpu_mon_last_reg <= 32'h0; - ram_aslr_reg <= 15'h0; - ram_scramble_reg <= 32'h0; + ram_addr_rand_reg <= 15'h0; + ram_data_rand_reg <= 32'h0; force_trap_reg <= 1'h0; end @@ -319,12 +319,12 @@ module tk1( cdi_mem[address[2 : 0]] <= write_data; end - if (ram_aslr_we) begin - ram_aslr_reg <= write_data[14 : 0]; + if (ram_addr_rand_we) begin + ram_addr_rand_reg <= write_data[14 : 0]; end - if (ram_scramble_we) begin - ram_scramble_reg <= write_data; + if (ram_data_rand_we) begin + ram_data_rand_reg <= write_data; end if (cpu_trap_led_we) begin @@ -427,8 +427,8 @@ module tk1( blake2s_addr_we = 1'h0; cdi_mem_we = 1'h0; cdi_mem_we = 1'h0; - ram_aslr_we = 1'h0; - ram_scramble_we = 1'h0; + ram_addr_rand_we = 1'h0; + ram_data_rand_we = 1'h0; cpu_mon_en_we = 1'h0; cpu_mon_first_we = 1'h0; cpu_mon_last_we = 1'h0; @@ -485,15 +485,15 @@ module tk1( end end - if (address == ADDR_RAM_ASLR) begin + if (address == ADDR_RAM_ADDR_RAND) begin if (!switch_app_reg) begin - ram_aslr_we = 1'h1; + ram_addr_rand_we = 1'h1; end end - if (address == ADDR_RAM_SCRAMBLE) begin + if (address == ADDR_RAM_DATA_RAND) begin if (!switch_app_reg) begin - ram_scramble_we = 1'h1; + ram_data_rand_we = 1'h1; end end diff --git a/hw/application_fpga/core/tk1/tb/tb_tk1.v b/hw/application_fpga/core/tk1/tb/tb_tk1.v index c3867a3..0f804fb 100644 --- a/hw/application_fpga/core/tk1/tb/tb_tk1.v +++ b/hw/application_fpga/core/tk1/tb/tb_tk1.v @@ -51,8 +51,8 @@ module tb_tk1(); localparam ADDR_UDI_FIRST = 8'h30; localparam ADDR_UDI_LAST = 8'h31; - localparam ADDR_RAM_ASLR = 8'h40; - localparam ADDR_RAM_SCRAMBLE = 8'h41; + localparam ADDR_RAM_ADDR_RAND = 8'h40; + localparam ADDR_RAM_DATA_RAND = 8'h41; localparam ADDR_CPU_MON_CTRL = 8'h60; localparam ADDR_CPU_MON_FIRST = 8'h61; @@ -523,8 +523,8 @@ module tb_tk1(); reset_dut(); $display("--- test6: Write RAM ASLR and RAM SCRAMBLE."); - write_word(ADDR_RAM_ASLR, 32'h13371337); - write_word(ADDR_RAM_SCRAMBLE, 32'h47114711); + write_word(ADDR_RAM_ADDR_RAND, 32'h13371337); + write_word(ADDR_RAM_DATA_RAND, 32'h47114711); $display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers."); $display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg); @@ -533,8 +533,8 @@ module tb_tk1(); write_word(ADDR_SWITCH_APP, 32'hf000000); $display("--- test6: Write RAM ASLR and SCRAMBLE again."); - write_word(ADDR_RAM_ASLR, 32'hdeadbeef); - write_word(ADDR_RAM_SCRAMBLE, 32'hf00ff00f); + write_word(ADDR_RAM_ADDR_RAND, 32'hdeadbeef); + write_word(ADDR_RAM_DATA_RAND, 32'hf00ff00f); $display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers."); $display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg); diff --git a/hw/application_fpga/firmware.bin.sha512 b/hw/application_fpga/firmware.bin.sha512 index c5e51a0..990aeeb 100644 --- a/hw/application_fpga/firmware.bin.sha512 +++ b/hw/application_fpga/firmware.bin.sha512 @@ -1 +1,2 @@ edb39fca7dafb8ea0b89fdeecd960d7656e14ce461e49af97160a8bd6e67d9987e816adad37ba0fcfa63d107c3160988e4c3423ce4a71c39544bc0045888fec1 firmware.bin + diff --git a/hw/application_fpga/fw/tk1/main.c b/hw/application_fpga/fw/tk1/main.c index 70e29c2..b6f59ec 100644 --- a/hw/application_fpga/fw/tk1/main.c +++ b/hw/application_fpga/fw/tk1/main.c @@ -28,8 +28,8 @@ static volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_ static volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER; static volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS; static volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL; -static volatile uint32_t *ram_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND; -static volatile uint32_t *ram_scramble = (volatile uint32_t *)TK1_MMIO_TK1_RAM_SCRAMBLE; +static volatile uint32_t *ram_addr_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND; +static volatile uint32_t *ram_data_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_DATA_RAND; // clang-format on // Context for the loading of a TKey program @@ -388,8 +388,8 @@ static void scramble_ram(void) } // Set RAM address and data scrambling parameters - *ram_rand = rnd_word(); - *ram_scramble = rnd_word(); + *ram_addr_rand = rnd_word(); + *ram_data_rand = rnd_word(); } int main(void) diff --git a/hw/application_fpga/fw/tk1_mem.h b/hw/application_fpga/fw/tk1_mem.h index 5b58b7c..96d8ef3 100644 --- a/hw/application_fpga/fw/tk1_mem.h +++ b/hw/application_fpga/fw/tk1_mem.h @@ -136,7 +136,9 @@ // Deprecated - use _ADDR_RAND instead #define TK1_MMIO_TK1_RAM_ASLR 0xff000100 #define TK1_MMIO_TK1_RAM_ADDR_RAND 0xff000100 +// Deprecated - use _DATA_RAND instead #define TK1_MMIO_TK1_RAM_SCRAMBLE 0xff000104 +#define TK1_MMIO_TK1_RAM_DATA_RAND 0xff000104 #define TK1_MMIO_TK1_CPU_MON_CTRL 0xff000180 #define TK1_MMIO_TK1_CPU_MON_FIRST 0xff000184 diff --git a/hw/application_fpga/rtl/application_fpga.v b/hw/application_fpga/rtl/application_fpga.v index 3f7b5df..7ea2f02 100644 --- a/hw/application_fpga/rtl/application_fpga.v +++ b/hw/application_fpga/rtl/application_fpga.v @@ -146,8 +146,8 @@ module application_fpga( wire tk1_ready; wire fw_app_mode; wire force_trap; - wire [14 : 0] ram_aslr; - wire [31 : 0] ram_scramble; + wire [14 : 0] ram_addr_rand; + wire [31 : 0] ram_data_rand; /* verilator lint_on UNOPTFLAT */ @@ -321,8 +321,8 @@ module application_fpga( .cpu_trap(cpu_trap), .force_trap(force_trap), - .ram_aslr(ram_aslr), - .ram_scramble(ram_scramble), + .ram_addr_rand(ram_addr_rand), + .ram_data_rand(ram_data_rand), `ifdef INCLUDE_SPI_MASTER .spi_ss(spi_ss), @@ -387,8 +387,8 @@ module application_fpga( ram_cs = 1'h0; ram_we = 4'h0; - ram_address = cpu_addr[16 : 2] ^ ram_aslr; - ram_write_data = cpu_wdata ^ ram_scramble ^ {2{cpu_addr[15 : 0]}}; + ram_address = cpu_addr[16 : 2] ^ ram_addr_rand; + ram_write_data = cpu_wdata ^ ram_data_rand ^ {2{cpu_addr[15 : 0]}}; fw_ram_cs = 1'h0; fw_ram_we = cpu_wstrb; @@ -438,7 +438,7 @@ module application_fpga( RAM_PREFIX: begin ram_cs = 1'h1; ram_we = cpu_wstrb; - muxed_rdata_new = ram_read_data ^ ram_scramble ^ {2{cpu_addr[15 : 0]}}; + muxed_rdata_new = ram_read_data ^ ram_data_rand ^ {2{cpu_addr[15 : 0]}}; muxed_ready_new = ram_ready; end