Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2024-10-01 01:45:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

FPGA: Update names for RAM randomization API

Browse Source 
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
This commit is contained in:
Joachim Strömbergson 2024-06-03 14:13:34 +02:00 committed by Daniel Jobson
parent 816718307f
commit 53c5e70795
No known key found for this signature in database
GPG Key ID: 3707A9DBF4BB8F1A
8 changed files with 53 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/application_fpga/application_fpga.bin.sha256
View File

@ -1 +1 @@
809eedf8a582b2b985292ea35102b6dd23c501202ea1c9c3b13dfdb4ff934e8e application_fpga.bin c6105a3f769c0846a9619e194ed3bc171467612b9fef9edc1aaeda4941316ff5 application_fpga.bin

16
hw/application_fpga/core/tk1/README.md
View File

@ -136,15 +136,19 @@ bitstreams without having to do a full FPGA build.
### RAM memory protecion ### RAM memory protecion
``` ```
ADDR_RAM_ASLR: 0x40 ADDR_RAM_ADDR_RAND: 0x40
ADDR_RAM_SCRAMBLE: 0x41 ADDR_RAM_DATA_RAND: 0x41
``` ```
These write only registers control how the data in the RAM is These write only registers control how the data in the RAM is
scrambled as a way of protecting the data. The ADDR_RAM_ASLR control randomized as a way of protecting the data. The randomization is
how the addresses are scrambled. The ADDR_RAM_SCRAMBLE control how the implemented using a pseudo random number generator with a state
data itself is scrambled. FW writes random values to these registers initalized by a seed.
during boot.
The ADDR_RAM_ADDR_RAND store the seed for how the addresses are
randomized over the memory space. The ADDR_RAM_DATA_RAND store the
seed for how the data itself is randomized. FW writes random seed
values to these registers during boot.
### Security monitor ### Security monitor

44
hw/application_fpga/core/tk1/rtl/tk1.v
View File

@ -25,8 +25,8 @@ module tk1(
input wire cpu_valid, input wire cpu_valid,
output wire force_trap, output wire force_trap,
output wire [14 : 0] ram_aslr, output wire [14 : 0] ram_addr_rand,
output wire [31 : 0] ram_scramble, output wire [31 : 0] ram_data_rand,
`ifdef INCLUDE_SPI_MASTER `ifdef INCLUDE_SPI_MASTER
output wire spi_ss, output wire spi_ss,
@ -86,8 +86,8 @@ module tk1(
localparam ADDR_UDI_FIRST = 8'h30; localparam ADDR_UDI_FIRST = 8'h30;
localparam ADDR_UDI_LAST = 8'h31; localparam ADDR_UDI_LAST = 8'h31;
localparam ADDR_RAM_ASLR = 8'h40; localparam ADDR_RAM_ADDR_RAND = 8'h40;
localparam ADDR_RAM_SCRAMBLE = 8'h41; localparam ADDR_RAM_DATA_RAND = 8'h41;
localparam ADDR_CPU_MON_CTRL = 8'h60; localparam ADDR_CPU_MON_CTRL = 8'h60;
localparam ADDR_CPU_MON_FIRST = 8'h61; localparam ADDR_CPU_MON_FIRST = 8'h61;
@ -141,10 +141,10 @@ module tk1(
reg [2 : 0] cpu_trap_led_new; reg [2 : 0] cpu_trap_led_new;
reg cpu_trap_led_we; reg cpu_trap_led_we;
reg [14 : 0] ram_aslr_reg; reg [14 : 0] ram_addr_rand_reg;
reg ram_aslr_we; reg ram_addr_rand_we;
reg [31 : 0] ram_scramble_reg; reg [31 : 0] ram_data_rand_reg;
reg ram_scramble_we; reg ram_data_rand_we;
reg cpu_mon_en_reg; reg cpu_mon_en_reg;
reg cpu_mon_en_we; reg cpu_mon_en_we;
@ -193,8 +193,8 @@ module tk1(
assign gpio3 = gpio3_reg; assign gpio3 = gpio3_reg;
assign gpio4 = gpio4_reg; assign gpio4 = gpio4_reg;
assign ram_aslr = ram_aslr_reg; assign ram_addr_rand = ram_addr_rand_reg;
assign ram_scramble = ram_scramble_reg; assign ram_data_rand = ram_data_rand_reg;
//---------------------------------------------------------------- //----------------------------------------------------------------
@ -273,8 +273,8 @@ module tk1(
cpu_mon_en_reg <= 1'h0; cpu_mon_en_reg <= 1'h0;
cpu_mon_first_reg <= 32'h0; cpu_mon_first_reg <= 32'h0;
cpu_mon_last_reg <= 32'h0; cpu_mon_last_reg <= 32'h0;
ram_aslr_reg <= 15'h0; ram_addr_rand_reg <= 15'h0;
ram_scramble_reg <= 32'h0; ram_data_rand_reg <= 32'h0;
force_trap_reg <= 1'h0; force_trap_reg <= 1'h0;
end end
@ -319,12 +319,12 @@ module tk1(
cdi_mem[address[2 : 0]] <= write_data; cdi_mem[address[2 : 0]] <= write_data;
end end
if (ram_aslr_we) begin if (ram_addr_rand_we) begin
ram_aslr_reg <= write_data[14 : 0]; ram_addr_rand_reg <= write_data[14 : 0];
end end
if (ram_scramble_we) begin if (ram_data_rand_we) begin
ram_scramble_reg <= write_data; ram_data_rand_reg <= write_data;
end end
if (cpu_trap_led_we) begin if (cpu_trap_led_we) begin
@ -427,8 +427,8 @@ module tk1(
blake2s_addr_we = 1'h0; blake2s_addr_we = 1'h0;
cdi_mem_we = 1'h0; cdi_mem_we = 1'h0;
cdi_mem_we = 1'h0; cdi_mem_we = 1'h0;
ram_aslr_we = 1'h0; ram_addr_rand_we = 1'h0;
ram_scramble_we = 1'h0; ram_data_rand_we = 1'h0;
cpu_mon_en_we = 1'h0; cpu_mon_en_we = 1'h0;
cpu_mon_first_we = 1'h0; cpu_mon_first_we = 1'h0;
cpu_mon_last_we = 1'h0; cpu_mon_last_we = 1'h0;
@ -485,15 +485,15 @@ module tk1(
end end
end end
if (address == ADDR_RAM_ASLR) begin if (address == ADDR_RAM_ADDR_RAND) begin
if (!switch_app_reg) begin if (!switch_app_reg) begin
ram_aslr_we = 1'h1; ram_addr_rand_we = 1'h1;
end end
end end
if (address == ADDR_RAM_SCRAMBLE) begin if (address == ADDR_RAM_DATA_RAND) begin
if (!switch_app_reg) begin if (!switch_app_reg) begin
ram_scramble_we = 1'h1; ram_data_rand_we = 1'h1;
end end
end end

12
hw/application_fpga/core/tk1/tb/tb_tk1.v
View File

@ -51,8 +51,8 @@ module tb_tk1();
localparam ADDR_UDI_FIRST = 8'h30; localparam ADDR_UDI_FIRST = 8'h30;
localparam ADDR_UDI_LAST = 8'h31; localparam ADDR_UDI_LAST = 8'h31;
localparam ADDR_RAM_ASLR = 8'h40; localparam ADDR_RAM_ADDR_RAND = 8'h40;
localparam ADDR_RAM_SCRAMBLE = 8'h41; localparam ADDR_RAM_DATA_RAND = 8'h41;
localparam ADDR_CPU_MON_CTRL = 8'h60; localparam ADDR_CPU_MON_CTRL = 8'h60;
localparam ADDR_CPU_MON_FIRST = 8'h61; localparam ADDR_CPU_MON_FIRST = 8'h61;
@ -523,8 +523,8 @@ module tb_tk1();
reset_dut(); reset_dut();
$display("--- test6: Write RAM ASLR and RAM SCRAMBLE."); $display("--- test6: Write RAM ASLR and RAM SCRAMBLE.");
write_word(ADDR_RAM_ASLR, 32'h13371337); write_word(ADDR_RAM_ADDR_RAND, 32'h13371337);
write_word(ADDR_RAM_SCRAMBLE, 32'h47114711); write_word(ADDR_RAM_DATA_RAND, 32'h47114711);
$display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers."); $display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers.");
$display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg); $display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg);
@ -533,8 +533,8 @@ module tb_tk1();
write_word(ADDR_SWITCH_APP, 32'hf000000); write_word(ADDR_SWITCH_APP, 32'hf000000);
$display("--- test6: Write RAM ASLR and SCRAMBLE again."); $display("--- test6: Write RAM ASLR and SCRAMBLE again.");
write_word(ADDR_RAM_ASLR, 32'hdeadbeef); write_word(ADDR_RAM_ADDR_RAND, 32'hdeadbeef);
write_word(ADDR_RAM_SCRAMBLE, 32'hf00ff00f); write_word(ADDR_RAM_DATA_RAND, 32'hf00ff00f);
$display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers."); $display("--- test6: Check value in dut RAM ASLR and SCRAMBLE registers.");
$display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg); $display("--- test6: ram_aslr_reg: 0x%04x, ram_scramble_reg: 0x%08x", dut.ram_aslr_reg, dut.ram_scramble_reg);

1
hw/application_fpga/firmware.bin.sha512
View File

@ -1 +1,2 @@
edb39fca7dafb8ea0b89fdeecd960d7656e14ce461e49af97160a8bd6e67d9987e816adad37ba0fcfa63d107c3160988e4c3423ce4a71c39544bc0045888fec1 firmware.bin edb39fca7dafb8ea0b89fdeecd960d7656e14ce461e49af97160a8bd6e67d9987e816adad37ba0fcfa63d107c3160988e4c3423ce4a71c39544bc0045888fec1 firmware.bin

8
hw/application_fpga/fw/tk1/main.c
View File

@ -28,8 +28,8 @@ static volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_
static volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER; static volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER;
static volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS; static volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS;
static volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL; static volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL;
static volatile uint32_t *ram_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND; static volatile uint32_t *ram_addr_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND;
static volatile uint32_t *ram_scramble = (volatile uint32_t *)TK1_MMIO_TK1_RAM_SCRAMBLE; static volatile uint32_t *ram_data_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_DATA_RAND;
// clang-format on // clang-format on
// Context for the loading of a TKey program // Context for the loading of a TKey program
@ -388,8 +388,8 @@ static void scramble_ram(void)
} }
// Set RAM address and data scrambling parameters // Set RAM address and data scrambling parameters
*ram_rand = rnd_word(); *ram_addr_rand = rnd_word();
*ram_scramble = rnd_word(); *ram_data_rand = rnd_word();
} }
int main(void) int main(void)

2
hw/application_fpga/fw/tk1_mem.h
View File

@ -136,7 +136,9 @@
// Deprecated - use _ADDR_RAND instead // Deprecated - use _ADDR_RAND instead
#define TK1_MMIO_TK1_RAM_ASLR 0xff000100 #define TK1_MMIO_TK1_RAM_ASLR 0xff000100
#define TK1_MMIO_TK1_RAM_ADDR_RAND 0xff000100 #define TK1_MMIO_TK1_RAM_ADDR_RAND 0xff000100
// Deprecated - use _DATA_RAND instead
#define TK1_MMIO_TK1_RAM_SCRAMBLE 0xff000104 #define TK1_MMIO_TK1_RAM_SCRAMBLE 0xff000104
#define TK1_MMIO_TK1_RAM_DATA_RAND 0xff000104
#define TK1_MMIO_TK1_CPU_MON_CTRL 0xff000180 #define TK1_MMIO_TK1_CPU_MON_CTRL 0xff000180
#define TK1_MMIO_TK1_CPU_MON_FIRST 0xff000184 #define TK1_MMIO_TK1_CPU_MON_FIRST 0xff000184

14
hw/application_fpga/rtl/application_fpga.v
View File

@ -146,8 +146,8 @@ module application_fpga(
wire tk1_ready; wire tk1_ready;
wire fw_app_mode; wire fw_app_mode;
wire force_trap; wire force_trap;
wire [14 : 0] ram_aslr; wire [14 : 0] ram_addr_rand;
wire [31 : 0] ram_scramble; wire [31 : 0] ram_data_rand;
/* verilator lint_on UNOPTFLAT */ /* verilator lint_on UNOPTFLAT */
@ -321,8 +321,8 @@ module application_fpga(
.cpu_trap(cpu_trap), .cpu_trap(cpu_trap),
.force_trap(force_trap), .force_trap(force_trap),
.ram_aslr(ram_aslr), .ram_addr_rand(ram_addr_rand),
.ram_scramble(ram_scramble), .ram_data_rand(ram_data_rand),
`ifdef INCLUDE_SPI_MASTER `ifdef INCLUDE_SPI_MASTER
.spi_ss(spi_ss), .spi_ss(spi_ss),
@ -387,8 +387,8 @@ module application_fpga(
ram_cs = 1'h0; ram_cs = 1'h0;
ram_we = 4'h0; ram_we = 4'h0;
ram_address = cpu_addr[16 : 2] ^ ram_aslr; ram_address = cpu_addr[16 : 2] ^ ram_addr_rand;
ram_write_data = cpu_wdata ^ ram_scramble ^ {2{cpu_addr[15 : 0]}}; ram_write_data = cpu_wdata ^ ram_data_rand ^ {2{cpu_addr[15 : 0]}};
fw_ram_cs = 1'h0; fw_ram_cs = 1'h0;
fw_ram_we = cpu_wstrb; fw_ram_we = cpu_wstrb;
@ -438,7 +438,7 @@ module application_fpga(
RAM_PREFIX: begin RAM_PREFIX: begin
ram_cs = 1'h1; ram_cs = 1'h1;
ram_we = cpu_wstrb; ram_we = cpu_wstrb;
muxed_rdata_new = ram_read_data ^ ram_scramble ^ {2{cpu_addr[15 : 0]}}; muxed_rdata_new = ram_read_data ^ ram_data_rand ^ {2{cpu_addr[15 : 0]}};
muxed_ready_new = ram_ready; muxed_ready_new = ram_ready;
end end