Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-04-20 15:25:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

Automatically control system_mode in hardware

Browse Source 
Raise privilege (go to firmware mode) when a function call occurs
to the function set in syscall_addr_reg. Automatically revoke privilege
when executing above ROM (go to app mode).

Remove the option of writing to system_mode through the API.

Co-authored-by: Mikael Ågren <mikael@tillitis.se>
This commit is contained in:
Daniel Jobson 2024-11-14 14:02:53 +01:00
parent 34aeefe350
commit 6aa01f2d8c
No known key found for this signature in database
GPG Key ID: 3707A9DBF4BB8F1A
1 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
hw/application_fpga/core/tk1/rtl/tk1.v
View File

@ -106,6 +106,7 @@ module tk1 (
localparam FW_RAM_FIRST = 32'hd0000000;
localparam FW_RAM_LAST = 32'hd00007ff;
localparam FW_ROM_LAST = 32'h00001fff;
// ILLEGAL_ADDR is outside of the physical memory, and will trap in
// the security monitor if accessed.
@ -118,6 +119,7 @@ module tk1 (
reg cdi_mem_we;
reg system_mode_reg;
reg system_mode_new;
reg system_mode_we;
reg [ 2 : 0] led_reg;
@ -297,7 +299,7 @@ module tk1 (
gpio2_reg[1] <= gpio2_reg[0];
if (system_mode_we) begin
system_mode_reg <= 1'h1;
system_mode_reg <= system_mode_new;
end
if (led_we) begin
@ -422,12 +424,33 @@ module tk1 (
end
end
//----------------------------------------------------------------
// system_mode_ctrl will raise the privilege when the function in
// `syscall_addr_reg` is called.
//
// Automatically lowers the privilege when executing above ROM
// ----------------------------------------------------------------
always @* begin : system_mode_ctrl
system_mode_new = 1'h0;
system_mode_we = 1'h0;
if (cpu_valid & cpu_instr) begin
if (cpu_addr == syscall_addr_reg) begin
system_mode_new = 1'h0;
system_mode_we = 1'h1;
end
if (cpu_addr > FW_ROM_LAST) begin
system_mode_new = 1'h1;
system_mode_we = 1'h1;
end
end
end
//----------------------------------------------------------------
// api
//----------------------------------------------------------------
always @* begin : api
system_mode_we = 1'h0;
led_we = 1'h0;
gpio3_we = 1'h0;
gpio4_we = 1'h0;
@ -455,10 +478,6 @@ module tk1 (
if (cs) begin
tmp_ready = 1'h1;
if (we) begin
if (address == ADDR_SYSTEM_MODE_CTRL) begin
system_mode_we = 1'h1;
end
if (address == ADDR_LED) begin
led_we = 1'h1;
end