mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-01-12 07:59:26 -05:00
Revise top-level README for the hardware design
Merged information from fpga.md, and hence fpga.md is removed.
This commit is contained in:
parent
9f975bb66f
commit
86aedcce69
@ -1,186 +0,0 @@
|
|||||||
# The TKey FPGA
|
|
||||||
|
|
||||||
## Introduction
|
|
||||||
The TKey application FPGA (application_fpga design) contain
|
|
||||||
the application platform CPU system onto which secure applications
|
|
||||||
are loaded, measured and executed. The platform is a compact
|
|
||||||
System on Chip (SoC) with the following cores.
|
|
||||||
|
|
||||||
![The Application FPGA block diagram](../images/application_fpga_block_diagram.png)
|
|
||||||
|
|
||||||
The application FPGA is currently implemented using a Lattice
|
|
||||||
[iCE40 UltraPlus UP5K device](https://www.latticesemi.com/en/Products/FPGAandCPLD/iCE40UltraPlus).
|
|
||||||
Only open tools are used in the toolchain.
|
|
||||||
|
|
||||||
|
|
||||||
### Top level
|
|
||||||
|
|
||||||
The top level application_fpga design contain instances of all cores as
|
|
||||||
well as the memory system. The memory system allows the CPU to access
|
|
||||||
cores in different ways given the current exection mode. There are two
|
|
||||||
execution modes - firmware and application. Basically, in application mode
|
|
||||||
the access is more restrictive.
|
|
||||||
|
|
||||||
The API for all cores is described in the Memory mapped hardware
|
|
||||||
functions in the [System
|
|
||||||
Description](system_description.md#memory-mapped-hardware-functions).
|
|
||||||
|
|
||||||
|
|
||||||
### Cores
|
|
||||||
|
|
||||||
#### CPU
|
|
||||||
The CPU core is an instance of the [PicoRV32 core](https://github.com/YosysHQ/picorv32).
|
|
||||||
The instance enables the following features
|
|
||||||
|
|
||||||
- Compressed ISA (C extension)
|
|
||||||
- Fast multiplication. Two cycles for 32x32 multiplication
|
|
||||||
- Barrel shifter
|
|
||||||
|
|
||||||
No other modification to the core has been done.
|
|
||||||
No interrupts are used.
|
|
||||||
|
|
||||||
|
|
||||||
#### Clock and reset
|
|
||||||
|
|
||||||
The device does not rely on external clock or reset. Instead the
|
|
||||||
internal HFOSC oscillator combined with an internal PLL is used to generate
|
|
||||||
the main clock. Currently the clock frequency driving the SoC is 18 MHz.
|
|
||||||
|
|
||||||
The device also generates its own reset.
|
|
||||||
|
|
||||||
|
|
||||||
#### FW ROM
|
|
||||||
|
|
||||||
The ROM memory containing the firmware. After reset the CPU will
|
|
||||||
read from the ROM to load, measure and start applications.
|
|
||||||
|
|
||||||
The RAM memort is only accessible by the firmware.
|
|
||||||
|
|
||||||
|
|
||||||
#### FW RAM
|
|
||||||
|
|
||||||
A 512w32 small RAM only accessible by the firmware. The firmware
|
|
||||||
use the RAM during loading and measurement of the application.
|
|
||||||
|
|
||||||
|
|
||||||
#### UDS
|
|
||||||
|
|
||||||
Unique Device Secret memory.
|
|
||||||
|
|
||||||
A 256 bit memory implemented using eight 32-bit registers. The
|
|
||||||
registers can only be accessed once between power cycling. This means
|
|
||||||
that the UDS **must** be read as u32. If read as u8, only the first
|
|
||||||
byte from a given address will be correct, subsequent bytes will be
|
|
||||||
zero.
|
|
||||||
|
|
||||||
The UDS can only be read in FW mode. Reading from the UDS in APP mode
|
|
||||||
will return all zeros.
|
|
||||||
|
|
||||||
|
|
||||||
#### Application RAM
|
|
||||||
|
|
||||||
The 128 KByte main RAM. The RAM is only used by applications.
|
|
||||||
The memory is cleared by firmware before an application is loaded.
|
|
||||||
|
|
||||||
The application RAM is available to use by firmware and applications.
|
|
||||||
|
|
||||||
|
|
||||||
#### Timer
|
|
||||||
|
|
||||||
A general purpose 32 bit timer. The timer will count down from
|
|
||||||
the initial value to one. In order to handle long time sequences
|
|
||||||
(minutes, hours, days) there is also a 32 bit prescaler.
|
|
||||||
|
|
||||||
The timer is available to use by firmware and applications.
|
|
||||||
|
|
||||||
|
|
||||||
#### UART
|
|
||||||
|
|
||||||
A standard UART interface for receiving bytes from and send bytes
|
|
||||||
to the host via the interface MCU on the TKey.
|
|
||||||
|
|
||||||
The UART default speed is 62500 bps, but can be adjusted by the
|
|
||||||
application. (Note that the host must set the same bitrate too.)
|
|
||||||
|
|
||||||
The UART contain a 512 but Rx-FIFO with status (data available).
|
|
||||||
|
|
||||||
The timer is available to use by firmware and applications.
|
|
||||||
|
|
||||||
|
|
||||||
#### TRNG
|
|
||||||
|
|
||||||
The TRNG is a ring oscillator based internal entropy source, or
|
|
||||||
True Random Number Generator (TRNG). By default the TRNG use 32
|
|
||||||
free running digital oscillators. By default, the oscillators are
|
|
||||||
sampled after 4096 cycles. The states are XOR combined to create
|
|
||||||
a single bit. After another 4096 cycles a second bit is created,
|
|
||||||
and the two bits are XOR combined to a single entropy bit. The
|
|
||||||
entropy bit is added to a 32 bit entropy word.
|
|
||||||
|
|
||||||
After 32 bits has been collected, the data ready flag is set,
|
|
||||||
indicating that an entropy word is ready for consumption. Note
|
|
||||||
that entropy bit generation and collections is running continuously,
|
|
||||||
bits will be added, and the discarded after 32 more bits have
|
|
||||||
been added.
|
|
||||||
|
|
||||||
If a data word has been read from the TRNG, by default at least
|
|
||||||
32 bits will collected before new data will be available.
|
|
||||||
|
|
||||||
The TRNG is available to use by firmware and applications.
|
|
||||||
|
|
||||||
Note: The TRNG generates entropy with a fairly good quality.
|
|
||||||
However for security related use cases, for example keys, the TRNG
|
|
||||||
should not be used directly. Instead use it to create a seed
|
|
||||||
for a Digital Random Bit Generator (DRBG), also known as a
|
|
||||||
Cryptographically Safe Pseudo Random Number Generator (CSPRNG).
|
|
||||||
|
|
||||||
Examples of such generators are Hash_DRGG, CTR_DRBG, HKDF.
|
|
||||||
|
|
||||||
|
|
||||||
#### Touch sensor
|
|
||||||
|
|
||||||
The core provides a stable interface to the touch sensor on the
|
|
||||||
TKey device. Using the core, the firmware and applications can
|
|
||||||
get information about touch events and manage detection of
|
|
||||||
events.
|
|
||||||
|
|
||||||
It is recommended that SW start by acknowledge any stray events prior
|
|
||||||
to signal the user that a touch event is expected and then start
|
|
||||||
waiting for an event.
|
|
||||||
|
|
||||||
The touch sensor is available to use by firmware and applications.
|
|
||||||
|
|
||||||
|
|
||||||
#### TKey
|
|
||||||
|
|
||||||
The TKey core contains several functions, and acts as
|
|
||||||
main HW interface between firmware and applications. The core
|
|
||||||
includes:
|
|
||||||
|
|
||||||
- Read access to the 64 bit FPGA design name, expressed as ASCII chars.
|
|
||||||
- Read access to the 32 bit FPGA design version, expressed as an integer
|
|
||||||
|
|
||||||
- Control and status access for the RGB LED on TKey board
|
|
||||||
- Setting bit 0 high turns on the Blue LED.
|
|
||||||
- Setting bit 1 high turns on the Green LED.
|
|
||||||
- Setting bit 2 high turns on the Red LED.
|
|
||||||
|
|
||||||
- Control and status access for the 4 GPIOs on the TKey board
|
|
||||||
- GPIO 1 and 2 are inputs and provide read access to the
|
|
||||||
current sampled value digital values on the pins.
|
|
||||||
|
|
||||||
- GPIO 3 and 4 are outputs. The digital value written to
|
|
||||||
the bits will be presented on the pins.
|
|
||||||
|
|
||||||
- Application read access to information about the loaded
|
|
||||||
application. The information is written by the firmware.
|
|
||||||
- Start address
|
|
||||||
- Size of address
|
|
||||||
|
|
||||||
- Application read access to the CDI generated and written
|
|
||||||
by the firmware when the application is loaded.
|
|
||||||
|
|
||||||
- Application-Firmware execution mode control. Can be read
|
|
||||||
by the application and written by firmware. When written
|
|
||||||
to by the firmware, the hardware will switch to application
|
|
||||||
mode and start executing the application.
|
|
@ -1,93 +1,116 @@
|
|||||||
# System Description
|
# TKey hardware design
|
||||||
|
|
||||||
**NOTE:** Documentation migrated to dev.tillitis.se, this is kept for
|
![The Application FPGA block diagram](../../doc/images/application_fpga_block_diagram.png)
|
||||||
history. This is likely to be outdated.
|
|
||||||
|
|
||||||
## Purpose and Revision
|
The application FPGA is implemented using a Lattice [iCE40 UltraPlus
|
||||||
|
UP5K
|
||||||
|
device](https://www.latticesemi.com/en/Products/FPGAandCPLD/iCE40UltraPlus).
|
||||||
|
Only open tools are used in the toolchain.
|
||||||
|
|
||||||
The purpose of this document is to provide a description of the
|
The design top level is in `rtl/application_fpga.v`. It contains
|
||||||
Tillitis TKey. What it is, what is supposed to be used for, by whom,
|
instances of all cores as well as the memory system.
|
||||||
where and possible use cases. The document also provides a functional
|
|
||||||
level description of features and components of the TKey.
|
|
||||||
|
|
||||||
Finally, the document acts as a requirement description. For the
|
The memory system allows the CPU to access cores in different ways
|
||||||
requirements, the document follows
|
given the current execution mode. There are two execution modes -
|
||||||
[RFC2119](https://datatracker.ietf.org/doc/html/rfc2119) to indicate
|
firmware and application. Basically, in application mode the access is
|
||||||
requirement levels.
|
more restrictive.
|
||||||
|
|
||||||
The described functionality and requirements applies to version 1 of
|
The rest of the components are under `cores`. They typically have
|
||||||
the TKey (TK1)
|
their own `README.md` file documenting them and their API in detail.
|
||||||
|
|
||||||
The intended users of this document are:
|
Hardware functions with APIs, assets, and input/output are memory
|
||||||
- Implementors of the TKey hardware, firmware and SDKs
|
mapped starting at base address `0xc000_0000`. For specific offsets
|
||||||
- Developers of secure applications for the TKey
|
and bitmasks, see the file `fw/tk1_mem.h`.
|
||||||
- Technically skilled third parties that wants to understand the
|
|
||||||
TKey
|
|
||||||
|
|
||||||
|
Rough memory map:
|
||||||
|
|
||||||
## Introduction
|
| *name* | *prefix* |
|
||||||
The TKey is a USB-connected, RISC-V based application platform. The
|
|---------|----------|
|
||||||
purpose of the TKey is to provide a secure environment for TKey device
|
| ROM | 0x00 |
|
||||||
apps that provides some security functionality to the client as needed
|
| RAM | 0x40 |
|
||||||
by the use case and device user. Some examples of such security
|
| TRNG | 0xc0 |
|
||||||
functionality are:
|
| Timer | 0xc1 |
|
||||||
|
| UDS | 0xc2 |
|
||||||
|
| UART | 0xc3 |
|
||||||
|
| Touch | 0xc4 |
|
||||||
|
| FW\_RAM | 0xd0 |
|
||||||
|
| TK1 | 0xff |
|
||||||
|
|
||||||
- TOTP token generators
|
## `clk_reset_gen`
|
||||||
- Signing oracles
|
|
||||||
- SSH login dongles
|
|
||||||
|
|
||||||
|
Generator for system clock and system reset.
|
||||||
|
|
||||||
## TKey Security Features
|
The device does not rely on external clock or reset. Instead the
|
||||||
|
internal HFOSC oscillator combined with an internal PLL is used to
|
||||||
|
generate the main clock. Currently the clock frequency driving the SoC
|
||||||
|
is 21 MHz.
|
||||||
|
|
||||||
### Measured Based Security
|
The device also generates its own reset.
|
||||||
The key, unique feature of the TKey is that it measures the secure
|
|
||||||
application when the application is being loaded onto the device. The
|
|
||||||
measurement (a hash digest), combined with a Unique Device Secret
|
|
||||||
(UDS) is used to derive a base secret for the application.
|
|
||||||
|
|
||||||
The consequence of this is that if the application is altered,
|
## `fw_ram`
|
||||||
the base secret derived will also change. Conversely, if the keys
|
|
||||||
derived from the base secret are the same as the last time the
|
|
||||||
application was loaded onto the same device, the application can
|
|
||||||
be trusted not to have been altered.
|
|
||||||
|
|
||||||
Note that since the UDS is per-device unique, the same application
|
Special firmware-only RAM. Unreachable from app mode.
|
||||||
loaded onto another TKey device will derive a different set of keys.
|
|
||||||
This ties keys to a specific device.
|
|
||||||
|
|
||||||
The derivation can also be combined with a User Supplied Secret
|
## `picorv32`
|
||||||
(USS). This means that keys derived are both based on something the user
|
|
||||||
has - the specific device, and something the user knows (the USS). And
|
|
||||||
the derived can be trusted because of the measurement being used
|
|
||||||
by the derivation, thereby verifying the integrity of the application.
|
|
||||||
|
|
||||||
### Execution monitor
|
A softcore 32 bit RISC-V CPU from [upstreams
|
||||||
|
PicoRV32](https://github.com/YosysHQ/picorv32).
|
||||||
|
|
||||||
The purpose of the The Tillitis TKey execution monitor is to ensure
|
Configuration of optional CPU features like `ENABLE_FAST_MUL` et
|
||||||
that execution of instructions does not happen from memory areas
|
cetera are in `rtl/application_fpga.v`.
|
||||||
containing application data och the stack.
|
|
||||||
|
|
||||||
The monitor continuously observes the address from which the CPU wants
|
The instance enables the following features
|
||||||
to fetch the next instruction. If that address falls within a defined
|
|
||||||
address range from which execution is not allowed, the monitor will
|
|
||||||
force the CPU to read an illegal instruction. This will cause the CPU
|
|
||||||
to enter its trap state. There is no way out of this state, and the
|
|
||||||
user must perform a power cycle of the TKey device.
|
|
||||||
|
|
||||||
Currently the following rules are implemented by the execution monitor
|
- Compressed ISA (C extension)
|
||||||
(future releases may add more rules):
|
- Fast multiplication. Two cycles for 32x32 multiplication
|
||||||
|
- Barrel shifter
|
||||||
|
|
||||||
- Execution from the firmware RAM (fw\_ram) is always blocked by the
|
No other modification to the core has been done. No interrupts are
|
||||||
monitor
|
used.
|
||||||
- Applications can define the area within RAM from which execution
|
|
||||||
should be blocked
|
|
||||||
|
|
||||||
The application can define its no execution area to the
|
## `ram`
|
||||||
ADDR\_CPU\_MON\_FIRST and ADDR\_CPU\_MON\_LAST registers in the tk1 core.
|
|
||||||
When the registers have been set the application can enable the
|
The 128 KByte main RAM. The RAM is only used by applications.
|
||||||
monitor for the area by writing to the ADDR\_CPU\_MON\_CTRL register.
|
The memory is cleared by firmware before an application is loaded.
|
||||||
Note that once the monitor has been enabled it can't be disabled and
|
|
||||||
the addresses defining the area can't be changed.
|
The application RAM is available to use by firmware and applications.
|
||||||
|
|
||||||
|
MC: Is the scrambling here now?
|
||||||
|
|
||||||
|
## `rom`
|
||||||
|
|
||||||
|
ROM for the firmware. The firmware.elf minus the ELF header is
|
||||||
|
embedded here in the bitstream.
|
||||||
|
|
||||||
|
After reset the CPU will initialize the program counter to start of
|
||||||
|
ROM.
|
||||||
|
|
||||||
|
## `timer`
|
||||||
|
|
||||||
|
A general purpose 32 bit timer. The timer will count down from the
|
||||||
|
initial value to one. In order to handle long time sequences (minutes,
|
||||||
|
hours, days) there is also a 32 bit prescaler.
|
||||||
|
|
||||||
|
The timer is available to use by firmware and applications.
|
||||||
|
|
||||||
|
## `tk1`
|
||||||
|
|
||||||
|
See [tk1 README](core/tk1/README.md) for details.
|
||||||
|
|
||||||
|
Contains:
|
||||||
|
|
||||||
|
- FPGA name and version.
|
||||||
|
- Execution mode control: firmware mode/application mode.
|
||||||
|
- RGB LED control.
|
||||||
|
- General purpose input/output (GPIO) pin control.
|
||||||
|
- Application introspection: start address and size of binary.
|
||||||
|
- BLAKE2s function access.
|
||||||
|
- Compound Device Identity (CDI).
|
||||||
|
- Unique Device Identity (UDI).
|
||||||
|
- RAM memory protection.
|
||||||
|
- Security monitor.
|
||||||
|
- SPI main.
|
||||||
|
- System reset.
|
||||||
|
|
||||||
### Illegal instruction monitor
|
### Illegal instruction monitor
|
||||||
|
|
||||||
@ -150,177 +173,56 @@ use real encryption (for example PRINCE) for memory content
|
|||||||
protection. From the application point of view such a change will be
|
protection. From the application point of view such a change will be
|
||||||
transparent.
|
transparent.
|
||||||
|
|
||||||
## Assets
|
## `touch_sense`
|
||||||
|
|
||||||
The TKey store and use the following assets internally:
|
Provide touch sensor events to software.
|
||||||
|
|
||||||
- UDS - Unique Device Secret. 256 bits. Provisioned and stored during
|
It is recommended that software start by acknowledge any stray events
|
||||||
device manufacturing. Never to be replaced during the life time of
|
prior to signalling to the user that a touch event is expected and
|
||||||
a given device. Used to derive application secrets. Must never leave
|
then start waiting for an event.
|
||||||
the device. Tillitis will NOT store a copy of the UDS. Can be read
|
|
||||||
by firmware once between power cycling
|
|
||||||
|
|
||||||
- UDI - Unique Device ID. 64 bits. Provisioned and stored during
|
The touch sensor is available to use by firmware and applications.
|
||||||
device manufacturing. Only accessible by FW. Never to be replaced or
|
|
||||||
altered during the life time of a given device. May be copied,
|
|
||||||
extracted, read from the device.
|
|
||||||
|
|
||||||
- CDI - Compound Device Identity. Computed by the FW when an
|
## `trng`
|
||||||
application is loaded using the UDS and the application binary. Used
|
|
||||||
by the application to derive secrets, keys as needed. The CDI should
|
|
||||||
never be exposed.
|
|
||||||
|
|
||||||
Additionally the following asset could be provided from the host:
|
Provide a True Random Number Generator to software.
|
||||||
|
|
||||||
- USS - User Supplied Secret. May possibly be replaced many times.
|
The TRNG generates entropy with a fairly good quality. However for
|
||||||
Supplied from the host to the device. Should not be revealed to a
|
security related use cases, for example key generation, the TRNG
|
||||||
third party.
|
should not be used directly. Instead use it to create a seed, and
|
||||||
|
reseed as necessary, for a Digital Random Bit Generator (DRBG), also
|
||||||
|
known as a Cryptographically Safe Pseudo Random Number Generator
|
||||||
|
(CSPRNG). Examples of such generators are Hash\_DRGG, CTR\_DRBG, and
|
||||||
|
HKDF.
|
||||||
|
|
||||||
## Memory
|
## `uart`
|
||||||
|
|
||||||
Addressing:
|
A simple universal asynchronous receiver/transmitter (UART) used for
|
||||||
|
communication with the client through the USB controller.
|
||||||
|
|
||||||
```
|
The UART default speed is 62500 bps, but can be adjusted by the
|
||||||
31st bit 0th bit
|
application. (Note that the host must set the same bitrate too.)
|
||||||
v v
|
|
||||||
0000 0000 0000 0000 0000 0000 0000 0000
|
|
||||||
|
|
||||||
- Bits [31 .. 30] (2 bits): Top level prefix (described below)
|
The UART contain a 512 but Rx-FIFO with status (data available).
|
||||||
- Bits [29 .. 24] (6 bits): Core select. We want to support at least 16 cores
|
|
||||||
- Bits [23 .. 0] (24 bits): Memory/in-core address.
|
|
||||||
```
|
|
||||||
|
|
||||||
Assigned top level prefixes:
|
The UART is available to use by firmware and applications.
|
||||||
|
|
||||||
| *name* | *prefix* | *address length* |
|
## `uds`
|
||||||
|----------|----------|--------------------------------------|
|
|
||||||
| ROM | 0b00 | 30 bit address |
|
|
||||||
| RAM | 0b01 | 30 bit address |
|
|
||||||
| reserved | 0b10 | |
|
|
||||||
| MMIO | 0b11 | 6 bits for core select, 24 bits rest |
|
|
||||||
|
|
||||||
| *memory* | *first byte* | *last byte* |
|
The Unique Device Secret. During build initial value is taken from
|
||||||
|----------|--------------|------------------------------|
|
`data/uds.hex`.
|
||||||
| ROM | 0x0000\_0000 | 0x0000\_17ff |
|
|
||||||
| RAM | 0x4000\_0000 | 0x4001\_ffff |
|
|
||||||
| MMIO | 0xc000\_0000 | 0xffff\_ffff (last possible) |
|
|
||||||
|
|
||||||
### Memory mapped hardware functions
|
However, with the finished bitstream you can patch in another UDS and
|
||||||
|
UDI by using `tools/patch_uds_udi.py` with nextpnr.
|
||||||
|
|
||||||
Hardware functions, assets, and input/output are memory mapped (MMIO)
|
It's a 256 bit memory implemented using eight 32-bit registers. The
|
||||||
starting at base address `0xc000_0000`. For specific offsets/bitmasks,
|
registers can only be accessed once between power cycling. This means
|
||||||
see the file [tk1_mem.h](../../hw/application_fpga/fw/tk1_mem.h) (in
|
that the UDS **must** be read as u32. If read as u8, only the first
|
||||||
this repo).
|
byte from a given address will be correct, subsequent bytes will be
|
||||||
|
zero.
|
||||||
Assigned core prefixes:
|
|
||||||
|
|
||||||
| *name* | *address prefix* |
|
|
||||||
|--------|------------------|
|
|
||||||
| TRNG | 0xc0 |
|
|
||||||
| TIMER | 0xc1 |
|
|
||||||
| UDS | 0xc2 |
|
|
||||||
| UART | 0xc3 |
|
|
||||||
| TOUCH | 0xc4 |
|
|
||||||
| FW_RAM | 0xd0 |
|
|
||||||
| TK1 | 0xff |
|
|
||||||
|
|
||||||
*Nota bene*: MMIO accesses should be 32 bit wide, e.g use `lw` and
|
|
||||||
`sw`. Exceptions are `UDS`, `FW_RAM` and `QEMU_DEBUG`.
|
|
||||||
|
|
||||||
| *name* | *fw* | *app* | *size* | *type* | *content* | *description* |
|
|
||||||
|--------------------|-------|-----------|--------|----------|-----------|-------------------------------------------------------------------------|
|
|
||||||
| `TRNG_STATUS` | r | r | | | | TRNG_STATUS_READY_BIT is 1 when an entropy word is available. |
|
|
||||||
| `TRNG_ENTROPY` | r | r | 4B | u32 | | Entropy word. Reading a word will clear status. |
|
|
||||||
| `TIMER_CTRL` | r/w | r/w | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 0, setting |
|
|
||||||
| | | | | | | TIMER_CTRL_START_BIT here starts the timer. |
|
|
||||||
| | | | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 1, setting |
|
|
||||||
| | | | | | | TIMER_CTRL_STOP_BIT here stops the timer. |
|
|
||||||
| `TIMER_STATUS` | r | r | | | | TIMER_STATUS_RUNNING_BIT is 1 when the timer is running. |
|
|
||||||
| `TIMER_PRESCALER` | r/w | r/w | 4B | | | Prescaler init value. Write blocked when running. |
|
|
||||||
| `TIMER_TIMER` | r/w | r/w | 4B | | | Timer init or current value while running. Write blocked when running. |
|
|
||||||
| `UDS_FIRST` | r[^3] | invisible | 4B | u8[32] | | First word of Unique Device Secret key. Note: Read once per power up. |
|
|
||||||
| `UDS_LAST` | | invisible | | | | The last word of the UDS. Note: Read once per power up. |
|
|
||||||
| `UART_BITRATE` | r/w | | | | | TBD |
|
|
||||||
| `UART_DATABITS` | r/w | | | | | TBD |
|
|
||||||
| `UART_STOPBITS` | r/w | | | | | TBD |
|
|
||||||
| `UART_RX_STATUS` | r | r | 1B | u8 | | Non-zero when there is data to read |
|
|
||||||
| `UART_RX_DATA` | r | r | 1B | u8 | | Data to read. Only LSB contains data |
|
|
||||||
| `UART_RX_BYTES` | r | r | 4B | u32 | | Number of bytes received from the host and not yet read by SW, FW. |
|
|
||||||
| `UART_TX_STATUS` | r | r | 1B | u8 | | Non-zero when it's OK to write data to send. |
|
|
||||||
| `UART_TX_DATA` | w | w | 1B | u8 | | Data to send. Only LSB contains data |
|
|
||||||
| `TOUCH_STATUS` | r/w | r/w | | | | TOUCH_STATUS_EVENT_BIT is 1 when touched. After detecting a touch |
|
|
||||||
| | | | | | | event (reading a 1), write anything here to acknowledge it. |
|
|
||||||
| `FW_RAM` | r/w | invisible | 2 kiB | u8[2048] | | Firmware-only RAM. |
|
|
||||||
| `UDI` | r | invisible | 8B | u64 | | Unique Device ID (UDI). |
|
|
||||||
| `QEMU_DEBUG` | w | w | | u8 | | Debug console (only in QEMU) |
|
|
||||||
| `NAME0` | r | r | 4B | char[4] | "tk1 " | ID of core/stick |
|
|
||||||
| `NAME1` | r | r | 4B | char[4] | "mkdf" | ID of core/stick |
|
|
||||||
| `VERSION` | r | r | 4B | u32 | 1 | Current version. |
|
|
||||||
| `SYSTEM_MODE_CTRL` | r/w | r | 1B | u8 | | Write anything here to trigger the switch to application mode. Reading |
|
|
||||||
| | | | | | | returns 0 if device is in firmware mode, 0xffffffff if in app mode. |
|
|
||||||
| `LED` | r/w | r/w | 1B | u8 | | Control of the color LEDs in RBG LED on the board. |
|
|
||||||
| | | | | | | Bit 0 is Blue, bit 1 is Green, and bit 2 is Red LED. |
|
|
||||||
| `GPIO` | r/w | r/w | 1B | u8 | | Bits 0 and 1 contain the input level of GPIO 1 and 2. |
|
|
||||||
| | | | | u8 | | Bits 3 and 4 store the output level of GPIO 3 and 4. |
|
|
||||||
| `APP_ADDR` | r/w | r | 4B | u32 | | Firmware stores app load address here, so app can read its own location |
|
|
||||||
| `APP_SIZE` | r/w | r | 4B | u32 | | Firmware stores app app size here, so app can read its own size |
|
|
||||||
| `BLAKE2S` | r/w | r | 4B | u32 | | Function pointer to a BLAKE2S function in the firmware |
|
|
||||||
| `CDI_FIRST` | r/w | r | 32B | u8[32] | | Compound Device Identifier (CDI). UDS+measurement... |
|
|
||||||
| `CDI_LAST` | | r | | | | Last word of CDI |
|
|
||||||
| `RAM_ASLR` | w | invisible | 4B | u32 | | Address Space Randomization seed value for the RAM |
|
|
||||||
| `RAM_SCRAMBLE` | w | invisible | 4B | u32 | | Data scrambling seed value for the RAM |
|
|
||||||
| `CPU_MON_CTRL` | w | w | 4B | u32 | | Bit 0 enables CPU execution monitor. Can't be unset. Lock adresses |
|
|
||||||
| `CPU_MON_FIRST` | w | w | 4B | u32 | | First address of the area monitored for execution attempts |
|
|
||||||
| `CPU_MON_LAST` | w | w | 4B | u32 | | Last address of the area monitored for execution attempts |
|
|
||||||
|
|
||||||
[^3]: The UDS can only be read *once* per power-cycle.
|
|
||||||
|
|
||||||
## Subsystems and Components
|
|
||||||
|
|
||||||
The TKey as a project, system and secure application platform
|
|
||||||
consists of a number of subsystems and components, modules, support
|
|
||||||
libraries etc. Roughly these can be divided into:
|
|
||||||
|
|
||||||
- TKey boards. PCB designs including schematics, Bill of Material
|
|
||||||
(BOM) and layout, as needed for development, production and and
|
|
||||||
general usage of the TKey devices
|
|
||||||
|
|
||||||
- TKey programmer. SW, PCB designs including schematics, Bill of
|
|
||||||
Material (BOM) and layout, as needed for development, production
|
|
||||||
and and provisioning, programming general usage
|
|
||||||
|
|
||||||
- USB to UART controller. FW for the MCU implementing the USB host
|
|
||||||
interface on the TKey
|
|
||||||
|
|
||||||
- application\_fpga. FPGA design with cores including CPU and memory that
|
|
||||||
implements the secure application platform
|
|
||||||
|
|
||||||
- application\_fpga FW. The base software running on the CPU as needed to
|
|
||||||
boot, load applications, measure applications, dderive base secret etc
|
|
||||||
|
|
||||||
- One or more applications loaded onto the application\_fpga to provide
|
|
||||||
some functionality to the user of the host
|
|
||||||
|
|
||||||
- host side application loader. Software that talks to the FW in the
|
|
||||||
application\_fpga to load a secure application
|
|
||||||
|
|
||||||
- host side boot, management. Support software to boot, authenticate
|
|
||||||
the TKey device connected to a host
|
|
||||||
|
|
||||||
- host side secure application. Software that communicates with the
|
|
||||||
secure application running in the application\_fpga as needed to solve
|
|
||||||
a security objective
|
|
||||||
|
|
||||||
- application\_fpga FW SDK. Tools, libraries, documentation and examples
|
|
||||||
to support development of the application\_fpga firmware
|
|
||||||
|
|
||||||
- secure application SDK. Tools, libraries, documentation and examples
|
|
||||||
to support development of the secure applications to be loaded onto
|
|
||||||
the application\_fpga
|
|
||||||
|
|
||||||
- host side secure application SDK. Tools, libraries, documentation and
|
|
||||||
examples to support development of the host applications
|
|
||||||
|
|
||||||
|
The UDS can only be read in firmware mode. Reading from the UDS in
|
||||||
|
application mode will return all zeros.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
More detailed information about the firmware running on the device can
|
More detailed information about the firmware running on the device can
|
||||||
|
Loading…
Reference in New Issue
Block a user