From eacfd6eddc9173eea36b3238c203a96160db3915 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikael=20=C3=85gren?= Date: Mon, 16 Dec 2024 13:00:54 +0100 Subject: [PATCH] PoC: Remove low privilege syscall --- hw/application_fpga/README.md | 22 +++++---------- hw/application_fpga/core/tk1/rtl/tk1.v | 3 +- hw/application_fpga/rtl/application_fpga.v | 26 +++-------------- hw/application_fpga/tb/application_fpga_sim.v | 28 +++---------------- 4 files changed, 16 insertions(+), 63 deletions(-) diff --git a/hw/application_fpga/README.md b/hw/application_fpga/README.md index 80fd9ba..ee25709 100644 --- a/hw/application_fpga/README.md +++ b/hw/application_fpga/README.md @@ -35,7 +35,6 @@ Rough memory map: | UART | 0xc3 | | Touch | 0xc4 | | FW\_RAM | 0xd0 | -| IRQ30\_SET | 0xe0 | | IRQ31\_SET | 0xe1 | | TK1 | 0xff | @@ -99,11 +98,6 @@ hours, days) there is also a 32 bit prescaler. The timer is available to use by firmware and applications. -## `irq30_set` - -Interrupt 30 trigger area. A 32-bit write to the IRQ30\_SET memory -area will trigger interrupt 30. - ## `irq31_set` Interrupt 31 trigger area. A 32-bit write to the IRQ31\_SET memory @@ -114,15 +108,14 @@ area will trigger interrupt 31. Triggering an interrupt will cause the CPU to execute the interrupt handler att address 0x10. -The interrupt handler is shared by IRQ30 and IRQ31. Register `x4` can -be inspected to determine the interrupt source. Each interrupt source -is assigned one bit in x4. Triggered interrupts have their bit set to -`1`. +The interrupt handler is shared by all PicoRV32 interrupts but only +interrupt 31 is enabled on the Tkey. Register `x4` can be inspected to +determine the interrupt source. Each interrupt source is assigned one +bit in x4. Triggered interrupts have their bit set to `1`. | *Interrupt Name* | *Source* | *x4 Bit* | |------------------|------------|----------| -| IRQ_SYSCALL_LO | IRQ30\_SET | 30 | -| IRQ_SYSCALL_HI | IRQ31\_SET | 31 | +| IRQ_SYSCALL | IRQ31\_SET | 31 | The return address is located in register `x3`. Calling the PicoRV32 specific instruction `retirq` exits the interrupt handler and clears @@ -142,9 +135,8 @@ mode: | *Execution Mode* | *ROM* | *FW RAM* | *SPI* | |---------------------|--------|----------|-------| | Firmware mode | r/x | r/w | r/w | -| App mode | r | i | i | -| IRQ_SYSCALL_LO | r/x | i | i | -| IRQ_SYSCALL_HI | r/x | r/w | r/w | +| IRQ_SYSCALL | r/x | r/w | r/w | +| Application mode | r | i | i | Legend: r = readable diff --git a/hw/application_fpga/core/tk1/rtl/tk1.v b/hw/application_fpga/core/tk1/rtl/tk1.v index 2d1cd80..cd710b1 100644 --- a/hw/application_fpga/core/tk1/rtl/tk1.v +++ b/hw/application_fpga/core/tk1/rtl/tk1.v @@ -46,7 +46,6 @@ module tk1 #( output wire gpio4, input wire access_level_hi, - input wire access_level_med, output wire fw_ram_en, @@ -204,7 +203,7 @@ module tk1 #( assign system_reset = system_reset_reg; - assign rom_exec_en = !system_mode | access_level_med | access_level_hi; + assign rom_exec_en = !system_mode | access_level_hi; assign fw_ram_en = !system_mode | access_level_hi; assign spi_access_en = !system_mode | access_level_hi; diff --git a/hw/application_fpga/rtl/application_fpga.v b/hw/application_fpga/rtl/application_fpga.v index c62ae7e..c1eb269 100644 --- a/hw/application_fpga/rtl/application_fpga.v +++ b/hw/application_fpga/rtl/application_fpga.v @@ -57,14 +57,12 @@ module application_fpga ( localparam UART_PREFIX = 6'h03; localparam TOUCH_SENSE_PREFIX = 6'h04; localparam FW_RAM_PREFIX = 6'h10; - localparam IRQ30_PREFIX = 6'h20; localparam IRQ31_PREFIX = 6'h21; localparam TK1_PREFIX = 6'h3f; // Instruction used to cause a trap. localparam ILLEGAL_INSTRUCTION = 32'h0; - localparam IRQ30_IRQ_MASK = 2 ** 30; localparam IRQ31_IRQ_MASK = 2 ** 31; //---------------------------------------------------------------- @@ -146,10 +144,6 @@ module application_fpga ( wire [31 : 0] touch_sense_read_data; wire touch_sense_ready; - reg irq30_cs; - reg irq30_we; - reg irq30_eoi; - reg irq31_cs; reg irq31_we; reg irq31_eoi; @@ -190,8 +184,8 @@ module application_fpga ( .ENABLE_IRQ (1), .ENABLE_IRQ_QREGS(0), .ENABLE_IRQ_TIMER(0), - .MASKED_IRQ (~(IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)), - .LATCHED_IRQ (IRQ31_IRQ_MASK | IRQ30_IRQ_MASK) + .MASKED_IRQ (~IRQ31_IRQ_MASK), + .LATCHED_IRQ (IRQ31_IRQ_MASK) ) cpu ( .clk(clk), .resetn(reset_n), @@ -374,8 +368,7 @@ module application_fpga ( .gpio3(app_gpio3), .gpio4(app_gpio4), - .access_level_hi (irq31_eoi), - .access_level_med(irq30_eoi), + .access_level_hi(irq31_eoi), .fw_ram_en(fw_ram_en), @@ -411,14 +404,11 @@ module application_fpga ( //---------------------------------------------------------------- always @* begin : irq_ctrl reg irq31_set; - reg irq30_set; irq31_set = irq31_cs & irq31_we; - irq30_set = irq30_cs & irq30_we; - cpu_irq = {irq31_set, irq30_set, 30'h0}; + cpu_irq = {irq31_set, 31'h0}; irq31_eoi = cpu_eoi[31]; - irq30_eoi = cpu_eoi[30]; end @@ -471,9 +461,6 @@ module application_fpga ( touch_sense_we = |cpu_wstrb; touch_sense_address = cpu_addr[9 : 2]; - irq30_cs = 1'h0; - irq30_we = |cpu_wstrb; - irq31_cs = 1'h0; irq31_we = |cpu_wstrb; @@ -549,11 +536,6 @@ module application_fpga ( muxed_ready_new = fw_ram_ready; end - IRQ30_PREFIX: begin - irq30_cs = 1'h1; - muxed_ready_new = 1'h1; - end - IRQ31_PREFIX: begin irq31_cs = 1'h1; muxed_ready_new = 1'h1; diff --git a/hw/application_fpga/tb/application_fpga_sim.v b/hw/application_fpga/tb/application_fpga_sim.v index bcf072a..5a21ac7 100644 --- a/hw/application_fpga/tb/application_fpga_sim.v +++ b/hw/application_fpga/tb/application_fpga_sim.v @@ -70,14 +70,12 @@ module application_fpga_sim ( localparam UART_PREFIX = 6'h03; localparam TOUCH_SENSE_PREFIX = 6'h04; localparam FW_RAM_PREFIX = 6'h10; - localparam IRQ30_PREFIX = 6'h20; localparam IRQ31_PREFIX = 6'h21; localparam TK1_PREFIX = 6'h3f; // Instruction used to cause a trap. localparam ILLEGAL_INSTRUCTION = 32'h0; - localparam IRQ30_IRQ_MASK = 2 ** 30; localparam IRQ31_IRQ_MASK = 2 ** 31; //---------------------------------------------------------------- @@ -158,10 +156,6 @@ module application_fpga_sim ( wire [31 : 0] touch_sense_read_data; wire touch_sense_ready; - reg irq30_cs; - reg irq30_we; - reg irq30_eoi; - reg irq31_cs; reg irq31_we; reg irq31_eoi; @@ -201,8 +195,8 @@ module application_fpga_sim ( .ENABLE_IRQ (1), .ENABLE_IRQ_QREGS(0), .ENABLE_IRQ_TIMER(0), - .MASKED_IRQ (~(IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)), - .LATCHED_IRQ (IRQ31_IRQ_MASK | IRQ30_IRQ_MASK) + .MASKED_IRQ (~IRQ31_IRQ_MASK), + .LATCHED_IRQ (IRQ31_IRQ_MASK) ) cpu ( .clk(clk), .resetn(reset_n), @@ -386,8 +380,7 @@ module application_fpga_sim ( .gpio3(app_gpio3), .gpio4(app_gpio4), - .access_level_hi (irq31_eoi), - .access_level_med(irq30_eoi), + .access_level_hi(irq31_eoi), .fw_ram_en(fw_ram_en), @@ -422,14 +415,11 @@ module application_fpga_sim ( //---------------------------------------------------------------- always @* begin : irq_ctrl reg irq31_set; - reg irq30_set; irq31_set = irq31_cs & irq31_we; - irq30_set = irq30_cs & irq30_we; - cpu_irq = {irq31_set, irq30_set, 30'h0}; + cpu_irq = {irq31_set, 31'h0}; irq31_eoi = cpu_eoi[31]; - irq30_eoi = cpu_eoi[30]; end @@ -484,9 +474,6 @@ module application_fpga_sim ( touch_sense_we = |cpu_wstrb; touch_sense_address = cpu_addr[9 : 2]; - irq30_cs = 1'h0; - irq30_we = |cpu_wstrb; - irq31_cs = 1'h0; irq31_we = |cpu_wstrb; @@ -582,13 +569,6 @@ module application_fpga_sim ( muxed_ready_new = fw_ram_ready; end - IRQ30_PREFIX: begin - `verbose($display("Access to blake2s interrupt trigger");) - ascii_state = "Blake2s IRQ trigger"; - irq30_cs = 1'h1; - muxed_ready_new = 1'h1; - end - IRQ31_PREFIX: begin `verbose($display("Access to syscall interrupt trigger");) ascii_state = "Syscall IRQ trigger";