PoC: Remove low privilege syscall

2025-03-12 10:06:47 -04:00 · 2024-12-16 13:00:54 +01:00 · 2024-12-16 13:00:54 +01:00 · eacfd6eddc
commit eacfd6eddc
parent beb325b683
4 changed files with 16 additions and 63 deletions
--- a/hw/application_fpga/README.md
+++ b/hw/application_fpga/README.md
@ -35,7 +35,6 @@ Rough memory map:
 | UART       | 0xc3     |
 | Touch      | 0xc4     |
 | FW\_RAM    | 0xd0     |
-| IRQ30\_SET | 0xe0     |
 | IRQ31\_SET | 0xe1     |
 | TK1        | 0xff     |

@ -99,11 +98,6 @@ hours, days) there is also a 32 bit prescaler.

 The timer is available to use by firmware and applications.

-## `irq30_set`
-
-Interrupt 30 trigger area. A 32-bit write to the IRQ30\_SET memory
-area will trigger interrupt 30.
-
 ## `irq31_set`

 Interrupt 31 trigger area. A 32-bit write to the IRQ31\_SET memory
@ -114,15 +108,14 @@ area will trigger interrupt 31.
 Triggering an interrupt will cause the CPU to execute the interrupt
 handler att address 0x10.

-The interrupt handler is shared by IRQ30 and IRQ31. Register `x4` can
-be inspected to determine the interrupt source. Each interrupt source
-is assigned one bit in x4. Triggered interrupts have their bit set to
-`1`.
+The interrupt handler is shared by all PicoRV32 interrupts but only
+interrupt 31 is enabled on the Tkey. Register `x4` can be inspected to
+determine the interrupt source. Each interrupt source is assigned one
+bit in x4. Triggered interrupts have their bit set to `1`.

 | *Interrupt Name* | *Source*   | *x4 Bit* |
 |------------------|------------|----------|
-| IRQ_SYSCALL_LO   | IRQ30\_SET | 30       |
-| IRQ_SYSCALL_HI   | IRQ31\_SET | 31       |
+| IRQ_SYSCALL      | IRQ31\_SET | 31       |

 The return address is located in register `x3`. Calling the PicoRV32
 specific instruction `retirq` exits the interrupt handler and clears
@ -142,9 +135,8 @@ mode:
 | *Execution Mode*    | *ROM*  | *FW RAM* | *SPI* |
 |---------------------|--------|----------|-------|
 | Firmware mode       | r/x    | r/w      | r/w   |
-| App mode            | r      | i        | i     |
-| IRQ_SYSCALL_LO      | r/x    | i        | i     |
-| IRQ_SYSCALL_HI      | r/x    | r/w      | r/w   |
+| IRQ_SYSCALL         | r/x    | r/w      | r/w   |
+| Application mode    | r      | i        | i     |

 Legend:
 r = readable
--- a/hw/application_fpga/core/tk1/rtl/tk1.v
+++ b/hw/application_fpga/core/tk1/rtl/tk1.v
@ -46,7 +46,6 @@ module tk1 #(
    output wire gpio4,

    input wire access_level_hi,
-    input wire access_level_med,

    output wire fw_ram_en,

@ -204,7 +203,7 @@ module tk1 #(

  assign system_reset  = system_reset_reg;

-  assign rom_exec_en   = !system_mode | access_level_med | access_level_hi;
+  assign rom_exec_en   = !system_mode | access_level_hi;
  assign fw_ram_en     = !system_mode | access_level_hi;
  assign spi_access_en = !system_mode | access_level_hi;

--- a/hw/application_fpga/rtl/application_fpga.v
+++ b/hw/application_fpga/rtl/application_fpga.v
@ -57,14 +57,12 @@ module application_fpga (
  localparam UART_PREFIX = 6'h03;
  localparam TOUCH_SENSE_PREFIX = 6'h04;
  localparam FW_RAM_PREFIX = 6'h10;
-  localparam IRQ30_PREFIX = 6'h20;
  localparam IRQ31_PREFIX = 6'h21;
  localparam TK1_PREFIX = 6'h3f;

  // Instruction used to cause a trap.
  localparam ILLEGAL_INSTRUCTION = 32'h0;

-  localparam IRQ30_IRQ_MASK = 2 ** 30;
  localparam IRQ31_IRQ_MASK = 2 ** 31;

  //----------------------------------------------------------------
@ -146,10 +144,6 @@ module application_fpga (
  wire [31 : 0] touch_sense_read_data;
  wire          touch_sense_ready;

-  reg           irq30_cs;
-  reg           irq30_we;
-  reg           irq30_eoi;
-
  reg           irq31_cs;
  reg           irq31_we;
  reg           irq31_eoi;
@ -190,8 +184,8 @@ module application_fpga (
      .ENABLE_IRQ      (1),
      .ENABLE_IRQ_QREGS(0),
      .ENABLE_IRQ_TIMER(0),
-      .MASKED_IRQ      (~(IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)),
-      .LATCHED_IRQ     (IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)
+      .MASKED_IRQ      (~IRQ31_IRQ_MASK),
+      .LATCHED_IRQ     (IRQ31_IRQ_MASK)
  ) cpu (
      .clk(clk),
      .resetn(reset_n),
@ -374,8 +368,7 @@ module application_fpga (
      .gpio3(app_gpio3),
      .gpio4(app_gpio4),

-      .access_level_hi (irq31_eoi),
-      .access_level_med(irq30_eoi),
+      .access_level_hi(irq31_eoi),

      .fw_ram_en(fw_ram_en),

@ -411,14 +404,11 @@ module application_fpga (
  //----------------------------------------------------------------
  always @* begin : irq_ctrl
    reg irq31_set;
-    reg irq30_set;

    irq31_set = irq31_cs & irq31_we;
-    irq30_set = irq30_cs & irq30_we;
-    cpu_irq   = {irq31_set, irq30_set, 30'h0};
+    cpu_irq   = {irq31_set, 31'h0};

    irq31_eoi = cpu_eoi[31];
-    irq30_eoi = cpu_eoi[30];
  end


@ -471,9 +461,6 @@ module application_fpga (
    touch_sense_we      = |cpu_wstrb;
    touch_sense_address = cpu_addr[9 : 2];

-    irq30_cs            = 1'h0;
-    irq30_we            = |cpu_wstrb;
-
    irq31_cs            = 1'h0;
    irq31_we            = |cpu_wstrb;

@ -549,11 +536,6 @@ module application_fpga (
                muxed_ready_new = fw_ram_ready;
              end

-              IRQ30_PREFIX: begin
-                irq30_cs        = 1'h1;
-                muxed_ready_new = 1'h1;
-              end
-
              IRQ31_PREFIX: begin
                irq31_cs        = 1'h1;
                muxed_ready_new = 1'h1;
--- a/hw/application_fpga/tb/application_fpga_sim.v
+++ b/hw/application_fpga/tb/application_fpga_sim.v
@ -70,14 +70,12 @@ module application_fpga_sim (
  localparam UART_PREFIX = 6'h03;
  localparam TOUCH_SENSE_PREFIX = 6'h04;
  localparam FW_RAM_PREFIX = 6'h10;
-  localparam IRQ30_PREFIX = 6'h20;
  localparam IRQ31_PREFIX = 6'h21;
  localparam TK1_PREFIX = 6'h3f;

  // Instruction used to cause a trap.
  localparam ILLEGAL_INSTRUCTION = 32'h0;

-  localparam IRQ30_IRQ_MASK = 2 ** 30;
  localparam IRQ31_IRQ_MASK = 2 ** 31;

  //----------------------------------------------------------------
@ -158,10 +156,6 @@ module application_fpga_sim (
  wire [31 : 0] touch_sense_read_data;
  wire          touch_sense_ready;

-  reg           irq30_cs;
-  reg           irq30_we;
-  reg           irq30_eoi;
-
  reg           irq31_cs;
  reg           irq31_we;
  reg           irq31_eoi;
@ -201,8 +195,8 @@ module application_fpga_sim (
      .ENABLE_IRQ      (1),
      .ENABLE_IRQ_QREGS(0),
      .ENABLE_IRQ_TIMER(0),
-      .MASKED_IRQ      (~(IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)),
-      .LATCHED_IRQ     (IRQ31_IRQ_MASK | IRQ30_IRQ_MASK)
+      .MASKED_IRQ      (~IRQ31_IRQ_MASK),
+      .LATCHED_IRQ     (IRQ31_IRQ_MASK)
  ) cpu (
      .clk(clk),
      .resetn(reset_n),
@ -386,8 +380,7 @@ module application_fpga_sim (
      .gpio3(app_gpio3),
      .gpio4(app_gpio4),

-      .access_level_hi (irq31_eoi),
-      .access_level_med(irq30_eoi),
+      .access_level_hi(irq31_eoi),

      .fw_ram_en(fw_ram_en),

@ -422,14 +415,11 @@ module application_fpga_sim (
  //----------------------------------------------------------------
  always @* begin : irq_ctrl
    reg irq31_set;
-    reg irq30_set;

    irq31_set = irq31_cs & irq31_we;
-    irq30_set = irq30_cs & irq30_we;
-    cpu_irq   = {irq31_set, irq30_set, 30'h0};
+    cpu_irq   = {irq31_set, 31'h0};

    irq31_eoi = cpu_eoi[31];
-    irq30_eoi = cpu_eoi[30];
  end


@ -484,9 +474,6 @@ module application_fpga_sim (
    touch_sense_we      = |cpu_wstrb;
    touch_sense_address = cpu_addr[9 : 2];

-    irq30_cs            = 1'h0;
-    irq30_we            = |cpu_wstrb;
-
    irq31_cs            = 1'h0;
    irq31_we            = |cpu_wstrb;

@ -582,13 +569,6 @@ module application_fpga_sim (
                muxed_ready_new = fw_ram_ready;
              end

-              IRQ30_PREFIX: begin
-                `verbose($display("Access to blake2s interrupt trigger");)
-                ascii_state     = "Blake2s IRQ trigger";
-                irq30_cs        = 1'h1;
-                muxed_ready_new = 1'h1;
-              end
-
              IRQ31_PREFIX: begin
                `verbose($display("Access to syscall interrupt trigger");)
                ascii_state     = "Syscall IRQ trigger";