Commit Graph

470 Commits

Author SHA1 Message Date
Joachim Strömbergson
bd45d3b0dd
Move reset control and status into the tk1 core
The tk1 core is now able to handle external and internal reset
request, trigger a system and store reset status that persists
the reset. The reset status is exposed to SW as bits 17..16 in the
FW_APP register. The fw_app status is now bound to bit 0.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:14:10 +02:00
Joachim Strömbergson
16eba3b8dd
Trigger the original reset loop logic when host requests a reset
Add comments to explain function and clean up heade, footer

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:14:10 +02:00
Joachim Strömbergson
d6e0d90dfd
First attempt at supporting host based reset
The feature enables the interface_rts signal from the CH552 MCU in
constraints as well as inte FPGA interface. The signal is routed into
the clk_reset_gen block where it is sampled. If the sampled signal is
set, a system reset is triggered

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:14:10 +02:00
Joachim Strömbergson
f655196af7
Clarify the functional description of the touch_sense core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:03:08 +02:00
dehanj
a5e30f1203
CI: Divide into separate jobs.
- Gives a better overview of CI and the different checks, without going
  into the logs too deeply.
- Cache: use a unique key for each run, and remove 'restore key' since it
  could potentially retrieve the wrong bitstream. The stragegy should be
  to fail if a cache is not present, not fetch a bitstream from a
  different build.
2024-04-19 12:16:41 +02:00
dehanj
d7b8bb26a9
CI: move check-hash to separate job.
- This makes it easier to see if CI fails on hashes (which might be
  expected during development) or something else.
2024-04-17 12:10:28 +02:00
Michael Cardell Widerkrantz
3cf218469c
hw/tool: UDI/UDS storage
Describe how the UDI and UDS are actually stored in the FPGA, how they
are accessed, and how they are initialled by the patch_uds_udi.py
script.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-04-03 11:27:00 +02:00
dehanj
1c90b1aa3d
Add release notes for TK1-24.03
Clarifying earlier release notes.
2024-03-26 13:34:54 +01:00
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py
Also adding a more detailed explaination of what the script intends to
do
2024-03-26 13:07:11 +01:00
Michael Cardell Widerkrantz
88c6036215
Add mitigations to threat model
Describe under each release what kind of threat mitigations we have
added.
2024-03-25 17:27:00 +01:00
dehanj
0e166e4159
Build tp1 firmware in CI 2024-03-22 11:43:39 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
d10c4972d7
Use tkey-builder:4 2024-03-22 10:54:33 +01:00
Michael Cardell Widerkrantz
da40edfc51
tkey-builder: Include clang-tidy & splint
To be able to run statical analysis on source, include clang-tidy and
splint (see make check) in tkey-builder.
2024-03-21 15:03:08 +01:00
Michael Cardell Widerkrantz
48324fe5b3
tp1 fw: Update pico-sdk to 1.5.1 2024-03-21 14:17:01 +01:00
dehanj
2ff2e9a91d
fw: remove duplicate defines in tk1_mem.h 2024-03-21 10:28:51 +01:00
Michael Cardell Widerkrantz
661a6458c8
fw: Add missing TK1_MMIO_BASE
TK1_MMIO_BASE and _SIZE needed by at least qemu.
2024-03-21 10:09:38 +01:00
dehanj
57a6ee2a12
Use tkey-builder:3 as default when building 2024-03-20 17:19:59 +01:00
dehanj
8ca4241ade
Disable non-zero exit for verilog linter in CI, see issue 182. 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
de668a0244
Clean up code and silence warnings after linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
f364b523cf
Change UDS address to three bits to match input port connection 'addr'
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
bbde62d3f5
Add PINMISSING lint ignore for I1 and I2 SB_LUT4 cells
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:52 +01:00
Joachim Strömbergson
8731908cb1
Support incremental builds for the bitstream.
By patching the UDS and UDI into an already built bitstream, it is now
not necessary to rebuild the entire build flow when changing the UDS
and the UDI. This lowers re-build times significantly.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:45 +01:00
Joachim Strömbergson
29fd8338a7
Update the bitstream hash
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:56 +01:00
Joachim Strömbergson
8784a24b33
Change cpu_monitor to security_monitor and to also check RAM
Change name of cpu_monitor to security_monitor and increase its
functionality to include RAM access violations. If addresses in RAM
but outside of physical RAM is accessed in any way the
security_monitor traps the CPU in the same way as it already did for
execution violations.
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
3fb6d66cf3
Add set-only register for the force_trap signal to ensure
that the device must be reset to get out of trap. This
change also breaks a critical path.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
4c3e210a00
Only set ram_we to cpu_wstrb in RAM_PREFIX
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
e48c0fc7d9
Implement cs0 and cs1 as logic equations, not muxes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Michael Cardell Widerkrantz
0590445f3d
Add testbench targets on top-level
The testbenches live in their own Makefiles under
hw/application_fpga/core/*/toolruns (except picorv32). Let's add a
top-level target to build and run them.

In order to run core testbenches, use

  cd hw/application_fpga
  make tb

or if using Podman:

  cd contrib
  make run-tb

to run the same target in a container.
2024-03-20 13:47:12 +01:00
Joachim Strömbergson
ea9271292c
Add Icarus Verilog compiler, simulator used by testbenches
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 13:47:12 +01:00
dehanj
159b5b052b
Updated readme and docs to point at dev.tillitis.se. 2024-03-19 17:06:34 +01:00
Michael Cardell Widerkrantz
4d4db70590
fw: Change ASLR name in MMIO
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
f40987b138
fw: Change license for use with qemu
This file is also included in at least qemu (GPL-2.0-or-later) besides
tillitis-key1 (GPL-2.0-only) and tkey-libs (GPL-2.0-only) so it's
licensed as GPL v2 or later even if the rest of the project is -only.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
c48724e115
fw: Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 14:36:20 +01:00
dehanj
1e34ddcfa6
Update linter to Verilog-2005 2024-03-19 10:45:37 +01:00
Michael Cardell Widerkrantz
746d7f0e0d
Use pedantic warnings
Use pedantic warnings but still allow inline assembly, so turn off
language-extension-token warnings.
2024-03-19 09:25:37 +01:00
Michael Cardell Widerkrantz
e085d0ebd0
Add void to function signatures meant to be used without args 2024-03-19 08:41:39 +01:00
Michael Cardell Widerkrantz
046343e525
Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 08:40:04 +01:00
Michael Cardell Widerkrantz
e2bd38c540
fw: Remove unusued forever_redflash()
Since we now use assert() and feed the CPU an unimplemented
instruction we have no need for this.
2024-03-18 16:19:59 +01:00
dehanj
9d36acde08
FW: Force the CPU to hang on errors 2024-03-14 15:48:10 +01:00
Michael Cardell Widerkrantz
fcccee8ec8
Tkey-builder: Use Ubuntu-23.10, yosys-0.36 & nextpnr-0.6 2024-03-14 14:22:57 +01:00
dehanj
d83f235fd3
Add injection molded plastic case 2023-12-11 13:48:39 +01:00
dehanj
7019cd9048
remove whitespaces and tabs 2023-12-07 17:16:31 +01:00
dehanj
2014923966
Isolate ringbuffer index, copy inbound usb data to new buffer 2023-12-07 17:15:24 +01:00
dehanj
6d5da25321
Translate + clean up 2023-11-07 10:59:21 +01:00