- Revise firmware implementation notes
- Document how to do fw syscalls
- Document how to trigger a syscall function in the firmware, how to
pass arguments, what the caller is responsible for and what is
returned.
- Describe hardware syscall implementation
- how the syscall interrupts are triggered,
- the hardware privilege escalation,
- the UDS protection.
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
Introduce new syscall TK1_SYSCALL_GET_VIDPID to get Vendor ID and
Product ID from the protected Unique Device Identification number.
UDI is protected from device apps to protect the serial number, so
apps won't know the exact TKey they are running on other than the CDI.
It may, however, be important to know what *kind* of TKey they are
running on, so we want to expose the Vendor ID and Product ID.
- fpga: Allow UDI to be read when doing syscalls.
- Add the new syscall to firmware.
- Add test to testapp directly after negative test of reading UDI to
read out VID/PID through a syscall.
Fixing tests that broke when adding interrupt based syscalls
- Removing the blake2s test since the blake2s registers are removed.
- Instead of writing to ADDR_SYSTEM_MODE_CTRL, app mode is now entered
automatically when executing outside of ROM.
- The SPI loop-back test need to clean up after the previous test. We
reset the memory bus to a known idle state. We also reset the DUT to
make the SPI master visible.
Only allow executing from ROM when in one of the following execution
contexts:
- Firmware mode
- Syscall
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Since the introduction of the syscall mechanism we don't allow
execution in ROM anymore so it's impossible to call the firmware's
blake2s() function.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Instead of manually switching to app mode using the APP_MODE register,
app mode will be enabled when the CPU fetches an instruction outside of
firmware ROM.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Add syscall interrupt to be used for syscalls. The interrupt is
triggered by writing to an address in the 0xe1000000-0xe1ffffff
The PicoRV32 core is configured to use its minimal, non RISCV-standard,
interrupt implementation.
- Move copying of TKEYCTRL data from UartRxBuf to TkeyCtrlRxBuf to align
with previous code.
- Remove obsolete UartRxBufOverflow variable.
- Add missing Endpoint4 handling for USB bus reset.
- Fix more robust uart_byte_count() calculation.
- Fix baudrate fast mode calculation to get rid of compiler warning.
- Fix assignment of bUD_PD_DIS to UDEV_CTRL.
- Cleanup comments.
In order to be able to leave data for firmware signalling the
intention with a reset or to leave data for the next app in a chain of
apps, we introduce a part of FW_RAM that can be used to store this
data. In order to do this, we:
- Change size of ROM from 6 KB to 8 KB.
- Change size of FW_RAM, from 2 KB to 4 KB.
- Add RESETINFO memory partition inside FW_RAM.
- Add generation of map file.
- Change CFLAGS from using -O2 to using -Os.
- Update address ranges for valid access to ROM and FW_RAM.
- Move stack to be located before data+bss and the RESETINFO data
above them. This also means we introduce hardware stack overflow
protection through the Security Monitor.
- Revise firmware README to the new use of FW_RAM.
- Make it even clearer that legacy device apps WILL NOT WORK.
- Add helpful links to the CH55x Reset Controller, both where to buy
one and source repo.
For ages we have had a comment saying:
For Verilator 5.019 -Wno-GENUNNAMED needs to be added to LINT_FLAGS for the
cell library.
With the new tkey-builder we have 5.028, so it's time to apply this flag.
Instead of repeated RUNs in Dockerfile, move the entire build of
specific tools to a script.
- Make commands more shell script-like.
- icestorm: Make sure we checkout the right commit.
- Add checks for the right digest for all git clones, so no history
has been changed.
- Add digest file and check for the downloaded tarball.
Fix CDC configuration problem on Windows when we have a composite
device (multiple different Device Classes). Add "Interface Association
Descriptor" to make it work.
Fix off-by-one UART bitrate counter value that will make the RX
sampling and TX sending drift. The impact gets higher as the baudrate
increases and the bitrate counter value gets smaller.
Reconfigure the baudrate to keep 500 kbaud.
Correct a forgotten test in testfw that wasn't updated the last time
frequency was raised in commit
75b028505f0d6dc685d37b84d73ddb9db5ee7ea2 in June 17, 2024.
- Use CTS signals to let the FPGA and CH552 signal each other that
it is OK send UART data.
- Update the CH552 rx and frame handling logic.
- Fix minor spelling errors and indentation
