- Revise firmware implementation notes
- Document how to do fw syscalls
- Document how to trigger a syscall function in the firmware, how to
pass arguments, what the caller is responsible for and what is
returned.
- Describe hardware syscall implementation
- how the syscall interrupts are triggered,
- the hardware privilege escalation,
- the UDS protection.
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
Introduce new syscall TK1_SYSCALL_GET_VIDPID to get Vendor ID and
Product ID from the protected Unique Device Identification number.
UDI is protected from device apps to protect the serial number, so
apps won't know the exact TKey they are running on other than the CDI.
It may, however, be important to know what *kind* of TKey they are
running on, so we want to expose the Vendor ID and Product ID.
- fpga: Allow UDI to be read when doing syscalls.
- Add the new syscall to firmware.
- Add test to testapp directly after negative test of reading UDI to
read out VID/PID through a syscall.
Fixing tests that broke when adding interrupt based syscalls
- Removing the blake2s test since the blake2s registers are removed.
- Instead of writing to ADDR_SYSTEM_MODE_CTRL, app mode is now entered
automatically when executing outside of ROM.
- The SPI loop-back test need to clean up after the previous test. We
reset the memory bus to a known idle state. We also reset the DUT to
make the SPI master visible.
Only allow executing from ROM when in one of the following execution
contexts:
- Firmware mode
- Syscall
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Since the introduction of the syscall mechanism we don't allow
execution in ROM anymore so it's impossible to call the firmware's
blake2s() function.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Instead of manually switching to app mode using the APP_MODE register,
app mode will be enabled when the CPU fetches an instruction outside of
firmware ROM.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Add syscall interrupt to be used for syscalls. The interrupt is
triggered by writing to an address in the 0xe1000000-0xe1ffffff
The PicoRV32 core is configured to use its minimal, non RISCV-standard,
interrupt implementation.
- Move copying of TKEYCTRL data from UartRxBuf to TkeyCtrlRxBuf to align
with previous code.
- Remove obsolete UartRxBufOverflow variable.
- Add missing Endpoint4 handling for USB bus reset.
- Fix more robust uart_byte_count() calculation.
- Fix baudrate fast mode calculation to get rid of compiler warning.
- Fix assignment of bUD_PD_DIS to UDEV_CTRL.
- Cleanup comments.
In order to be able to leave data for firmware signalling the
intention with a reset or to leave data for the next app in a chain of
apps, we introduce a part of FW_RAM that can be used to store this
data. In order to do this, we:
- Change size of ROM from 6 KB to 8 KB.
- Change size of FW_RAM, from 2 KB to 4 KB.
- Add RESETINFO memory partition inside FW_RAM.
- Add generation of map file.
- Change CFLAGS from using -O2 to using -Os.
- Update address ranges for valid access to ROM and FW_RAM.
- Move stack to be located before data+bss and the RESETINFO data
above them. This also means we introduce hardware stack overflow
protection through the Security Monitor.
- Revise firmware README to the new use of FW_RAM.
For ages we have had a comment saying:
For Verilator 5.019 -Wno-GENUNNAMED needs to be added to LINT_FLAGS for the
cell library.
With the new tkey-builder we have 5.028, so it's time to apply this flag.
Fix CDC configuration problem on Windows when we have a composite
device (multiple different Device Classes). Add "Interface Association
Descriptor" to make it work.
Fix off-by-one UART bitrate counter value that will make the RX
sampling and TX sending drift. The impact gets higher as the baudrate
increases and the bitrate counter value gets smaller.
Reconfigure the baudrate to keep 500 kbaud.
Correct a forgotten test in testfw that wasn't updated the last time
frequency was raised in commit
75b028505f0d6dc685d37b84d73ddb9db5ee7ea2 in June 17, 2024.
- Use CTS signals to let the FPGA and CH552 signal each other that
it is OK send UART data.
- Update the CH552 rx and frame handling logic.
- Fix minor spelling errors and indentation
Add incoming and outgoing CTS (Clear To Send) signals for the FPGA to
let the CH552 and FPGA signal each other that it is OK to send UART
data. The CTS signals indicate "OK to send" if high. If an incoming
CTS signal goes low, the receiver of that signal should immediatly
stop sending UART data.
Throwing away mode and length from incoming data. Adding mode and
length to outgoing data.
Splitting responses into frames small enough for the USB<->UART
transceiver to handle.
- Add USB HID support.
- Introduce a small protocol to distinguish between CDC and HID data
sent over the UART.
- Add some debug printing.
- Cleanup of code and formatting.
- Extend hardware checks for invalid memory accesses to include
checking more address space.
- In fw include file: fix two typos for memory ranges that relates to
above that fortunately have no impact on functionality.
synth.json shouldn't depend on uds.hex and udi.hex because that
triggers a complete rebuild of the bitstream if the UDI or UDS are
changed.
Instead, we want only the application_fpga.asc to depend on them, so
we can patch in the UDS and UDI with tools/patch_uds_udi.py in an
existing application_fpga_par.json.
