Introduce syscalls:
- TK1_SYSCALL_PRELOAD_STORE
- TK1_SYSCALL_PRELOAD_STORE_FIN
- TK1_SYSCALL_PRELOAD_DELETE
- TK1_SYSCALL_REG_MGMT = 11
Change preload_store_finalize() not to take USS arg. Unused for
preloaded apps.
Decide where to start from with data from resetinfo part of FW_RAM.
Co-authored-by: Jonas Thörnblad <jonas@tillitis.se>
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Based on earlier code by Daniel Jobson <jobson@tillitis.se> now
integrated into the new world order.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Adds syscalls:
- ALLOCATE_AREA
- DEALLOCATE_AREA
- WRITE_DATA
- READ_DATA
and code to access the filesystem and the flash over SPI.
Based on original work by Daniel Jobson <jobson@tillitis.see> for
these files:
- auth_app.[ch]
- flash.[ch]
- spi.[ch]
- partition_table.[ch]
- rng.[ch]
- storage.[ch]
which are used with small changes to integrate with the new syscall
method.
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
The CH552 firmware has an added functionality to control the USB
controller dynamically, turning on and off endpoints with a small
protocol.
Since most of the documentation for the already lives in the ordinary
firmware README, add this documentation there, too.
- Make it possible to enable and disable endpoints on demand
- Add internal FPGA<->CH552 communication channel (IO_CH552)
- Reorder IO endpoint numbering
- Rename endpoint from TKEYCTRL to DEBUG and update related variables
- Rename endpoint from HID to FIDO and update related variables
From now on the canonical home of the tk1_mem.h header file describing
the memory map of the TKey lives in tkey-libs:
https://github.com/tillitis/tkey-libs
Build firmware, testfw and testapp using tkey-libs:
https://github.com/tillitis/tkey-libs
In an effort not to have more or less identical code maintained in two
places, use tkey-libs when developing firmware, testfw and the
firmware testapp, too.
You can place the Git directory directly under hw/application_fpga
and then an ordinary make should work.
Or build with:
make LIBDIR=/path/to/tkey-libs
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
- Revise firmware implementation notes
- Document how to do fw syscalls
- Document how to trigger a syscall function in the firmware, how to
pass arguments, what the caller is responsible for and what is
returned.
- Describe hardware syscall implementation
- how the syscall interrupts are triggered,
- the hardware privilege escalation,
- the UDS protection.
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
Introduce new syscall TK1_SYSCALL_GET_VIDPID to get Vendor ID and
Product ID from the protected Unique Device Identification number.
UDI is protected from device apps to protect the serial number, so
apps won't know the exact TKey they are running on other than the CDI.
It may, however, be important to know what *kind* of TKey they are
running on, so we want to expose the Vendor ID and Product ID.
- fpga: Allow UDI to be read when doing syscalls.
- Add the new syscall to firmware.
- Add test to testapp directly after negative test of reading UDI to
read out VID/PID through a syscall.
Since the introduction of the syscall mechanism we don't allow
execution in ROM anymore so it's impossible to call the firmware's
blake2s() function.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
In order to be able to leave data for firmware signalling the
intention with a reset or to leave data for the next app in a chain of
apps, we introduce a part of FW_RAM that can be used to store this
data. In order to do this, we:
- Change size of ROM from 6 KB to 8 KB.
- Change size of FW_RAM, from 2 KB to 4 KB.
- Add RESETINFO memory partition inside FW_RAM.
- Add generation of map file.
- Change CFLAGS from using -O2 to using -Os.
- Update address ranges for valid access to ROM and FW_RAM.
- Move stack to be located before data+bss and the RESETINFO data
above them. This also means we introduce hardware stack overflow
protection through the Security Monitor.
- Revise firmware README to the new use of FW_RAM.
Reconfigure the baudrate to keep 500 kbaud.
Correct a forgotten test in testfw that wasn't updated the last time
frequency was raised in commit
75b028505f0d6dc685d37b84d73ddb9db5ee7ea2 in June 17, 2024.
Throwing away mode and length from incoming data. Adding mode and
length to outgoing data.
Splitting responses into frames small enough for the USB<->UART
transceiver to handle.
- Extend hardware checks for invalid memory accesses to include
checking more address space.
- In fw include file: fix two typos for memory ranges that relates to
above that fortunately have no impact on functionality.
This removes the possibility to configure the bit rate, data bits and
stop bits at runtime from the API. This reduces the
usage of LCs with ~4%.
It is still possible to configure the core before building.
Update digest of application_fpga.bin.sha256
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
mix of `switch_app_*` and `fw_app_mode`.
- Remove the define `NOCONSOLE`, add define `QEMU_CONSOLE`
- Inverse the use of it, add the define to have QEMU debug output in fw.
- Add a make target `qemu_firmware.elf` which builds the firmware with
QEMU console enabled.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
