This is an import of the fw-2 tag of tkey-libs.
We import the entire tkey-libs repo minus dot files into the
tillitis-key1 repo to make it very simple not to make mistakes
regarding which firmware tag depends on which tkey-libs tag,
especially considering locking down with NVCM.
Please see README for information about developing with another
tkey-libs or how to import future tkey-libs.
Since tkey-libs is now a part of the repo we also add tkey-libs to the
clean_fw target.
From now on the canonical home of the tk1_mem.h header file describing
the memory map of the TKey lives in tkey-libs:
https://github.com/tillitis/tkey-libs
Build firmware, testfw and testapp using tkey-libs:
https://github.com/tillitis/tkey-libs
In an effort not to have more or less identical code maintained in two
places, use tkey-libs when developing firmware, testfw and the
firmware testapp, too.
You can place the Git directory directly under hw/application_fpga
and then an ordinary make should work.
Or build with:
make LIBDIR=/path/to/tkey-libs
Co-authored-by: Mikael Ågren <agren@tillitis.se>
- Revise firmware implementation notes
- Document how to do fw syscalls
- Document how to trigger a syscall function in the firmware, how to
pass arguments, what the caller is responsible for and what is
returned.
- Describe hardware syscall implementation
- how the syscall interrupts are triggered,
- the hardware privilege escalation,
- the UDS protection.
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
Introduce new syscall TK1_SYSCALL_GET_VIDPID to get Vendor ID and
Product ID from the protected Unique Device Identification number.
UDI is protected from device apps to protect the serial number, so
apps won't know the exact TKey they are running on other than the CDI.
It may, however, be important to know what *kind* of TKey they are
running on, so we want to expose the Vendor ID and Product ID.
- fpga: Allow UDI to be read when doing syscalls.
- Add the new syscall to firmware.
- Add test to testapp directly after negative test of reading UDI to
read out VID/PID through a syscall.
Fixing tests that broke when adding interrupt based syscalls
- Removing the blake2s test since the blake2s registers are removed.
- Instead of writing to ADDR_SYSTEM_MODE_CTRL, app mode is now entered
automatically when executing outside of ROM.
- The SPI loop-back test need to clean up after the previous test. We
reset the memory bus to a known idle state. We also reset the DUT to
make the SPI master visible.
Only allow executing from ROM when in one of the following execution
contexts:
- Firmware mode
- Syscall
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Since the introduction of the syscall mechanism we don't allow
execution in ROM anymore so it's impossible to call the firmware's
blake2s() function.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Instead of manually switching to app mode using the APP_MODE register,
app mode will be enabled when the CPU fetches an instruction outside of
firmware ROM.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Add syscall interrupt to be used for syscalls. The interrupt is
triggered by writing to an address in the 0xe1000000-0xe1ffffff
The PicoRV32 core is configured to use its minimal, non RISCV-standard,
interrupt implementation.
- Move copying of TKEYCTRL data from UartRxBuf to TkeyCtrlRxBuf to align
with previous code.
- Remove obsolete UartRxBufOverflow variable.
- Add missing Endpoint4 handling for USB bus reset.
- Fix more robust uart_byte_count() calculation.
- Fix baudrate fast mode calculation to get rid of compiler warning.
- Fix assignment of bUD_PD_DIS to UDEV_CTRL.
- Cleanup comments.
In order to be able to leave data for firmware signalling the
intention with a reset or to leave data for the next app in a chain of
apps, we introduce a part of FW_RAM that can be used to store this
data. In order to do this, we:
- Change size of ROM from 6 KB to 8 KB.
- Change size of FW_RAM, from 2 KB to 4 KB.
- Add RESETINFO memory partition inside FW_RAM.
- Add generation of map file.
- Change CFLAGS from using -O2 to using -Os.
- Update address ranges for valid access to ROM and FW_RAM.
- Move stack to be located before data+bss and the RESETINFO data
above them. This also means we introduce hardware stack overflow
protection through the Security Monitor.
- Revise firmware README to the new use of FW_RAM.
- Make it even clearer that legacy device apps WILL NOT WORK.
- Add helpful links to the CH55x Reset Controller, both where to buy
one and source repo.
For ages we have had a comment saying:
For Verilator 5.019 -Wno-GENUNNAMED needs to be added to LINT_FLAGS for the
cell library.
With the new tkey-builder we have 5.028, so it's time to apply this flag.
Instead of repeated RUNs in Dockerfile, move the entire build of
specific tools to a script.
- Make commands more shell script-like.
- icestorm: Make sure we checkout the right commit.
- Add checks for the right digest for all git clones, so no history
has been changed.
- Add digest file and check for the downloaded tarball.
