Commit graph

145 commits

Author SHA1 Message Date
Daniel Jobson
2bd235f477
temp: add define to toggle the use of fw RAM 2024-11-21 09:48:52 +01:00
Daniel Jobson
7a84776c2a
fw: simplify switch to FW_RAM 2024-11-21 09:48:52 +01:00
Daniel Jobson
02f9f9f079
fw: switch to FW RAM when executing a syscall. 2024-11-21 09:48:52 +01:00
Daniel Jobson
c6000e4e2a
storage: add erase command
Add an erase command to let the user have more control over the
allocated area. This will also be more familiar to embedded developers.
As a bonus it minimizes the logic needed in firmware, and in theory we
can now increase the current write limit of one sector.
2024-11-21 09:48:52 +01:00
Daniel Jobson
5ed0df0b8d
Optimize SPI functions, lowering ROM usage by 70 bytes.
- Have only one transfer function, to minimize duplicate code.
- Remove address assignments that does not make a difference.
2024-11-21 09:48:52 +01:00
Daniel Jobson
b7ec4f9467
Implement preload_store 2024-11-21 09:48:51 +01:00
Daniel Jobson
53c63a1c7b
Temporarily override the blake2s trampoline 2024-11-21 09:48:51 +01:00
Daniel Jobson
fd84c69e9b
Wip syscall function.
PoC of how a syscall could look like.
2024-11-21 09:48:51 +01:00
Daniel Jobson
c7e0373793
WIP app storage calls 2024-11-21 09:48:51 +01:00
Daniel Jobson
496c5fb12a
preload_app: only allow mgmt app to store or delete 2024-11-21 09:48:51 +01:00
Daniel Jobson
2541790f21
WIP management app 2024-11-21 09:48:50 +01:00
Daniel Jobson
925962483a
fw: remove address-of operator (&) where it is not needed
- `digest` is an array and hence the address of the first element is
  returned.
- This will keep it more consistent with the rest of the code base.
- Fixed misspelled comment.
2024-11-21 09:48:50 +01:00
Daniel Jobson
c4d738a8d6
fw: use bool as return type for memeq 2024-11-21 09:48:50 +01:00
Daniel Jobson
5da60cba1a
Include authentication of preloaded app 2024-11-21 09:48:50 +01:00
Daniel Jobson
8c0f66282e
fw: break out trng and xorwow to rng.[ch] 2024-11-21 09:48:50 +01:00
Daniel Jobson
5188584fcf
fw: Break out htif functions for qemu to separate files 2024-11-21 09:48:50 +01:00
Daniel Jobson
ece53e044c
temp commit: Expose write functions to make development easier 2024-11-21 09:48:49 +01:00
Daniel Jobson
7f7820b698
Add fw state and fw cmd to trigger a start of a preloaded app 2024-11-21 09:48:49 +01:00
Daniel Jobson
9a1c9635f4
WIP auth app 2024-11-21 09:48:49 +01:00
Daniel Jobson
d859ca0357
WIP preload_app 2024-11-21 09:48:49 +01:00
Daniel Jobson
a0ce957f10
WIP partition table 2024-11-21 09:48:49 +01:00
Daniel Jobson
a873e7c211
Import spi.[ch] and flash.[ch] 2024-11-21 09:48:49 +01:00
Daniel Jobson
c00d5317b3
fw: Create compute_app_digest() function 2024-11-21 09:48:48 +01:00
Daniel Jobson
18ebdae030
Remove types.h in favor of standard libs such as stdint, stddef 2024-11-21 09:48:48 +01:00
Jonas Thörnblad
aea2e319eb
Harmonize the naming of firmware and app mode.
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
  mix of `switch_app_*` and `fw_app_mode`.
2024-11-12 15:13:59 +01:00
Daniel Jobson
f13366538e
fw: Fix erroneous type in frame header 2024-10-09 15:52:00 +02:00
Daniel Jobson
81950ef7b2
fw: remove warning of missing prototypes when building with QEMU console
enabled.
2024-09-19 16:52:04 +02:00
Daniel Jobson
613316f53e
fw: simplify how to enable QEMU debug in firmware.
- Remove the define `NOCONSOLE`, add define `QEMU_CONSOLE`
- Inverse the use of it, add the define to have QEMU debug output in fw.
- Add a make target `qemu_firmware.elf` which builds the firmware with
  QEMU console enabled.

Co-authored-by: Mikael Ågren <mikael@tillitis.se>
2024-09-19 16:51:55 +02:00
Joachim Strömbergson
00599549e3
FPGA: Add system reset API
Add API address to trigger system reset.
      When written to will send system_reset signal
      to the reset generator, which then perform a complete
      reset cycle of the FPGA system.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-20 13:25:22 +02:00
Joachim Strömbergson
53c5e70795
FPGA: Update names for RAM randomization API
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-10 13:45:26 +02:00
Michael Cardell Widerkrantz
f1534e5dad
doc: Update and expand firmware README
- Remove all text about other software than firmware.
- Remove the Reset section.
- Include a diagram and detailed explanation about the state machine
  in close vicinity.
- Describe the test firmware.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-07-01 17:09:22 +02:00
Michael Cardell Widerkrantz
cc16c8481c
doc: Move software.md to fw/README 2024-06-27 22:22:14 +02:00
dehanj
b4c525695a
Remove redundant RAM address and data scrambling
The RAM address and data scrambling API was called twice, once before filling
RAM with random values, and once after. Since moving to a significantly
better PRNG (xorwow) this is now deemed unnecessary. See issue #225.

This changes both FPGA and firmware hashes.
2024-06-13 12:54:47 +02:00
Joachim Strömbergson
92712a11bf
fw: zeroise FW-RAM instead of RAM
Modify the loop to zeroise the FW-RAM instead of the
RAM. RAM is filled with random data at the start of main().

Changes firmware and bitstream digests.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-12 18:11:10 +02:00
Joachim Strömbergson
3bc2453287
A construction of a minimal SPI master.
- NOTE: This is an optional feature, not built by default. Not included
  in the tk1 for sale at Tillitis shop.
- This makes it possible to interface the SPI flash onboard TKey.
- To include the SPI master in the build, use `make application_fpga.bin
  YOSYS_FLAG=-DINCLUDE_SPI_MASTER`.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 15:28:29 +02:00
Joachim Strömbergson
eade3e11c5
Fill RAM with random data using xorwow.
xorwow provides significantly better random data, compared to previously
used function. Making it harder to predict what data RAM is filled with.
It adds a startup time of approx 80 ms, but can be compensated with
optimising other parts of the startup routine.

This changes both firmware and fpga hashes.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 11:15:00 +02:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
dehanj
2ff2e9a91d
fw: remove duplicate defines in tk1_mem.h 2024-03-21 10:28:51 +01:00
Michael Cardell Widerkrantz
661a6458c8
fw: Add missing TK1_MMIO_BASE
TK1_MMIO_BASE and _SIZE needed by at least qemu.
2024-03-21 10:09:38 +01:00
Michael Cardell Widerkrantz
4d4db70590
fw: Change ASLR name in MMIO
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
f40987b138
fw: Change license for use with qemu
This file is also included in at least qemu (GPL-2.0-or-later) besides
tillitis-key1 (GPL-2.0-only) and tkey-libs (GPL-2.0-only) so it's
licensed as GPL v2 or later even if the rest of the project is -only.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
c48724e115
fw: Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 14:36:20 +01:00
Michael Cardell Widerkrantz
e085d0ebd0
Add void to function signatures meant to be used without args 2024-03-19 08:41:39 +01:00
Michael Cardell Widerkrantz
046343e525
Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 08:40:04 +01:00
Michael Cardell Widerkrantz
e2bd38c540
fw: Remove unusued forever_redflash()
Since we now use assert() and feed the CPU an unimplemented
instruction we have no need for this.
2024-03-18 16:19:59 +01:00
dehanj
9d36acde08
FW: Force the CPU to hang on errors 2024-03-14 15:48:10 +01:00
Joachim Strömbergson
6d0a761e65
Make memeq function side channel silent
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:23 +02:00
Daniel Lublin
9aece67a41
testfw: test read bytes from CDI
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-28 11:44:13 +02:00