We don't use any .data or .bss segment at all to keep all the firmware
variables in the stack in protected fw_ram.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
This means firmware's stack shouldn't be accessible to programs
running in app_mode.
It also means we don't need to take special care of secure_ctx which
can now be an ordinary stack variable.
Nonetheless we zero out secure_ctx after final use and inline some
assembler to zero out the entire fw_ram after use, just before
switching to app_mode.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
For every state, define a constant bitstring with allowed commands and
check incoming command agains that.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
- We always assert on allowed commands in a state.
- We don't allow FW_CMD_LOAD_APP to be used twice.
- Enter fail state on read buffer overrun, header endpoint not for us,
header parse error, and unknown firmware command.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
UDS is now byte readable (but not writable).
Use UDS and USS directly in a blake2s_update() instead of
concatenating them into fw_ram. UDS will still live for a short while
in fw_ram in the blake2s context buffer but will soon be overwritten.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Use new wordcpy_s() and memcpy_s() functions from lib.c.
Add a local memcpy() which compiling with -Os seems to demand. Why?
Signed-off-by: Daniel Lublin <daniel@lublin.se>
We define macros for them that expand to nothing or to a constant to
avoid any extra function calls to dummy functions when running on real
hardware with no console.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduce memcpy_s() and wordcpy_s() that takes the destination buffer
size as an argument. Use assert() which aborts our program to an
eternal loop if we hit problems.
Sprinkle asserts elsewhere as well.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduces offsets for setting addresses to check for execution and
offset for controlling the execution monitor.
- TK1_MMIO_TK1_CPU_MON_CTRL
- TK1_MMIO_TK1_CPU_MON_FIRST
- TK1_MMIO_TK1_CPU_MON_LAST
* ch552 firmware: add ch55x support files directly
* Add sdcc compiler to docker image, for building CH552 firmware
* Rework production test script
* Add menu-based test runner
* Rewrite production test flows as lists of individual tests
* Add both production flows and manual tests to menu
* Switch to using included binaries
* production test: Update message format
* test_txrx_touchpad: Retry if device communications fail
* production test: put all binaries in binaries/ folder
* binaries/top.bin: replace broken binary
* flash_check: Check for explicit flash IDs
* Document most test procedures
* Test plan documentation
* Sample udev rules
* Production test: allow external references to be overridden
* Remove outdated descriptions
* Correct shebang
* Update shebangs to comply with PEP 394
Change the python scripts to call python instead of python3, as this
works cross platform. See:
https://peps.python.org/pep-0394/#for-python-script-publishers
* Move production test to higher-level directory
* Clarify production test setup
* Move USB C connector test to separate directory
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
* Add kicad library for flat programming clip
* Add descriptions to part symbols
* Add extended values, manufacturer/distributor info to components in mta1
* Add new board entry for TK1
* Add TP1 programmer design
* Update MTA1-USB-V1 release files to match production
* Change SPI flash memory type to XT25F08BDFIGT-S
* Change touch sensor feedback cap to 1uF
* Add manufacturer, manufacturer part number, distributor, distributor part number
* Update component values for TK1 PCB
* Use specific part # for C8
* Change flash back to Winbond part, for easier sourcing
* Change C1 to 1pF
* Fixes for production programmer PCB
* Swap GND and 5V on J3
* Replace graphic logo with text
* Rename part to 'TP-1'
* TK-1 release
* Add dimensions for PCB
* Add layer stackup for PCB
* Change PCB component origin to match expanded board
* Change schematic title to 'TK-1', update release date
* mta1-usb-v1-programmer: Add corrected part numbers for OSFC production
* Q1, Q2, F1 part subsititutions
* add mfr/supplier info for all parts
* PCB library: add parts
* Rectangular footprint for TK-1 test pads
* BOM generation script used for TK-1 and TP-1 releases
* TP-1 release
* Schematic: Add manufacturer, supplier information for all parts
* Schematic: Update name and release date
* PCB: Add PCB fabrication information
* PCB: Correct pinouts on silkscreen
* PCB library: add 'screw' and 'foot' symbols
* Screw is a schematic-only part, for including mechanical screws in the
BOM
* Foot is for self-adhesive rubber mounting feet that can be stuck to
the bottom of a PCB
* TP-1 release: Add screws, feet to the BOM
* Pico library: Add footprint for RPi Pico w/solder paste
* TP-1 RevA release updates:
* Add fiducials in 3 corners (1mm exposed copper ring w/2mm soldermask opening)
* Add solder paste openings to Raspberry Pi Pico pads
* TK-1: RevA.1 release
* Add two fiducials to TK-1 board
* TP-1: Update fuse type to match actual part
* Make placement diagrams for TP-1, TK-1
* Update BC-1-xxx footprints to include placement outlines
* Update TP-1 PCB with new footprints, clean up top fab layer
* Take screenshots of top layers of both boards
* tk-1: fix placement footprints
* Add pin1 marking for ncp footprint
* Add refdes for w25q80 footprint
* Update board with new footprints, clear extraneous text on fab layer
In firmware we store the address to firmware blake2s() function at
TK1_MMIO_TK1_BLAKE2S so app can use this firmware function sort of
like a system call but without context switch.
We introduce an explicit state machine (see README).
With the new states we:
- combine setting size and USS to a single command.
- start the device app immediatiely when having receceived the last
data chunk and returning the digest.
- Loop forever and wait for the stick to be removed if we end up in
unknown state.
Signed-off-by: Michael Cardell Widerkrantz <mc@tillitis.se>
