After the first time system_mode is set to one, the assets will no
longer be read- or writeable, even if system_mode is set to zero at a
later syscall. This is to make sure syscalls does not have the same
privilege as the firmware has at first boot.
We need to monitor when system_mode is set to one, otherwise we might
accedentially lock the assets before actually leaving firmware, for
example if firmware would use a function set in any of the registers
used in system_mode_ctrl.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
App is embedded in firmware and is loaded into app RAM when firmware
starts.
App continuously calls SET_LED syscalls.
Simulation: `make tb_application_fpga_irqpoc_c_example`
Allow FW RAM access only in the following execution contexts:
- Firmware mode
- IRQ_SYSCALL_HI
Input port `system_mode` of the `fw_ram` module is replaced with an
enable port. Since access to FW RAM not longer depend only on
system_mode
Adds a basic example firmware that copies an app to app RAM. The app
triggers syscall interrupts and tries to execute ROM code from app mode.
A make target (`tb_application_fpga_irqpoc_with_app`) that simulates a
Tkey running the firmware is added.
Only allow executing from ROM when in one of the following execution
contexts:
- Firmware mode
- IRQ_SYSCALL_LO
- IRQ_SYSCALL_HI
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
A proof-of-concept of enabling PicoRV32 interrupts. Two interrupt
sources, which can be triggered by writes to memory addresses, are
added. The design has only been simulated, not run on hardware.
Synthesis:
Ice40 LC utilization is 93% (4934/5280) when built using tkey-builder:4
Simulation:
A `tb_application_fpga_irqpoc` target is added. Running `make
tb_application_fpga_irqpoc` creates `tb_application_fpga_sim.fst` which
can be inspected in GTKWave or Surfer.
Firmware:
A simple firmware is added in `fw/irqpoc`. It enables both interrupts
and triggers each interrupt once.
Custom PicoRV32 instructions are located in `custom_ops.S`. It is
imported from upstream PicoRV32 commit:
70f3c33ac8
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
mix of `switch_app_*` and `fw_app_mode`.
Silence lint on intentional combinatinal loops
Use better instance names, and a single lint pragma for all macros
Remove unused pointer update signals
Silence lint on wires where not all bits are used
Change fw_app_mode to be an input port to allow access control
Remove redundant, unused wire mem_busy
Add lint pragma to ignore debug register only enabled by a define
Remove clk and reset_n ports from the ROM
Adding note and lint pragma for rom address width
Fix incorrect register widths in uart_core
Assign all 16 bits in LUT config
Silence lint warnings on macro instances
Correct bit extraction for core addresses to be eight bits wide
Correct the bit width of cdi_mem_we wire
Add specific output file for logging lint issues
Correct bit width of tmp_ready to match one bit ready port
