Commit Graph

302 Commits

Author SHA1 Message Date
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py
Also adding a more detailed explaination of what the script intends to
do
2024-03-26 13:07:11 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
2024-03-22 11:03:13 +01:00
dehanj
2ff2e9a91d
fw: remove duplicate defines in tk1_mem.h 2024-03-21 10:28:51 +01:00
Michael Cardell Widerkrantz
661a6458c8
fw: Add missing TK1_MMIO_BASE
TK1_MMIO_BASE and _SIZE needed by at least qemu.
2024-03-21 10:09:38 +01:00
dehanj
57a6ee2a12
Use tkey-builder:3 as default when building 2024-03-20 17:19:59 +01:00
dehanj
8ca4241ade
Disable non-zero exit for verilog linter in CI, see issue 182. 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
de668a0244
Clean up code and silence warnings after linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
f364b523cf
Change UDS address to three bits to match input port connection 'addr'
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
bbde62d3f5
Add PINMISSING lint ignore for I1 and I2 SB_LUT4 cells
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:52 +01:00
Joachim Strömbergson
8731908cb1
Support incremental builds for the bitstream.
By patching the UDS and UDI into an already built bitstream, it is now
not necessary to rebuild the entire build flow when changing the UDS
and the UDI. This lowers re-build times significantly.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:45 +01:00
Joachim Strömbergson
29fd8338a7
Update the bitstream hash
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:56 +01:00
Joachim Strömbergson
8784a24b33
Change cpu_monitor to security_monitor and to also check RAM
Change name of cpu_monitor to security_monitor and increase its
functionality to include RAM access violations. If addresses in RAM
but outside of physical RAM is accessed in any way the
security_monitor traps the CPU in the same way as it already did for
execution violations.
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
3fb6d66cf3
Add set-only register for the force_trap signal to ensure
that the device must be reset to get out of trap. This
change also breaks a critical path.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
4c3e210a00
Only set ram_we to cpu_wstrb in RAM_PREFIX
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
e48c0fc7d9
Implement cs0 and cs1 as logic equations, not muxes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Michael Cardell Widerkrantz
0590445f3d
Add testbench targets on top-level
The testbenches live in their own Makefiles under
hw/application_fpga/core/*/toolruns (except picorv32). Let's add a
top-level target to build and run them.

In order to run core testbenches, use

  cd hw/application_fpga
  make tb

or if using Podman:

  cd contrib
  make run-tb

to run the same target in a container.
2024-03-20 13:47:12 +01:00
Michael Cardell Widerkrantz
4d4db70590
fw: Change ASLR name in MMIO
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
f40987b138
fw: Change license for use with qemu
This file is also included in at least qemu (GPL-2.0-or-later) besides
tillitis-key1 (GPL-2.0-only) and tkey-libs (GPL-2.0-only) so it's
licensed as GPL v2 or later even if the rest of the project is -only.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
c48724e115
fw: Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 14:36:20 +01:00
dehanj
1e34ddcfa6
Update linter to Verilog-2005 2024-03-19 10:45:37 +01:00
Michael Cardell Widerkrantz
746d7f0e0d
Use pedantic warnings
Use pedantic warnings but still allow inline assembly, so turn off
language-extension-token warnings.
2024-03-19 09:25:37 +01:00
Michael Cardell Widerkrantz
e085d0ebd0
Add void to function signatures meant to be used without args 2024-03-19 08:41:39 +01:00
Michael Cardell Widerkrantz
046343e525
Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 08:40:04 +01:00
Michael Cardell Widerkrantz
e2bd38c540
fw: Remove unusued forever_redflash()
Since we now use assert() and feed the CPU an unimplemented
instruction we have no need for this.
2024-03-18 16:19:59 +01:00
dehanj
9d36acde08
FW: Force the CPU to hang on errors 2024-03-14 15:48:10 +01:00
dehanj
d83f235fd3
Add injection molded plastic case 2023-12-11 13:48:39 +01:00
dehanj
7019cd9048
remove whitespaces and tabs 2023-12-07 17:16:31 +01:00
dehanj
2014923966
Isolate ringbuffer index, copy inbound usb data to new buffer 2023-12-07 17:15:24 +01:00
dehanj
6d5da25321
Translate + clean up 2023-11-07 10:59:21 +01:00
dehanj
f83abed4e4
Add gpio for debug purpose 2023-11-06 12:19:00 +01:00
dehanj
a453aae031
New plastic clip and update BOM for TP1 2023-09-01 13:41:05 +02:00
Daniel Lublin
7cd085a17e
Avoid confusing errors by checking for programmer and stick first
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-08-30 11:37:03 +02:00
blaufish
426b56ebf5
Verilog 2001 rule; use wires for assignments, not registers. (#139) 2023-08-16 10:44:18 +02:00
blaufish
cced6aec31
Explicity make uart_core.rx_data a wire (#140) 2023-08-16 10:43:04 +02:00
Joachim Strömbergson
022bf0bbf9
Change name of pin constraint file to match tk1 pcb
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
17ddb1f84a
Minor fix of ackronyms in the README
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
3e75818879
Fix spelling of toolruns dir
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
5e34802d1c
Update readme with info on API, status, usage and performance
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
361381210e
Add an initial testcase. Hard to simulate entropy
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a76fc19c65
Add Makefile, testbench and support module needed to build som target
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a517552c85
Update README with info about the core functions
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
bc7dfea9c4
Add test9: EXE monitor control and detection
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
4644c79cbd
Adding test 8: GPIO test
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
394e437c91
Add test7: Control of LED RGB outputs.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
480f4e3d45
Add test6: Test that RAM ASLR and SCRAMBLE registers can be set by fw
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00