Commit Graph

226 Commits

Author SHA1 Message Date
Michael Cardell Widerkrantz
78eb472ac9
fw: Go to state fail on bad command lengths 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
ebf8a11ed0
fw: Move all variable declaration to first in scope 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
9c766794db
fw: Move scramble RAM to own function 2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
9de7f294df
fw: Move all command switches to their own functions 2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
4e3f5469ef
fw: Simplify logic
Switch on state, then read commands specifically in the states that
allow reading of commands, then switch on specific command.
2023-03-14 11:31:47 +01:00
Daniel Lublin
7a97f1ee5f
Add more complete fw_ram test; let testfw have stack in RAM
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 11:21:47 +01:00
Daniel Lublin
5fe7ba7f9d
fw: optimize for speed (-O2) instead of size (-Os)
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:05 +01:00
Daniel Lublin
957df5e6b4
fw: enable addr & data scrambling; fill RAM with random data
Use a rnd_word() func

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
4afdc1cd1f
fw: Steady white led while waiting cmd; led off while loading app
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
7eb4d0304b
fw: load app at the start of RAM
Since app is always loaded at the start of RAM, the TK1_APP_ADDR define
is no longer needed.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:03 +01:00
Daniel Lublin
425fdb4b90
fw: adjust for 2 KB of FW_RAM
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Daniel Lublin
c1fffcb70b
Keep uninitialized var in main, not globally, preventing any BSS
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Daniel Lublin
3ddd6e83a3
Refuse to produce a .bin if .elf has non-empty data or bss section
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
d77654bb8e
fw: No .data or .bss segment
We don't use any .data or .bss segment at all to keep all the firmware
variables in the stack in protected fw_ram.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
56e34b3add
fw/testfw: Use fw_ram for firmware stack
This means firmware's stack shouldn't be accessible to programs
running in app_mode.

It also means we don't need to take special care of secure_ctx which
can now be an ordinary stack variable.

Nonetheless we zero out secure_ctx after final use and inline some
assembler to zero out the entire fw_ram after use, just before
switching to app_mode.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
d2240b3e0f
fw: Use a bit string for allowed_commands
For every state, define a constant bitstring with allowed commands and
check incoming command agains that.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
8edfdf9c36
fw: Remove state init_loading, introduce state fail
- We always assert on allowed commands in a state.
- We don't allow FW_CMD_LOAD_APP to be used twice.
- Enter fail state on read buffer overrun, header endpoint not for us,
  header parse error, and unknown firmware command.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:02 +01:00
Michael Cardell Widerkrantz
65f100a3c0
fw: Use byte readable UDS
UDS is now byte readable (but not writable).

Use UDS and USS directly in a blake2s_update() instead of
concatenating them into fw_ram. UDS will still live for a short while
in fw_ram in the blake2s context buffer but will soon be overwritten.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
b34fdbcd37
testfw: Use wordcpy_s() and memcpy_s()
Use new wordcpy_s() and memcpy_s() functions from lib.c.

Add a local memcpy() which compiling with -Os seems to demand. Why?

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
cc032d9883
fw: Hide HTIF functions better when using NOCONSOLE
We define macros for them that expand to nothing or to a constant to
avoid any extra function calls to dummy functions when running on real
hardware with no console.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
3a7ec9b9a0
fw: Run forever_redflash() when aborting from asserts
Should be more vissible than an eternal loop.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
bbbe1e2f31
fw: Move LED defines and function to own files
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
ccc3b16569
fw: Safer memory functions + asserts
Introduce memcpy_s() and wordcpy_s() that takes the destination buffer
size as an argument. Use assert() which aborts our program to an
eternal loop if we hit problems.

Sprinkle asserts elsewhere as well.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:01 +01:00
Michael Cardell Widerkrantz
f386cec1ed
fw: Add destination buffer size to read()
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:00 +01:00
Michael Cardell Widerkrantz
b292c72534
fw: Remove unnecessary memcpy() from putinthex()
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-14 10:25:00 +01:00
Joachim Strömbergson
b9c415f5d6
bank1 access should also be disabled by default.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-13 12:43:07 +01:00
Joachim Strömbergson
000b7644b5
Update fw ram last address to match new mem size
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-08 13:31:45 +01:00
Daniel Lublin
5f4f5c6584
Correct for new fw-ram size
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-08 12:34:34 +01:00
Daniel Lublin
ebe59647bb
Adjust header file to new fw_ram size
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-08 11:26:25 +01:00
Joachim Strömbergson
a63ba8eb13
Double the size of the fw_ram to 2 kByte
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-08 11:20:38 +01:00
Matthew Mets
0a31685dc0 Add modified case plastic design for MTA1 programmer 2023-03-07 17:09:38 +01:00
Daniel Lublin
8fd0fca967
Grow largest frame length to 512 bytes 2023-03-07 13:52:02 +01:00
Joachim Strömbergson
2e2ca04ab7
Bump FPGA design version to 5
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 12:30:10 +01:00
Joachim Strömbergson
d075cc72c3
Manually merged changes for scrambling
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 10:42:59 +01:00
Joachim Strömbergson
3eb5b7879c Add API address to read out number of bytes in Rx FIFO
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:22:27 +01:00
Joachim Strömbergson
4db4e39205
Clarify the purpose and functionality of the tk1 core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:20:18 +01:00
Joachim Strömbergson
74fd7e3001
Fix spelling nits
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-07 08:16:42 +01:00
Joachim Strömbergson
6f327d2ff9
Block changing of monitor addresses when enabled
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
66ebe5089a
Add fw_ram as always active exe monitor area
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Michael Cardell Widerkrantz
0caf260553
Add CPU_MON offsets
Introduces offsets for setting addresses to check for execution and
offset for controlling the execution monitor.

- TK1_MMIO_TK1_CPU_MON_CTRL
- TK1_MMIO_TK1_CPU_MON_FIRST
- TK1_MMIO_TK1_CPU_MON_LAST
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
5c05ae657e
exe monitor can only be enabled, not disabled
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
7612d00ccf
Feed CPU illegal instruction to trigger trap
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:55 +01:00
Joachim Strömbergson
8ba97e16f3
Move force_jump function to top level mem system
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:54 +01:00
Joachim Strömbergson
86ea45e10a
Add CPU execution monitor
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 15:41:53 +01:00
Joachim Strömbergson
e514f778b2 Remove stray variable for blake2s address update
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Joachim Strömbergson
adcccc44de Change reset value for the trap led to black
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Joachim Strömbergson
d335dd708a Add HW to detect trap in cpu and signal using the LEDs
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-03-06 11:32:38 +01:00
Matthew Mets
0c200dc4e4 Add latest (unreleased) clip plastic design 2023-03-01 13:57:35 +01:00
Matthew Mets
1e8da7de53 Add clip plastic for Acrab release (version 15) 2023-03-01 13:57:35 +01:00
Daniel Lublin
c9593f11c8 Config verilator lint to ignore known 3rd-party warnings; let warnings be fatal
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-03-01 13:37:31 +01:00
Matthew Mets
4995fdb93d Add tk1 case plastic designs 2023-02-28 11:33:40 +01:00
Joachim Strömbergson
caeee54e19
Change LED reset value to black
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-02-27 13:21:51 +01:00
Joachim Strömbergson
317561ad32
Remove options that are the same as the default values
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-02-27 10:22:04 +01:00
Daniel Lublin
9a6a790715
Add github action with basic CI that builds
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-02-03 14:28:56 +01:00
Daniel Lublin
eea8923170 Update fw & testfw to new api
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-01-30 15:48:57 +01:00
Joachim Strömbergson
6137b88fe0 Add separate start, stop bits and running status bit in API
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-01-30 15:48:57 +01:00
Joachim Strömbergson
ab03ebd12c
Improve wording ans size info in header
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-01-30 13:19:01 +01:00
Joachim Strömbergson
cc464e5be2
The memory is 256 x 32 bits, not 512 x 32 bits
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-01-30 13:00:43 +01:00
Joachim Strömbergson
f020495695
Cleanup of tb for timer core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-01-20 10:14:44 +01:00
Daniel Lublin
60efb3c25e
Correct to new path 2023-01-13 15:42:46 +01:00
Matthew Mets
072b204d3d
Add (hardware) production tests for the TK-1 and TP-1 (#69)
* ch552 firmware: add ch55x support files directly

* Add sdcc compiler to docker image, for building CH552 firmware

* Rework production test script

* Add menu-based test runner
* Rewrite production test flows as lists of individual tests
* Add both production flows and manual tests to menu

* Switch to using included binaries

* production test: Update message format
* test_txrx_touchpad: Retry if device communications fail
* production test: put all binaries in binaries/ folder
* binaries/top.bin: replace broken binary

* flash_check: Check for explicit flash IDs

* Document most test procedures

* Test plan documentation

* Sample udev rules

* Production test: allow external references to be overridden

* Remove outdated descriptions

* Correct shebang

* Update shebangs to comply with PEP 394

Change the python scripts to call python instead of python3, as this
works cross platform. See:
https://peps.python.org/pep-0394/#for-python-script-publishers

* Move production test to higher-level directory

* Clarify production test setup

* Move USB C connector test to separate directory

Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>
2023-01-11 16:33:01 +01:00
Matthew Mets
34c1a20015
Remove outdated description 2023-01-09 10:31:26 +01:00
Daniel Lublin
f3c4e6c818
Revise UDI
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-01-05 14:34:32 +01:00
Matthew Mets
21fffd3fed
Ch552 license (#65)
* Add MIT license for CH552 firmware
2023-01-03 15:48:53 +01:00
Joachim Strömbergson
9ce2b8a84a
Only accept tx data when the core is ready
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-01-02 13:10:40 +01:00
Matthew Mets
e71d70008b
TK-1 and TP-1 PCBs (#52)
* Add kicad library for flat programming clip

* Add descriptions to part symbols

* Add extended values, manufacturer/distributor info to components in mta1

* Add new board entry for TK1

* Add TP1 programmer design

* Update MTA1-USB-V1 release files to match production

* Change SPI flash memory type to XT25F08BDFIGT-S
* Change touch sensor feedback cap to 1uF
* Add manufacturer, manufacturer part number, distributor, distributor part number

* Update component values for TK1 PCB

* Use specific part # for C8
* Change flash back to Winbond part, for easier sourcing
* Change C1 to 1pF

* Fixes for production programmer PCB

* Swap GND and 5V on J3
* Replace graphic logo with text
* Rename part to 'TP-1'

* TK-1 release

* Add dimensions for PCB
* Add layer stackup for PCB
* Change PCB component origin to match expanded board
* Change schematic title to 'TK-1', update release date

* mta1-usb-v1-programmer: Add corrected part numbers for OSFC production

* Q1, Q2, F1 part subsititutions
* add mfr/supplier info for all parts

* PCB library: add parts

* Rectangular footprint for TK-1 test pads
* BOM generation script used for TK-1 and TP-1 releases

* TP-1 release

* Schematic: Add manufacturer, supplier information for all parts
* Schematic: Update name and release date
* PCB: Add PCB fabrication information
* PCB: Correct pinouts on silkscreen

* PCB library: add 'screw' and 'foot' symbols

* Screw is a schematic-only part, for including mechanical screws in the
  BOM
* Foot is for self-adhesive rubber mounting feet that can be stuck to
  the bottom of a PCB

* TP-1 release: Add screws, feet to the BOM

* Pico library: Add footprint for RPi Pico w/solder paste

* TP-1 RevA release updates:

* Add fiducials in 3 corners (1mm exposed copper ring w/2mm soldermask opening)
* Add solder paste openings to Raspberry Pi Pico pads

* TK-1: RevA.1 release

* Add two fiducials to TK-1 board

* TP-1: Update fuse type to match actual part

* Make placement diagrams for TP-1, TK-1

* Update BC-1-xxx footprints to include placement outlines
* Update TP-1 PCB with new footprints, clean up top fab layer
* Take screenshots of top layers of both boards

* tk-1: fix placement footprints

* Add pin1 marking for ncp footprint
* Add refdes for w25q80 footprint
* Update board with new footprints, clear extraneous text on fab layer
2022-12-22 16:41:46 +01:00
Daniel Lublin
c1b71b7ba6
testfw: test that UDI can't be read app-mode 2022-12-20 12:06:07 +01:00
Daniel Lublin
11c8eec7b8
testfw: use define and simplify 2022-12-20 12:06:07 +01:00
Joachim Strömbergson
5c74a0727c
Lock down access to UDI in app mode
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2022-12-20 12:05:56 +01:00
Daniel Lublin
c573155ba1
Sleep for a random number of cycles before reading out UDS to FW RAM
To protect against warm boot attacks.

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-12-19 15:25:29 +01:00
Daniel Lublin
9b9a125c66
Purge UDA; never implemented, now deprecated
Fixes #58

Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-12-19 14:32:01 +01:00
Michael Cardell Widerkrantz
08e1438d1e
fw: Add support for blake2s MMIO
In firmware we store the address to firmware blake2s() function at
TK1_MMIO_TK1_BLAKE2S so app can use this firmware function sort of
like a system call but without context switch.
2022-12-15 12:59:52 +01:00
Joachim Strömbergson
a48dc7cbbb
Add reg writable from FW, readable from app for blake2s entry
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2022-12-08 16:16:15 +01:00
Michael Cardell Widerkrantz
3220d1c119
testfw: Remove test_ prefix on UART functions 2022-12-02 16:12:25 +01:00
Michael Cardell Widerkrantz
65bc96a725
fw: Prefix all HTIF console I/O functions with htif_ 2022-12-02 15:09:10 +01:00
Daniel Lublin
49d4735f17
Use TKey name
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-12-02 08:03:06 +01:00
Daniel Lublin
f87e12d1bb
Build with zmmul extension (require clang 15)
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-29 13:03:06 +01:00
Daniel Lublin
367fbec035
tpt: print whole output file paths when verbose
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-29 12:50:26 +01:00
Daniel Lublin
0541be76f3
tpt: make it really ask for items that are not passed in args
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-29 12:39:24 +01:00
Daniel Lublin
3c09960918
Ignore virtualenv dir down where we use it; unignore disused toolchain dirs
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-29 08:10:05 +01:00
Michael Cardell Widerkrantz
a0974a2c0b
fw: Make FW_CMD_NAME_VERSION return names as ASCII arrays
Signed-off-by: Michael Cardell Widerkrantz <mc@tillitis.se>
2022-11-28 16:17:19 +01:00
Daniel Lublin
a2bc95f49a
Flash red when ending in unknown stat
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-28 16:17:19 +01:00
Daniel Lublin
687ee4f8b1
Let LED be steady white when loading app 2022-11-28 16:17:19 +01:00
Michael Cardell Widerkrantz
60b2dcfbb9
fw: Don't allow an app size of 0 2022-11-28 16:17:19 +01:00
Michael Cardell Widerkrantz
c80dc53027
fw: Introduce an explicit state machine - changes protocol!
We introduce an explicit state machine (see README).

With the new states we:

- combine setting size and USS to a single command.
- start the device app immediatiely when having receceived the last
  data chunk and returning the digest.
- Loop forever and wait for the stick to be removed if we end up in
  unknown state.

Signed-off-by: Michael Cardell Widerkrantz <mc@tillitis.se>
2022-11-28 16:17:19 +01:00
Joachim Strömbergson
2fa1ffb8e7
Disable HW support in CPU for DIV
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2022-11-28 16:15:01 +01:00
Daniel Lublin
3435941eab
Remove version suffixes, no longer needed on ubuntu 22.10 (clang 15)
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2022-11-23 09:47:48 +01:00
Joachim Strömbergson
a15a94fe8e
Move readme:s for boards and firmware to doc subdir
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2022-11-21 16:27:30 +01:00
Daniel Lublin
acb9c37ee7
Add fw cmd to get UDI 2022-11-21 15:45:27 +01:00
Daniel Lublin
a2ffb6d007
Correct reference 2022-11-15 15:19:45 +01:00
Joachim Strömbergson
1a49304224 Merge branch 'main' of github.com:tillitis/tillitis-key1 2022-11-09 15:06:07 +01:00
Joachim Strömbergson
159b20fa4e
Zero extend the address to match SB_RAM4K ports 2022-11-09 15:05:03 +01:00
Daniel Lublin
a14662c622
Change to max 100 KB app with 28 KB stack 2022-11-02 15:52:29 +01:00
Daniel Lublin
fdda69745e
Add wrapper script that runs reset.py using virtualenv 2022-11-02 15:19:31 +01:00
Daniel Lublin
7af0fc6777
Make hid_test fail less confusingly when programming device is not connected
Add requirements.txt
2022-11-02 15:19:30 +01:00
Matthew Mets
48f32949bc
Add software reset example for the mta1 programmer 2022-11-02 15:16:24 +01:00
Joachim Strömbergson
517fafff57 Merge branch 'bigger_rx_fifo' 2022-11-02 14:22:46 +01:00
Daniel Lublin
8755a65a38
Format code 2022-10-31 10:07:23 +01:00
Joachim Strömbergson
8061491f6e
Cleanup, and use fifo_empty to indicate data available 2022-10-28 13:12:47 +02:00
Joachim Strömbergson
24d8680772
Improve detection of empty and full FIFO 2022-10-28 13:09:21 +02:00