Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2024-12-26 16:09:42 -05:00
Code Issues Packages Projects Releases Wiki Activity
526 Commits 27 Branches 14 Tags 32 MiB
aea2e319eb
Commit Graph

306 Commits

Author SHA1 Message Date
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation. 
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
 2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py 
Also adding a more detailed explaination of what the script intends to
do
 2024-03-26 13:07:11 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat 
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
 2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI 
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
 2024-03-22 11:03:13 +01:00
dehanj
2ff2e9a91d
fw: remove duplicate defines in tk1_mem.h 2024-03-21 10:28:51 +01:00
Michael Cardell Widerkrantz
661a6458c8
fw: Add missing TK1_MMIO_BASE 
TK1_MMIO_BASE and _SIZE needed by at least qemu.
 2024-03-21 10:09:38 +01:00
dehanj
57a6ee2a12
Use tkey-builder:3 as default when building 2024-03-20 17:19:59 +01:00
dehanj
8ca4241ade
Disable non-zero exit for verilog linter in CI, see issue 182. 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
de668a0244
Clean up code and silence warnings after linting 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
f364b523cf
Change UDS address to three bits to match input port connection 'addr' 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
bbde62d3f5
Add PINMISSING lint ignore for I1 and I2 SB_LUT4 cells 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 16:39:52 +01:00
Joachim Strömbergson
8731908cb1
Support incremental builds for the bitstream. 
By patching the UDS and UDI into an already built bitstream, it is now
not necessary to rebuild the entire build flow when changing the UDS
and the UDI. This lowers re-build times significantly.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 16:39:45 +01:00
Joachim Strömbergson
29fd8338a7
Update the bitstream hash 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 14:36:56 +01:00
Joachim Strömbergson
8784a24b33
Change cpu_monitor to security_monitor and to also check RAM 
Change name of cpu_monitor to security_monitor and increase its
functionality to include RAM access violations. If addresses in RAM
but outside of physical RAM is accessed in any way the
security_monitor traps the CPU in the same way as it already did for
execution violations.
 2024-03-20 14:36:55 +01:00
Joachim Strömbergson
3fb6d66cf3
Add set-only register for the force_trap signal to ensure 
that the device must be reset to get out of trap. This
change also breaks a critical path.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 14:36:55 +01:00
Joachim Strömbergson
4c3e210a00
Only set ram_we to cpu_wstrb in RAM_PREFIX 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 14:36:55 +01:00
Joachim Strömbergson
e48c0fc7d9
Implement cs0 and cs1 as logic equations, not muxes 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2024-03-20 14:36:55 +01:00
Michael Cardell Widerkrantz
0590445f3d
Add testbench targets on top-level 
The testbenches live in their own Makefiles under
hw/application_fpga/core/*/toolruns (except picorv32). Let's add a
top-level target to build and run them.

In order to run core testbenches, use

  cd hw/application_fpga
  make tb

or if using Podman:

  cd contrib
  make run-tb

to run the same target in a container.
 2024-03-20 13:47:12 +01:00
Michael Cardell Widerkrantz
4d4db70590
fw: Change ASLR name in MMIO 
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
 2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
f40987b138
fw: Change license for use with qemu 
This file is also included in at least qemu (GPL-2.0-or-later) besides
tillitis-key1 (GPL-2.0-only) and tkey-libs (GPL-2.0-only) so it's
licensed as GPL v2 or later even if the rest of the project is -only.
 2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
c48724e115
fw: Change memory constants to defines 
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
 2024-03-19 14:36:20 +01:00
dehanj
1e34ddcfa6
Update linter to Verilog-2005 2024-03-19 10:45:37 +01:00
Michael Cardell Widerkrantz
746d7f0e0d
Use pedantic warnings 
Use pedantic warnings but still allow inline assembly, so turn off
language-extension-token warnings.
 2024-03-19 09:25:37 +01:00
Michael Cardell Widerkrantz
e085d0ebd0
Add void to function signatures meant to be used without args 2024-03-19 08:41:39 +01:00
Michael Cardell Widerkrantz
046343e525
Change memory constants to defines 
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
 2024-03-19 08:40:04 +01:00
Michael Cardell Widerkrantz
e2bd38c540
fw: Remove unusued forever_redflash() 
Since we now use assert() and feed the CPU an unimplemented
instruction we have no need for this.
 2024-03-18 16:19:59 +01:00
dehanj
9d36acde08
FW: Force the CPU to hang on errors 2024-03-14 15:48:10 +01:00
Daniel Lublin
7cd085a17e
Avoid confusing errors by checking for programmer and stick first 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-08-30 11:37:03 +02:00
blaufish
426b56ebf5
Verilog 2001 rule; use wires for assignments, not registers. (#139) 2023-08-16 10:44:18 +02:00
blaufish
cced6aec31
Explicity make uart_core.rx_data a wire (#140) 2023-08-16 10:43:04 +02:00
Joachim Strömbergson
022bf0bbf9
Change name of pin constraint file to match tk1 pcb 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:29 +02:00
Joachim Strömbergson
17ddb1f84a
Minor fix of ackronyms in the README 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:29 +02:00
Joachim Strömbergson
3e75818879
Fix spelling of toolruns dir 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:29 +02:00
Joachim Strömbergson
5e34802d1c
Update readme with info on API, status, usage and performance 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
361381210e
Add an initial testcase. Hard to simulate entropy 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a76fc19c65
Add Makefile, testbench and support module needed to build som target 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a517552c85
Update README with info about the core functions 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
bc7dfea9c4
Add test9: EXE monitor control and detection 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
4644c79cbd
Adding test 8: GPIO test 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:28 +02:00
Joachim Strömbergson
394e437c91
Add test7: Control of LED RGB outputs. 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
480f4e3d45
Add test6: Test that RAM ASLR and SCRAMBLE registers can be set by fw 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
d70937c11b
Improved messaging from the testbench 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
59af60bdd5
Add test4: writing and reading blake2s entry point 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
dc2903a5b4
Update test3 to check that writing to CDI works when in fw mode 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
16a91bfdd5
Adding test 3: Reading out the CDI 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
1f47991ac2
Add test2: Read out UDI 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:27 +02:00
Joachim Strömbergson
6d9890d050
Add test1: Read out name and version 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
49eac9d101
Complete init of DUT and input, output display 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
1909833952
Add header with info and license 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
b1993742bb
Fix testbench buik including DUT instantiation 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
2fb61bba73
Add UDI used during simulation 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
cb2fd573b3
Add dummy LED macro driver module needed for simulation 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
61598f57e5
Add initial version of testbench annd Makfile for building sim target 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:26 +02:00
Joachim Strömbergson
97e3e25d98
Update the UART README with info about the core and its API 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
704d67c8ab
Add Makefile to build sim. Debug sim build 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
819b93deff
Complete testbench and update README with API info 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
bbff7576df
Fix markdown syntax for API listing 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
e6eaad87dc
Update README with info about the timer API 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
4c54b4b60b
Add info about the API in the README 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
18bb9b8599
Making the testbench self checking 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:25 +02:00
Joachim Strömbergson
1d2a71ec0c
Change file extension to markdown 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:24 +02:00
Joachim Strömbergson
1e97e27e66
Updated README, completed testcase and cleaned up the testbench 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:24 +02:00
Joachim Strömbergson
9d188a2f7f
Add more info about how the timer works 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:24 +02:00
Joachim Strömbergson
7c9dfaf45a
Add testcase for the timer top level wrapper and clean up the tb 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:24 +02:00
Joachim Strömbergson
c185849ae4
Minor cleanup of README, testbench and Makefile 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:24 +02:00
Michael Cardell Widerkrantz
e0e871c730
Include debug symbols in the ELF 2023-07-04 09:04:23 +02:00
Joachim Strömbergson
6d0a761e65
Make memeq function side channel silent 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-07-04 09:04:23 +02:00
Daniel Lublin
2ddd523c29
Use tkey-builder:2; add hashes & checks for bitstream & fw bins 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-07-04 09:04:23 +02:00
Daniel Lublin
9aece67a41
testfw: test read bytes from CDI 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-28 11:44:13 +02:00
Daniel Lublin
eeed342b96
testfw: make output slightly more readable 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-28 11:32:56 +02:00
Daniel Lublin
aa86c9d58c
testfw: compare UDS correctly, correct byte-order 
Also don't let fwram success overwrite anyfailed

Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-28 11:32:56 +02:00
Daniel Lublin
dcc6351f79
testfw: use a func for fail prints 
Now testfw fits again (when built with -Os)

Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-28 11:32:56 +02:00
Daniel Lublin
bcac8eeaf4
testfw: update check for new known UDS; correctly and always print UDS 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-28 11:32:56 +02:00
Joachim Strömbergson
688910bee4
Use different byte values in test UDS words 
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
 2023-03-28 09:26:23 +02:00
Michael Cardell Widerkrantz
c126199a41
fw: UDS not byte-readable 
Since UDS is not byte-readable we copy it by word to local_uds. Now
UDS lives for a short while in local_uds on the stack in FW_RAM and in
the internal buffer of the blake2s context (also in FW_RAM) but is
very soon overwritten.
 2023-03-27 16:24:02 +02:00
Michael Cardell Widerkrantz
fae2447344
testfw: Test UDS against known good 2023-03-27 16:24:02 +02:00
Michael Cardell Widerkrantz
cefb6ca9c1
fw: Change max frame size to 128 bytes 2023-03-27 10:58:16 +02:00
Michael Cardell Widerkrantz
c443ef8a3e
fw: clang-tidy and splint: New make target: check 
Add clang-tidy and splint static analytics check. For now, we use only
the cert-* warnings on clang-tidy and run splint with a lot of flags
to allow more things.

Changes to silence these analytics:

- Stop returning stuff from our debug print functions. We don't check
  them anyway and we don't have any way of detecting transmission
  failure.

- Declare more things static that isn't used outside of a file.

- Change types to be more consistent, typically to size_t or
  something or to uint32_t.
 2023-03-22 11:05:32 +01:00
Michael Cardell Widerkrantz
f622937918
fw: Don't use reserved or reserved-looking names 2023-03-22 11:05:26 +01:00
Michael Cardell Widerkrantz
709a4449ff
testfw: clang format 2023-03-16 15:08:36 +01:00
Michael Cardell Widerkrantz
9488f0633d
fw: Hide *led in led.c 2023-03-16 14:26:20 +01:00
Michael Cardell Widerkrantz
8665031bb4
fw/testfw: Simplify hexdump 2023-03-16 14:26:13 +01:00
Michael Cardell Widerkrantz
7ce1d9fe06
fw: Remove forgotten hexdump 2023-03-16 14:03:11 +01:00
Michael Cardell Widerkrantz
1f10c8e2db
fw: Initialize automatic variables 2023-03-16 13:51:24 +01:00
Michael Cardell Widerkrantz
226bcbaed1
fw: Update comments 2023-03-16 13:30:56 +01:00
Michael Cardell Widerkrantz
00d806df10
fw: Rename variable rnd to rnd_sleep to indicate what it's for 2023-03-16 13:17:42 +01:00
Michael Cardell Widerkrantz
cd2dc55371
fw: Add function declaration for static functions 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
0a1e1db40e
fw: Init stack pointer to end of fw_ram 2023-03-14 11:31:48 +01:00
Daniel Lublin
2b9bfc0eff
Consistently set any new state and do break out of case/default 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
f9960de506
fw: Re-introduce print_hw_version() - simplify namever handling 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
78eb472ac9
fw: Go to state fail on bad command lengths 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
ebf8a11ed0
fw: Move all variable declaration to first in scope 2023-03-14 11:31:48 +01:00
Michael Cardell Widerkrantz
9c766794db
fw: Move scramble RAM to own function 2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
9de7f294df
fw: Move all command switches to their own functions 2023-03-14 11:31:47 +01:00
Michael Cardell Widerkrantz
4e3f5469ef
fw: Simplify logic 
Switch on state, then read commands specifically in the states that
allow reading of commands, then switch on specific command.
 2023-03-14 11:31:47 +01:00
Daniel Lublin
7a97f1ee5f
Add more complete fw_ram test; let testfw have stack in RAM 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-14 11:21:47 +01:00
Daniel Lublin
5fe7ba7f9d
fw: optimize for speed (-O2) instead of size (-Os) 
Signed-off-by: Daniel Lublin <daniel@lublin.se>
 2023-03-14 10:25:05 +01:00