Introduce new syscall TK1_SYSCALL_GET_VIDPID to get Vendor ID and
Product ID from the protected Unique Device Identification number.
UDI is protected from device apps to protect the serial number, so
apps won't know the exact TKey they are running on other than the CDI.
It may, however, be important to know what *kind* of TKey they are
running on, so we want to expose the Vendor ID and Product ID.
- fpga: Allow UDI to be read when doing syscalls.
- Add the new syscall to firmware.
- Add test to testapp directly after negative test of reading UDI to
read out VID/PID through a syscall.
Since the introduction of the syscall mechanism we don't allow
execution in ROM anymore so it's impossible to call the firmware's
blake2s() function.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
In order to be able to leave data for firmware signalling the
intention with a reset or to leave data for the next app in a chain of
apps, we introduce a part of FW_RAM that can be used to store this
data. In order to do this, we:
- Change size of ROM from 6 KB to 8 KB.
- Change size of FW_RAM, from 2 KB to 4 KB.
- Add RESETINFO memory partition inside FW_RAM.
- Add generation of map file.
- Change CFLAGS from using -O2 to using -Os.
- Update address ranges for valid access to ROM and FW_RAM.
- Move stack to be located before data+bss and the RESETINFO data
above them. This also means we introduce hardware stack overflow
protection through the Security Monitor.
- Revise firmware README to the new use of FW_RAM.
Throwing away mode and length from incoming data. Adding mode and
length to outgoing data.
Splitting responses into frames small enough for the USB<->UART
transceiver to handle.
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
mix of `switch_app_*` and `fw_app_mode`.
- Remove the define `NOCONSOLE`, add define `QEMU_CONSOLE`
- Inverse the use of it, add the define to have QEMU debug output in fw.
- Add a make target `qemu_firmware.elf` which builds the firmware with
QEMU console enabled.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
The RAM address and data scrambling API was called twice, once before filling
RAM with random values, and once after. Since moving to a significantly
better PRNG (xorwow) this is now deemed unnecessary. See issue #225.
This changes both FPGA and firmware hashes.
Modify the loop to zeroise the FW-RAM instead of the
RAM. RAM is filled with random data at the start of main().
Changes firmware and bitstream digests.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
xorwow provides significantly better random data, compared to previously
used function. Making it harder to predict what data RAM is filled with.
It adds a startup time of approx 80 ms, but can be compensated with
optimising other parts of the startup routine.
This changes both firmware and fpga hashes.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
Since UDS is not byte-readable we copy it by word to local_uds. Now
UDS lives for a short while in local_uds on the stack in FW_RAM and in
the internal buffer of the blake2s context (also in FW_RAM) but is
very soon overwritten.
Add clang-tidy and splint static analytics check. For now, we use only
the cert-* warnings on clang-tidy and run splint with a lot of flags
to allow more things.
Changes to silence these analytics:
- Stop returning stuff from our debug print functions. We don't check
them anyway and we don't have any way of detecting transmission
failure.
- Declare more things static that isn't used outside of a file.
- Change types to be more consistent, typically to size_t or
something or to uint32_t.
We don't use any .data or .bss segment at all to keep all the firmware
variables in the stack in protected fw_ram.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
This means firmware's stack shouldn't be accessible to programs
running in app_mode.
It also means we don't need to take special care of secure_ctx which
can now be an ordinary stack variable.
Nonetheless we zero out secure_ctx after final use and inline some
assembler to zero out the entire fw_ram after use, just before
switching to app_mode.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
For every state, define a constant bitstring with allowed commands and
check incoming command agains that.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
