Commit Graph

500 Commits

Author SHA1 Message Date
Joachim Strömbergson
e8762d80fc
(fpga) First attempt at PoC of HW trampoline for syscall.
This commit adds a first attempt at adding a HW based syscall
       trampoline. Basicallt the FW can set a fixed address in a
       register in the API. The app can write an API adress. When
       written the HW will (should) force the CPU to read the
       instruction pointed to by the address set by the FW.

       This probably doesn't work. One problem is probably timing
       (cycles between writing the API and loading of the next
       instruction). We need to try.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-29 13:53:46 +02:00
Joachim Strömbergson
7f93b7817b
FPGA: Add --freq constraint to nextpnr
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-20 13:45:01 +02:00
Joachim Strömbergson
75b028505f
FPGA: Increase clock frequency to 21 MHz
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-20 13:45:00 +02:00
Joachim Strömbergson
00599549e3
FPGA: Add system reset API
Add API address to trigger system reset.
      When written to will send system_reset signal
      to the reset generator, which then perform a complete
      reset cycle of the FPGA system.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-20 13:25:22 +02:00
Joachim Strömbergson
b5ba21148d
FPGA: Cleanup tk1 spi testbench
- Remove DUT variables from state display that was removed as part of
  performance fix
- Corrected some incorrect display statements for expected unique ID and
  byte counters

Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:39:31 +02:00
Joachim Strömbergson
4003d6a1c0
FPGA: Improve SPI testing
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:38:24 +02:00
Joachim Strömbergson
3d8491af71
FPGA: Move sample point to not miss MISO lsb
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:37:46 +02:00
Joachim Strömbergson
53c5e70795
FPGA: Update names for RAM randomization API
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-10 13:45:26 +02:00
Joachim Strömbergson
816718307f
fpga: Fix nits in constant value specification
Remove the preceeding zero in the constant expression
      that cause the simulator to warn about incorrect
      bit size.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-09 10:51:10 +02:00
Michael Cardell Widerkrantz
d297514e7e
doc: Note where doc is to be found
- Not all documentation is in the Dev Handbook.
- Point out README files.
2024-07-01 17:09:29 +02:00
Michael Cardell Widerkrantz
f1534e5dad
doc: Update and expand firmware README
- Remove all text about other software than firmware.
- Remove the Reset section.
- Include a diagram and detailed explanation about the state machine
  in close vicinity.
- Describe the test firmware.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-07-01 17:09:22 +02:00
Michael Cardell Widerkrantz
cc16c8481c
doc: Move software.md to fw/README 2024-06-27 22:22:14 +02:00
Michael Cardell Widerkrantz
058c8e970c
docs: Remove firmware protocol description
Point to Developer Handbook description.
2024-06-27 09:03:00 +02:00
dehanj
c406b780ba
Docs: remove framing protocol in favor of using the dev-handbook. 2024-06-27 09:02:59 +02:00
dehanj
354aecbed6
USB: move firmware for usb-to-serial MCU (CH552)
Change links to the new ch552_fw directory.
2024-06-25 15:47:22 +02:00
Joachim Strömbergson
c271b48a53
FPGA: Remove redundant clock cycle counter
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:24 +02:00
Joachim Strömbergson
ec77b15eb8
FPGA: Increase SPI speed
- Change SPI clock from 16 CPU cyles/flank to one cycle/flank
- Remove separate flank length wait states in the FSM

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:07 +02:00
Joachim Strömbergson
8ce07683f8
FPGA: SPI-master improvements
- Changed FSM states to localparams
- Added localparam for SPI clock divisor
- Added internal signal for divisor reached
- Improved comments to clarify code
- Fixed some minor textual nits

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 11:51:44 +02:00
dehanj
120956b835
CI: Enable linting in CI again. See #182. 2024-06-17 15:37:13 +02:00
Joachim Strömbergson
d502b59062
FPGA: Ignore combinational loops that we want
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
49e81be1e1
FPGA: Ignore lint warnings in cell library
For Verilator >5.019 `-Wno-GENUNNAMED` needs to be added to LINT_FLAGS
to silence warnings from the cell library.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
bb4469ffda
FPGA: Ignore warnings about blocking assignment in clocked processes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
5d0358dd2f
FPGA: Add labels for generate statements
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
6d9fc7db11
FPGA: Add core local Makefile for linting the PicoRV32
- Add more flags to catch the issues seen when linting the FPGA.
- Store issues in separate file for viewing. Remove with make clean.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:27:47 +02:00
dehanj
b4c525695a
Remove redundant RAM address and data scrambling
The RAM address and data scrambling API was called twice, once before filling
RAM with random values, and once after. Since moving to a significantly
better PRNG (xorwow) this is now deemed unnecessary. See issue #225.

This changes both FPGA and firmware hashes.
2024-06-13 12:54:47 +02:00
Joachim Strömbergson
92712a11bf
fw: zeroise FW-RAM instead of RAM
Modify the loop to zeroise the FW-RAM instead of the
RAM. RAM is filled with random data at the start of main().

Changes firmware and bitstream digests.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-12 18:11:10 +02:00
Joachim Strömbergson
f61d254fda
Adding testbench and simulation targets for the SPI master. 2024-06-11 15:28:29 +02:00
Joachim Strömbergson
3bc2453287
A construction of a minimal SPI master.
- NOTE: This is an optional feature, not built by default. Not included
  in the tk1 for sale at Tillitis shop.
- This makes it possible to interface the SPI flash onboard TKey.
- To include the SPI master in the build, use `make application_fpga.bin
  YOSYS_FLAG=-DINCLUDE_SPI_MASTER`.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 15:28:29 +02:00
Joachim Strömbergson
eade3e11c5
Fill RAM with random data using xorwow.
xorwow provides significantly better random data, compared to previously
used function. Making it harder to predict what data RAM is filled with.
It adds a startup time of approx 80 ms, but can be compensated with
optimising other parts of the startup routine.

This changes both firmware and fpga hashes.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 11:15:00 +02:00
Joachim Strömbergson
09df7ae97f
FPGA: Fix linting of tk1 core
Add simultion models of udi_rom and sb_rbga_drv
      to lint-top target.

      Add ignore statements in tb_sb_rgba_drv to silence
      Verilator on parameters and signals not used in
      the sim model.

      Use RGBLEDEN in simulation model

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-10 14:22:59 +02:00
Joachim Strömbergson
cadf8e9849
FPGA: Add sim model of udi_rom
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-07 12:06:40 +02:00
Joachim Strömbergson
0454e023cd
Ignore application_fpga_par.json
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-25 11:29:47 +02:00
Joachim Strömbergson
e961f46e79
Update Verilog version to 2005 for linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-24 08:44:08 +02:00
Joachim Strömbergson
f655196af7
Clarify the functional description of the touch_sense core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:03:08 +02:00
dehanj
a5e30f1203
CI: Divide into separate jobs.
- Gives a better overview of CI and the different checks, without going
  into the logs too deeply.
- Cache: use a unique key for each run, and remove 'restore key' since it
  could potentially retrieve the wrong bitstream. The stragegy should be
  to fail if a cache is not present, not fetch a bitstream from a
  different build.
2024-04-19 12:16:41 +02:00
dehanj
d7b8bb26a9
CI: move check-hash to separate job.
- This makes it easier to see if CI fails on hashes (which might be
  expected during development) or something else.
2024-04-17 12:10:28 +02:00
Michael Cardell Widerkrantz
3cf218469c
hw/tool: UDI/UDS storage
Describe how the UDI and UDS are actually stored in the FPGA, how they
are accessed, and how they are initialled by the patch_uds_udi.py
script.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-04-03 11:27:00 +02:00
dehanj
1c90b1aa3d
Add release notes for TK1-24.03
Clarifying earlier release notes.
2024-03-26 13:34:54 +01:00
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py
Also adding a more detailed explaination of what the script intends to
do
2024-03-26 13:07:11 +01:00
Michael Cardell Widerkrantz
88c6036215
Add mitigations to threat model
Describe under each release what kind of threat mitigations we have
added.
2024-03-25 17:27:00 +01:00
dehanj
0e166e4159
Build tp1 firmware in CI 2024-03-22 11:43:39 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
d10c4972d7
Use tkey-builder:4 2024-03-22 10:54:33 +01:00
Michael Cardell Widerkrantz
da40edfc51
tkey-builder: Include clang-tidy & splint
To be able to run statical analysis on source, include clang-tidy and
splint (see make check) in tkey-builder.
2024-03-21 15:03:08 +01:00
Michael Cardell Widerkrantz
48324fe5b3
tp1 fw: Update pico-sdk to 1.5.1 2024-03-21 14:17:01 +01:00