Commit Graph

500 Commits

Author SHA1 Message Date
Joachim Strömbergson
fbd1620891
fpga: Add stateful access control
Add access stateful control register that toggles if access to a
      resources is granted based on if code is excuted from ROM or RAM.
      The register is used to enable or block access to SPI but
      potentially other HW resources.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-09 16:00:04 +02:00
Daniel Jobson
c6abfbcc59
CI: Echo and comment max frequency in associated PR 2024-07-09 16:00:04 +02:00
Daniel Jobson
5442e90336
CI: add build of fpga with SPI-master 2024-07-09 10:59:27 +02:00
Joachim Strömbergson
3a2d52d539
Remove cpu_valid from SPI access control condition
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-08 14:48:35 +02:00
Joachim Strömbergson
52a2e1b693
fpga: Remove cpu_instr from SPI access control condition
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-08 14:46:19 +02:00
Joachim Strömbergson
be14e88d5f
fpga: Always allow access to SPI-master
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-08 14:26:59 +02:00
dehanj
771f588437
Fix syntax error 2024-07-04 14:23:14 +02:00
Joachim Strömbergson
ac8bf9fa42
fpga: block control inputs to SPI-master, not external interface
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-04 14:15:52 +02:00
Joachim Strömbergson
82c0c1459b
FPGA: Add CPU instruction address SPI access control
Add logic that checks if the CPU is reading an instruction
      to execute from ROM or not. If instructions are read
      from ROM, access to the SPI from the API is granted, and
      signals between the SPI master and a slave are allowed.

      If instructions are not read from ROM, any API access
      is blocked. and between the SPI master and a
      slave are disabled.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-04 14:15:51 +02:00
Michael Cardell Widerkrantz
d297514e7e
doc: Note where doc is to be found
- Not all documentation is in the Dev Handbook.
- Point out README files.
2024-07-01 17:09:29 +02:00
Michael Cardell Widerkrantz
f1534e5dad
doc: Update and expand firmware README
- Remove all text about other software than firmware.
- Remove the Reset section.
- Include a diagram and detailed explanation about the state machine
  in close vicinity.
- Describe the test firmware.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-07-01 17:09:22 +02:00
Michael Cardell Widerkrantz
cc16c8481c
doc: Move software.md to fw/README 2024-06-27 22:22:14 +02:00
Michael Cardell Widerkrantz
058c8e970c
docs: Remove firmware protocol description
Point to Developer Handbook description.
2024-06-27 09:03:00 +02:00
dehanj
c406b780ba
Docs: remove framing protocol in favor of using the dev-handbook. 2024-06-27 09:02:59 +02:00
dehanj
354aecbed6
USB: move firmware for usb-to-serial MCU (CH552)
Change links to the new ch552_fw directory.
2024-06-25 15:47:22 +02:00
Joachim Strömbergson
c271b48a53
FPGA: Remove redundant clock cycle counter
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:24 +02:00
Joachim Strömbergson
ec77b15eb8
FPGA: Increase SPI speed
- Change SPI clock from 16 CPU cyles/flank to one cycle/flank
- Remove separate flank length wait states in the FSM

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:07 +02:00
Joachim Strömbergson
8ce07683f8
FPGA: SPI-master improvements
- Changed FSM states to localparams
- Added localparam for SPI clock divisor
- Added internal signal for divisor reached
- Improved comments to clarify code
- Fixed some minor textual nits

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 11:51:44 +02:00
dehanj
120956b835
CI: Enable linting in CI again. See #182. 2024-06-17 15:37:13 +02:00
Joachim Strömbergson
d502b59062
FPGA: Ignore combinational loops that we want
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
49e81be1e1
FPGA: Ignore lint warnings in cell library
For Verilator >5.019 `-Wno-GENUNNAMED` needs to be added to LINT_FLAGS
to silence warnings from the cell library.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
bb4469ffda
FPGA: Ignore warnings about blocking assignment in clocked processes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
5d0358dd2f
FPGA: Add labels for generate statements
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
6d9fc7db11
FPGA: Add core local Makefile for linting the PicoRV32
- Add more flags to catch the issues seen when linting the FPGA.
- Store issues in separate file for viewing. Remove with make clean.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:27:47 +02:00
dehanj
b4c525695a
Remove redundant RAM address and data scrambling
The RAM address and data scrambling API was called twice, once before filling
RAM with random values, and once after. Since moving to a significantly
better PRNG (xorwow) this is now deemed unnecessary. See issue #225.

This changes both FPGA and firmware hashes.
2024-06-13 12:54:47 +02:00
Joachim Strömbergson
92712a11bf
fw: zeroise FW-RAM instead of RAM
Modify the loop to zeroise the FW-RAM instead of the
RAM. RAM is filled with random data at the start of main().

Changes firmware and bitstream digests.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-12 18:11:10 +02:00
Joachim Strömbergson
f61d254fda
Adding testbench and simulation targets for the SPI master. 2024-06-11 15:28:29 +02:00
Joachim Strömbergson
3bc2453287
A construction of a minimal SPI master.
- NOTE: This is an optional feature, not built by default. Not included
  in the tk1 for sale at Tillitis shop.
- This makes it possible to interface the SPI flash onboard TKey.
- To include the SPI master in the build, use `make application_fpga.bin
  YOSYS_FLAG=-DINCLUDE_SPI_MASTER`.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 15:28:29 +02:00
Joachim Strömbergson
eade3e11c5
Fill RAM with random data using xorwow.
xorwow provides significantly better random data, compared to previously
used function. Making it harder to predict what data RAM is filled with.
It adds a startup time of approx 80 ms, but can be compensated with
optimising other parts of the startup routine.

This changes both firmware and fpga hashes.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 11:15:00 +02:00
Joachim Strömbergson
09df7ae97f
FPGA: Fix linting of tk1 core
Add simultion models of udi_rom and sb_rbga_drv
      to lint-top target.

      Add ignore statements in tb_sb_rgba_drv to silence
      Verilator on parameters and signals not used in
      the sim model.

      Use RGBLEDEN in simulation model

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-10 14:22:59 +02:00
Joachim Strömbergson
cadf8e9849
FPGA: Add sim model of udi_rom
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-07 12:06:40 +02:00
Joachim Strömbergson
0454e023cd
Ignore application_fpga_par.json
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-25 11:29:47 +02:00
Joachim Strömbergson
e961f46e79
Update Verilog version to 2005 for linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-24 08:44:08 +02:00
Joachim Strömbergson
f655196af7
Clarify the functional description of the touch_sense core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:03:08 +02:00
dehanj
a5e30f1203
CI: Divide into separate jobs.
- Gives a better overview of CI and the different checks, without going
  into the logs too deeply.
- Cache: use a unique key for each run, and remove 'restore key' since it
  could potentially retrieve the wrong bitstream. The stragegy should be
  to fail if a cache is not present, not fetch a bitstream from a
  different build.
2024-04-19 12:16:41 +02:00
dehanj
d7b8bb26a9
CI: move check-hash to separate job.
- This makes it easier to see if CI fails on hashes (which might be
  expected during development) or something else.
2024-04-17 12:10:28 +02:00
Michael Cardell Widerkrantz
3cf218469c
hw/tool: UDI/UDS storage
Describe how the UDI and UDS are actually stored in the FPGA, how they
are accessed, and how they are initialled by the patch_uds_udi.py
script.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-04-03 11:27:00 +02:00
dehanj
1c90b1aa3d
Add release notes for TK1-24.03
Clarifying earlier release notes.
2024-03-26 13:34:54 +01:00
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py
Also adding a more detailed explaination of what the script intends to
do
2024-03-26 13:07:11 +01:00
Michael Cardell Widerkrantz
88c6036215
Add mitigations to threat model
Describe under each release what kind of threat mitigations we have
added.
2024-03-25 17:27:00 +01:00
dehanj
0e166e4159
Build tp1 firmware in CI 2024-03-22 11:43:39 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
d10c4972d7
Use tkey-builder:4 2024-03-22 10:54:33 +01:00
Michael Cardell Widerkrantz
da40edfc51
tkey-builder: Include clang-tidy & splint
To be able to run statical analysis on source, include clang-tidy and
splint (see make check) in tkey-builder.
2024-03-21 15:03:08 +01:00
Michael Cardell Widerkrantz
48324fe5b3
tp1 fw: Update pico-sdk to 1.5.1 2024-03-21 14:17:01 +01:00