Commit Graph

380 Commits

Author SHA1 Message Date
Joachim Strömbergson
00599549e3
FPGA: Add system reset API
Add API address to trigger system reset.
      When written to will send system_reset signal
      to the reset generator, which then perform a complete
      reset cycle of the FPGA system.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-08-20 13:25:22 +02:00
Joachim Strömbergson
b5ba21148d
FPGA: Cleanup tk1 spi testbench
- Remove DUT variables from state display that was removed as part of
  performance fix
- Corrected some incorrect display statements for expected unique ID and
  byte counters

Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:39:31 +02:00
Joachim Strömbergson
4003d6a1c0
FPGA: Improve SPI testing
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:38:24 +02:00
Joachim Strömbergson
3d8491af71
FPGA: Move sample point to not miss MISO lsb
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-11 09:37:46 +02:00
Joachim Strömbergson
53c5e70795
FPGA: Update names for RAM randomization API
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-10 13:45:26 +02:00
Joachim Strömbergson
816718307f
fpga: Fix nits in constant value specification
Remove the preceeding zero in the constant expression
      that cause the simulator to warn about incorrect
      bit size.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-07-09 10:51:10 +02:00
Michael Cardell Widerkrantz
f1534e5dad
doc: Update and expand firmware README
- Remove all text about other software than firmware.
- Remove the Reset section.
- Include a diagram and detailed explanation about the state machine
  in close vicinity.
- Describe the test firmware.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-07-01 17:09:22 +02:00
Michael Cardell Widerkrantz
cc16c8481c
doc: Move software.md to fw/README 2024-06-27 22:22:14 +02:00
dehanj
354aecbed6
USB: move firmware for usb-to-serial MCU (CH552)
Change links to the new ch552_fw directory.
2024-06-25 15:47:22 +02:00
Joachim Strömbergson
c271b48a53
FPGA: Remove redundant clock cycle counter
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:24 +02:00
Joachim Strömbergson
ec77b15eb8
FPGA: Increase SPI speed
- Change SPI clock from 16 CPU cyles/flank to one cycle/flank
- Remove separate flank length wait states in the FSM

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 15:48:07 +02:00
Joachim Strömbergson
8ce07683f8
FPGA: SPI-master improvements
- Changed FSM states to localparams
- Added localparam for SPI clock divisor
- Added internal signal for divisor reached
- Improved comments to clarify code
- Fixed some minor textual nits

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-19 11:51:44 +02:00
dehanj
120956b835
CI: Enable linting in CI again. See #182. 2024-06-17 15:37:13 +02:00
Joachim Strömbergson
d502b59062
FPGA: Ignore combinational loops that we want
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
49e81be1e1
FPGA: Ignore lint warnings in cell library
For Verilator >5.019 `-Wno-GENUNNAMED` needs to be added to LINT_FLAGS
to silence warnings from the cell library.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
bb4469ffda
FPGA: Ignore warnings about blocking assignment in clocked processes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
5d0358dd2f
FPGA: Add labels for generate statements
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:37:13 +02:00
Joachim Strömbergson
6d9fc7db11
FPGA: Add core local Makefile for linting the PicoRV32
- Add more flags to catch the issues seen when linting the FPGA.
- Store issues in separate file for viewing. Remove with make clean.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-17 15:27:47 +02:00
dehanj
b4c525695a
Remove redundant RAM address and data scrambling
The RAM address and data scrambling API was called twice, once before filling
RAM with random values, and once after. Since moving to a significantly
better PRNG (xorwow) this is now deemed unnecessary. See issue #225.

This changes both FPGA and firmware hashes.
2024-06-13 12:54:47 +02:00
Joachim Strömbergson
92712a11bf
fw: zeroise FW-RAM instead of RAM
Modify the loop to zeroise the FW-RAM instead of the
RAM. RAM is filled with random data at the start of main().

Changes firmware and bitstream digests.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-12 18:11:10 +02:00
Joachim Strömbergson
f61d254fda
Adding testbench and simulation targets for the SPI master. 2024-06-11 15:28:29 +02:00
Joachim Strömbergson
3bc2453287
A construction of a minimal SPI master.
- NOTE: This is an optional feature, not built by default. Not included
  in the tk1 for sale at Tillitis shop.
- This makes it possible to interface the SPI flash onboard TKey.
- To include the SPI master in the build, use `make application_fpga.bin
  YOSYS_FLAG=-DINCLUDE_SPI_MASTER`.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 15:28:29 +02:00
Joachim Strömbergson
eade3e11c5
Fill RAM with random data using xorwow.
xorwow provides significantly better random data, compared to previously
used function. Making it harder to predict what data RAM is filled with.
It adds a startup time of approx 80 ms, but can be compensated with
optimising other parts of the startup routine.

This changes both firmware and fpga hashes.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-11 11:15:00 +02:00
Joachim Strömbergson
09df7ae97f
FPGA: Fix linting of tk1 core
Add simultion models of udi_rom and sb_rbga_drv
      to lint-top target.

      Add ignore statements in tb_sb_rgba_drv to silence
      Verilator on parameters and signals not used in
      the sim model.

      Use RGBLEDEN in simulation model

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-10 14:22:59 +02:00
Joachim Strömbergson
cadf8e9849
FPGA: Add sim model of udi_rom
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-06-07 12:06:40 +02:00
Joachim Strömbergson
e961f46e79
Update Verilog version to 2005 for linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-24 08:44:08 +02:00
Joachim Strömbergson
f655196af7
Clarify the functional description of the touch_sense core
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-04-22 16:03:08 +02:00
Michael Cardell Widerkrantz
3cf218469c
hw/tool: UDI/UDS storage
Describe how the UDI and UDS are actually stored in the FPGA, how they
are accessed, and how they are initialled by the patch_uds_udi.py
script.

Co-authored-by: Joachim Strömbergson <joachim@assured.se>
2024-04-03 11:27:00 +02:00
dehanj
574e17f26a
Update hash of bitstream and firmware 2024-03-26 13:09:06 +01:00
dehanj
4bd249816a
fw: Remove unused header includes 2024-03-26 13:09:06 +01:00
dehanj
3a6a60ff26
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
2024-03-26 13:09:01 +01:00
dehanj
c85b5311cd
Change filename personalize.py to patch_uds_udi.py
Also adding a more detailed explaination of what the script intends to
do
2024-03-26 13:07:11 +01:00
dehanj
92136983c5
Update hash of bitstream and firmware 2024-03-22 11:25:40 +01:00
Michael Cardell Widerkrantz
09c1f3f549
Silence splint somewhat
The only real changes are some unitialized variables and that we now
make explicit that we don't care about the return value from memset().
2024-03-22 11:03:13 +01:00
Michael Cardell Widerkrantz
b0efcf019e
Include static analysis in CI
- Exclude splint from CI, so we make another target for it "splint",
  which we might include in the "check" target later.

- Move the analysis runs earlier in CI so they, including indentation
  checks, fail first.

- Include printouts of hashen in check-binary-hashes to easier see
  what the digest are if it fails in CI.
2024-03-22 11:03:13 +01:00
dehanj
2ff2e9a91d
fw: remove duplicate defines in tk1_mem.h 2024-03-21 10:28:51 +01:00
Michael Cardell Widerkrantz
661a6458c8
fw: Add missing TK1_MMIO_BASE
TK1_MMIO_BASE and _SIZE needed by at least qemu.
2024-03-21 10:09:38 +01:00
dehanj
57a6ee2a12
Use tkey-builder:3 as default when building 2024-03-20 17:19:59 +01:00
dehanj
8ca4241ade
Disable non-zero exit for verilog linter in CI, see issue 182. 2024-03-20 16:39:53 +01:00
Joachim Strömbergson
de668a0244
Clean up code and silence warnings after linting
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
f364b523cf
Change UDS address to three bits to match input port connection 'addr'
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:53 +01:00
Joachim Strömbergson
bbde62d3f5
Add PINMISSING lint ignore for I1 and I2 SB_LUT4 cells
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:52 +01:00
Joachim Strömbergson
8731908cb1
Support incremental builds for the bitstream.
By patching the UDS and UDI into an already built bitstream, it is now
not necessary to rebuild the entire build flow when changing the UDS
and the UDI. This lowers re-build times significantly.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 16:39:45 +01:00
Joachim Strömbergson
29fd8338a7
Update the bitstream hash
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:56 +01:00
Joachim Strömbergson
8784a24b33
Change cpu_monitor to security_monitor and to also check RAM
Change name of cpu_monitor to security_monitor and increase its
functionality to include RAM access violations. If addresses in RAM
but outside of physical RAM is accessed in any way the
security_monitor traps the CPU in the same way as it already did for
execution violations.
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
3fb6d66cf3
Add set-only register for the force_trap signal to ensure
that the device must be reset to get out of trap. This
change also breaks a critical path.

Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
4c3e210a00
Only set ram_we to cpu_wstrb in RAM_PREFIX
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Joachim Strömbergson
e48c0fc7d9
Implement cs0 and cs1 as logic equations, not muxes
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2024-03-20 14:36:55 +01:00
Michael Cardell Widerkrantz
0590445f3d
Add testbench targets on top-level
The testbenches live in their own Makefiles under
hw/application_fpga/core/*/toolruns (except picorv32). Let's add a
top-level target to build and run them.

In order to run core testbenches, use

  cd hw/application_fpga
  make tb

or if using Podman:

  cd contrib
  make run-tb

to run the same target in a container.
2024-03-20 13:47:12 +01:00
Michael Cardell Widerkrantz
4d4db70590
fw: Change ASLR name in MMIO
Use _RAM_ADDR_RAND instead of _RAM_ASLR since this is not OS-level
ASLR we're talking about. It's address randomization as seen from
outside of the CPU, not from the process running inside it. Ordinary
ASLR is visible from the CPU.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
f40987b138
fw: Change license for use with qemu
This file is also included in at least qemu (GPL-2.0-or-later) besides
tillitis-key1 (GPL-2.0-only) and tkey-libs (GPL-2.0-only) so it's
licensed as GPL v2 or later even if the rest of the project is -only.
2024-03-19 14:36:31 +01:00
Michael Cardell Widerkrantz
c48724e115
fw: Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 14:36:20 +01:00
dehanj
1e34ddcfa6
Update linter to Verilog-2005 2024-03-19 10:45:37 +01:00
Michael Cardell Widerkrantz
746d7f0e0d
Use pedantic warnings
Use pedantic warnings but still allow inline assembly, so turn off
language-extension-token warnings.
2024-03-19 09:25:37 +01:00
Michael Cardell Widerkrantz
e085d0ebd0
Add void to function signatures meant to be used without args 2024-03-19 08:41:39 +01:00
Michael Cardell Widerkrantz
046343e525
Change memory constants to defines
Instead of putting  memory constant into an enum we use defines.

Use the direct memory address instead of ORing constants together to
compute the address.

An enum in ISO C is a signed int. Some of are memory addresses are to
large to fit in a signed int. This is not a problem since we're not
using ISO C (-std=gnu99) but it doesn't look very nice if you turn on
pedantic warnings. Also, if someone would use another compiler which
at least supports the inline assembly we use, but possible not other
GNU extensions, things would probably break.
2024-03-19 08:40:04 +01:00
Michael Cardell Widerkrantz
e2bd38c540
fw: Remove unusued forever_redflash()
Since we now use assert() and feed the CPU an unimplemented
instruction we have no need for this.
2024-03-18 16:19:59 +01:00
dehanj
9d36acde08
FW: Force the CPU to hang on errors 2024-03-14 15:48:10 +01:00
dehanj
d83f235fd3
Add injection molded plastic case 2023-12-11 13:48:39 +01:00
dehanj
7019cd9048
remove whitespaces and tabs 2023-12-07 17:16:31 +01:00
dehanj
2014923966
Isolate ringbuffer index, copy inbound usb data to new buffer 2023-12-07 17:15:24 +01:00
dehanj
6d5da25321
Translate + clean up 2023-11-07 10:59:21 +01:00
dehanj
f83abed4e4
Add gpio for debug purpose 2023-11-06 12:19:00 +01:00
dehanj
a453aae031
New plastic clip and update BOM for TP1 2023-09-01 13:41:05 +02:00
Daniel Lublin
7cd085a17e
Avoid confusing errors by checking for programmer and stick first
Signed-off-by: Daniel Lublin <daniel@lublin.se>
2023-08-30 11:37:03 +02:00
blaufish
426b56ebf5
Verilog 2001 rule; use wires for assignments, not registers. (#139) 2023-08-16 10:44:18 +02:00
blaufish
cced6aec31
Explicity make uart_core.rx_data a wire (#140) 2023-08-16 10:43:04 +02:00
Joachim Strömbergson
022bf0bbf9
Change name of pin constraint file to match tk1 pcb
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
17ddb1f84a
Minor fix of ackronyms in the README
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
3e75818879
Fix spelling of toolruns dir
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:29 +02:00
Joachim Strömbergson
5e34802d1c
Update readme with info on API, status, usage and performance
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
361381210e
Add an initial testcase. Hard to simulate entropy
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a76fc19c65
Add Makefile, testbench and support module needed to build som target
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
a517552c85
Update README with info about the core functions
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
bc7dfea9c4
Add test9: EXE monitor control and detection
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
4644c79cbd
Adding test 8: GPIO test
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:28 +02:00
Joachim Strömbergson
394e437c91
Add test7: Control of LED RGB outputs.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
480f4e3d45
Add test6: Test that RAM ASLR and SCRAMBLE registers can be set by fw
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
d70937c11b
Improved messaging from the testbench
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
59af60bdd5
Add test4: writing and reading blake2s entry point
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
dc2903a5b4
Update test3 to check that writing to CDI works when in fw mode
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
16a91bfdd5
Adding test 3: Reading out the CDI
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
1f47991ac2
Add test2: Read out UDI
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:27 +02:00
Joachim Strömbergson
6d9890d050
Add test1: Read out name and version
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
49eac9d101
Complete init of DUT and input, output display
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
1909833952
Add header with info and license
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
b1993742bb
Fix testbench buik including DUT instantiation
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
2fb61bba73
Add UDI used during simulation
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
cb2fd573b3
Add dummy LED macro driver module needed for simulation
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
61598f57e5
Add initial version of testbench annd Makfile for building sim target
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:26 +02:00
Joachim Strömbergson
97e3e25d98
Update the UART README with info about the core and its API
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
704d67c8ab
Add Makefile to build sim. Debug sim build
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
819b93deff
Complete testbench and update README with API info
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
bbff7576df
Fix markdown syntax for API listing
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
e6eaad87dc
Update README with info about the timer API
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
4c54b4b60b
Add info about the API in the README
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
18bb9b8599
Making the testbench self checking
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:25 +02:00
Joachim Strömbergson
1d2a71ec0c
Change file extension to markdown
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:24 +02:00
Joachim Strömbergson
1e97e27e66
Updated README, completed testcase and cleaned up the testbench
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:24 +02:00
Joachim Strömbergson
9d188a2f7f
Add more info about how the timer works
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
2023-07-04 09:04:24 +02:00