Updates Readme with:
- Dynamic execution mode control in hardware
- ROM execution
- Syscall API
- Sensitive assets only read-/writable before first switch to app mode
- SPI master only accessible in firmware mode
After the first time system_mode is set to one, the assets will no
longer be read- or writeable, even if system_mode is set to zero at a
later syscall. This is to make sure syscalls does not have the same
privilege as the firmware has at first boot.
We need to monitor when system_mode is set to one, otherwise we might
accedentially lock the assets before actually leaving firmware, for
example if firmware would use a function set in any of the registers
used in system_mode_ctrl.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
This is dynamically set by hw in system_mode_ctrl. ROM will reset to
executable, but will be marked as non-executable as soon as we are no
longer executing in ROM, like system_mode.
ROM will be marked as executable again, if function calls are made to
either `syscall_addr_reg` or `blake2s_addr_reg`. Set reset value of
`blake2s_addr_reg` to an illegal address, halting the CPU if it is
called unset.
The blake2s function is 4-byte aligned, to ensure the cpu_addr is is
aligned with the address in the register.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Raise privilege (go to firmware mode) when a function call occurs
to the function set in syscall_addr_reg. Automatically revoke privilege
when executing above ROM (go to app mode).
Remove the option of writing to system_mode through the API.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Add a register to store an address to a syscall function defined in
firmware. Set the reset value to an illegal address, to make sure a call
to an unset address will halt the CPU.
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
mix of `switch_app_*` and `fw_app_mode`.
The removal is coordinated and approved by YosysHQ, and are removed
to keep our headers uniform. These files were written on behalf of
Tillitis.
Two typos was corrected as well.
Move the logic implementing the RAM address and data
scrambling, descrambling into the RAM module. This cleans up
the top level, and makes it easier to change the scrambling
without chaning the top. In order to do correct scrambling the
address to the RAM core must be 16 bits, not 15.
Clean up some minor details at the top level, fixing text
aligment and grouping of ports in instances.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
Add API address to trigger system reset.
When written to will send system_reset signal
to the reset generator, which then perform a complete
reset cycle of the FPGA system.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
- Remove DUT variables from state display that was removed as part of
performance fix
- Corrected some incorrect display statements for expected unique ID and
byte counters
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
Update:
- README
- testbench
- Symbolic names and variables in fw
- registers
- port name and wires
- Update fpga and fw digests
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
Remove the preceeding zero in the constant expression
that cause the simulator to warn about incorrect
bit size.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
- Change SPI clock from 16 CPU cyles/flank to one cycle/flank
- Remove separate flank length wait states in the FSM
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
- Changed FSM states to localparams
- Added localparam for SPI clock divisor
- Added internal signal for divisor reached
- Improved comments to clarify code
- Fixed some minor textual nits
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
- Add more flags to catch the issues seen when linting the FPGA.
- Store issues in separate file for viewing. Remove with make clean.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
- NOTE: This is an optional feature, not built by default. Not included
in the tk1 for sale at Tillitis shop.
- This makes it possible to interface the SPI flash onboard TKey.
- To include the SPI master in the build, use `make application_fpga.bin
YOSYS_FLAG=-DINCLUDE_SPI_MASTER`.
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
Add simultion models of udi_rom and sb_rbga_drv
to lint-top target.
Add ignore statements in tb_sb_rgba_drv to silence
Verilator on parameters and signals not used in
the sim model.
Use RGBLEDEN in simulation model
Signed-off-by: Joachim Strömbergson <joachim@assured.se>
