Make sensitive assets only readable/writeable before system_mode is set

After the first time system_mode is set to one, the assets will no longer be read- or writeable, even if system_mode is set to zero at a later syscall. This is to make sure syscalls does not have the same privilege as the firmware has at first boot. We need to monitor when system_mode is set to one, otherwise we might accedentially lock the assets before actually leaving firmware, for example if firmware would use a function set in any of the registers used in system_mode_ctrl. Co-authored-by: Mikael Ågren <[email protected]>
tillitis · Nov 20, 2024 · 9b29dc1 · 9b29dc1
1 parent 8a43f88
commit 9b29dc1
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/hw/application_fpga/core/tk1/rtl/tk1.v b/hw/application_fpga/core/tk1/rtl/tk1.v
@@ -126,6 +126,8 @@ module tk1 (
   reg           rom_executable_new;
   reg           rom_executable_we;
 
+  reg           rw_locked_reg;
+
   reg  [ 2 : 0] led_reg;
   reg           led_we;
 
@@ -264,6 +266,7 @@ module tk1 (
     if (!reset_n) begin
       system_mode_reg     <= 1'h0;
       rom_executable_reg  <= 1'h1;
+      rw_locked_reg       <= 1'h0;
       led_reg             <= 3'h6;
       gpio1_reg           <= 2'h0;
       gpio2_reg           <= 2'h0;
@@ -305,6 +308,10 @@ module tk1 (
 
       if (system_mode_we) begin
         system_mode_reg <= system_mode_new;
+
+        if(system_mode_new) begin
+          rw_locked_reg <= 1'h1;
+        end
       end
 
       if (rom_executable_we) begin
@@ -531,13 +538,13 @@ module tk1 (
         end
 
         if (address == ADDR_APP_START) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             app_start_we = 1'h1;
           end
         end
 
         if (address == ADDR_APP_SIZE) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             app_size_we = 1'h1;
           end
         end
@@ -547,31 +554,31 @@ module tk1 (
         end
 
         if (address == ADDR_BLAKE2S) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             blake2s_addr_we = 1'h1;
           end
         end
 
         if (address == ADDR_SYSCALL) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             syscall_addr_we = 1'h1;
           end
         end
 
         if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             cdi_mem_we = 1'h1;
           end
         end
 
         if (address == ADDR_RAM_ADDR_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             ram_addr_rand_we = 1'h1;
           end
         end
 
         if (address == ADDR_RAM_DATA_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             ram_data_rand_we = 1'h1;
           end
         end