Make sensitive assets only readable/writeable before first system_mode

change Co-authored-by: Mikael Ågren <[email protected]>
tillitis · Nov 15, 2024 · dd514d9 · dd514d9
1 parent 5c1ce76
commit dd514d9
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/hw/application_fpga/core/tk1/rtl/tk1.v b/hw/application_fpga/core/tk1/rtl/tk1.v
@@ -123,6 +123,8 @@ module tk1 (
   reg           system_mode_new;
   reg           system_mode_we;
 
+  reg           rw_locked_reg;
+
   reg  [ 2 : 0] led_reg;
   reg           led_we;
 
@@ -260,6 +262,7 @@ module tk1 (
   always @(posedge clk) begin : reg_update
     if (!reset_n) begin
       system_mode_reg   <= 1'h0;
+      rw_locked_reg     <= 1'h0;
       led_reg           <= 3'h6;
       gpio1_reg         <= 2'h0;
       gpio2_reg         <= 2'h0;
@@ -301,6 +304,7 @@ module tk1 (
 
       if (system_mode_we) begin
         system_mode_reg <= system_mode_new;
+        rw_locked_reg   <= 1'h1;
       end
 
       if (led_we) begin
@@ -500,13 +504,13 @@ module tk1 (
         end
 
         if (address == ADDR_APP_START) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             app_start_we = 1'h1;
           end
         end
 
         if (address == ADDR_APP_SIZE) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             app_size_we = 1'h1;
           end
         end
@@ -516,31 +520,31 @@ module tk1 (
         end
 
         if (address == ADDR_BLAKE2S) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             blake2s_addr_we = 1'h1;
           end
         end
 
         if (address == ADDR_SYSCALL) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             syscall_addr_we = 1'h1;
           end
         end
 
         if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             cdi_mem_we = 1'h1;
           end
         end
 
         if (address == ADDR_RAM_ADDR_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             ram_addr_rand_we = 1'h1;
           end
         end
 
         if (address == ADDR_RAM_DATA_RAND) begin
-          if (!system_mode_reg) begin
+          if (!rw_locked_reg) begin
             ram_data_rand_we = 1'h1;
           end
         end