Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harmonize the naming of Firmware/App mode. #285

Merged
merged 1 commit into from
Nov 12, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Harmonize the naming of firmware and app mode.
- The API changes name from `_SWITCH_APP` to `_SYSTEM_MODE_CTRL`.
- The registers and wires changes name to `system_mode_*`, instead of a
  mix of `switch_app_*` and `fw_app_mode`.
jthornblad authored and dehanj committed Nov 12, 2024
commit aea2e319eba0f51356715f72c8678db98e001475
90 changes: 45 additions & 45 deletions doc/system_description/system_description.md
Original file line number Diff line number Diff line change
@@ -227,51 +227,51 @@ Assigned core prefixes:
*Nota bene*: MMIO accesses should be 32 bit wide, e.g use `lw` and
`sw`. Exceptions are `UDS`, `FW_RAM` and `QEMU_DEBUG`.

| *name* | *fw* | *app* | *size* | *type* | *content* | *description* |
|-------------------|-------|-----------|--------|----------|-----------|-------------------------------------------------------------------------|
| `TRNG_STATUS` | r | r | | | | TRNG_STATUS_READY_BIT is 1 when an entropy word is available. |
| `TRNG_ENTROPY` | r | r | 4B | u32 | | Entropy word. Reading a word will clear status. |
| `TIMER_CTRL` | r/w | r/w | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 0, setting |
| | | | | | | TIMER_CTRL_START_BIT here starts the timer. |
| | | | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 1, setting |
| | | | | | | TIMER_CTRL_STOP_BIT here stops the timer. |
| `TIMER_STATUS` | r | r | | | | TIMER_STATUS_RUNNING_BIT is 1 when the timer is running. |
| `TIMER_PRESCALER` | r/w | r/w | 4B | | | Prescaler init value. Write blocked when running. |
| `TIMER_TIMER` | r/w | r/w | 4B | | | Timer init or current value while running. Write blocked when running. |
| `UDS_FIRST` | r[^3] | invisible | 4B | u8[32] | | First word of Unique Device Secret key. Note: Read once per power up. |
| `UDS_LAST` | | invisible | | | | The last word of the UDS. Note: Read once per power up. |
| `UART_BITRATE` | r/w | | | | | TBD |
| `UART_DATABITS` | r/w | | | | | TBD |
| `UART_STOPBITS` | r/w | | | | | TBD |
| `UART_RX_STATUS` | r | r | 1B | u8 | | Non-zero when there is data to read |
| `UART_RX_DATA` | r | r | 1B | u8 | | Data to read. Only LSB contains data |
| `UART_RX_BYTES` | r | r | 4B | u32 | | Number of bytes received from the host and not yet read by SW, FW. |
| `UART_TX_STATUS` | r | r | 1B | u8 | | Non-zero when it's OK to write data to send. |
| `UART_TX_DATA` | w | w | 1B | u8 | | Data to send. Only LSB contains data |
| `TOUCH_STATUS` | r/w | r/w | | | | TOUCH_STATUS_EVENT_BIT is 1 when touched. After detecting a touch |
| | | | | | | event (reading a 1), write anything here to acknowledge it. |
| `FW_RAM` | r/w | invisible | 2 kiB | u8[2048] | | Firmware-only RAM. |
| `UDI` | r | invisible | 8B | u64 | | Unique Device ID (UDI). |
| `QEMU_DEBUG` | w | w | | u8 | | Debug console (only in QEMU) |
| `NAME0` | r | r | 4B | char[4] | "tk1 " | ID of core/stick |
| `NAME1` | r | r | 4B | char[4] | "mkdf" | ID of core/stick |
| `VERSION` | r | r | 4B | u32 | 1 | Current version. |
| `SWITCH_APP` | r/w | r | 1B | u8 | | Write anything here to trigger the switch to application mode. Reading |
| | | | | | | returns 0 if device is in firmware mode, 0xffffffff if in app mode. |
| `LED` | r/w | r/w | 1B | u8 | | Control of the color LEDs in RBG LED on the board. |
| | | | | | | Bit 0 is Blue, bit 1 is Green, and bit 2 is Red LED. |
| `GPIO` | r/w | r/w | 1B | u8 | | Bits 0 and 1 contain the input level of GPIO 1 and 2. |
| | | | | u8 | | Bits 3 and 4 store the output level of GPIO 3 and 4. |
| `APP_ADDR` | r/w | r | 4B | u32 | | Firmware stores app load address here, so app can read its own location |
| `APP_SIZE` | r/w | r | 4B | u32 | | Firmware stores app app size here, so app can read its own size |
| `BLAKE2S` | r/w | r | 4B | u32 | | Function pointer to a BLAKE2S function in the firmware |
| `CDI_FIRST` | r/w | r | 32B | u8[32] | | Compound Device Identifier (CDI). UDS+measurement... |
| `CDI_LAST` | | r | | | | Last word of CDI |
| `RAM_ASLR` | w | invisible | 4B | u32 | | Address Space Randomization seed value for the RAM |
| `RAM_SCRAMBLE` | w | invisible | 4B | u32 | | Data scrambling seed value for the RAM |
| `CPU_MON_CTRL` | w | w | 4B | u32 | | Bit 0 enables CPU execution monitor. Can't be unset. Lock adresses |
| `CPU_MON_FIRST` | w | w | 4B | u32 | | First address of the area monitored for execution attempts |
| `CPU_MON_LAST` | w | w | 4B | u32 | | Last address of the area monitored for execution attempts |
| *name* | *fw* | *app* | *size* | *type* | *content* | *description* |
|--------------------|-------|-----------|--------|----------|-----------|-------------------------------------------------------------------------|
| `TRNG_STATUS` | r | r | | | | TRNG_STATUS_READY_BIT is 1 when an entropy word is available. |
| `TRNG_ENTROPY` | r | r | 4B | u32 | | Entropy word. Reading a word will clear status. |
| `TIMER_CTRL` | r/w | r/w | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 0, setting |
| | | | | | | TIMER_CTRL_START_BIT here starts the timer. |
| | | | | | | If TIMER_STATUS_RUNNING_BIT in TIMER_STATUS is 1, setting |
| | | | | | | TIMER_CTRL_STOP_BIT here stops the timer. |
| `TIMER_STATUS` | r | r | | | | TIMER_STATUS_RUNNING_BIT is 1 when the timer is running. |
| `TIMER_PRESCALER` | r/w | r/w | 4B | | | Prescaler init value. Write blocked when running. |
| `TIMER_TIMER` | r/w | r/w | 4B | | | Timer init or current value while running. Write blocked when running. |
| `UDS_FIRST` | r[^3] | invisible | 4B | u8[32] | | First word of Unique Device Secret key. Note: Read once per power up. |
| `UDS_LAST` | | invisible | | | | The last word of the UDS. Note: Read once per power up. |
| `UART_BITRATE` | r/w | | | | | TBD |
| `UART_DATABITS` | r/w | | | | | TBD |
| `UART_STOPBITS` | r/w | | | | | TBD |
| `UART_RX_STATUS` | r | r | 1B | u8 | | Non-zero when there is data to read |
| `UART_RX_DATA` | r | r | 1B | u8 | | Data to read. Only LSB contains data |
| `UART_RX_BYTES` | r | r | 4B | u32 | | Number of bytes received from the host and not yet read by SW, FW. |
| `UART_TX_STATUS` | r | r | 1B | u8 | | Non-zero when it's OK to write data to send. |
| `UART_TX_DATA` | w | w | 1B | u8 | | Data to send. Only LSB contains data |
| `TOUCH_STATUS` | r/w | r/w | | | | TOUCH_STATUS_EVENT_BIT is 1 when touched. After detecting a touch |
| | | | | | | event (reading a 1), write anything here to acknowledge it. |
| `FW_RAM` | r/w | invisible | 2 kiB | u8[2048] | | Firmware-only RAM. |
| `UDI` | r | invisible | 8B | u64 | | Unique Device ID (UDI). |
| `QEMU_DEBUG` | w | w | | u8 | | Debug console (only in QEMU) |
| `NAME0` | r | r | 4B | char[4] | "tk1 " | ID of core/stick |
| `NAME1` | r | r | 4B | char[4] | "mkdf" | ID of core/stick |
| `VERSION` | r | r | 4B | u32 | 1 | Current version. |
| `SYSTEM_MODE_CTRL` | r/w | r | 1B | u8 | | Write anything here to trigger the switch to application mode. Reading |
| | | | | | | returns 0 if device is in firmware mode, 0xffffffff if in app mode. |
| `LED` | r/w | r/w | 1B | u8 | | Control of the color LEDs in RBG LED on the board. |
| | | | | | | Bit 0 is Blue, bit 1 is Green, and bit 2 is Red LED. |
| `GPIO` | r/w | r/w | 1B | u8 | | Bits 0 and 1 contain the input level of GPIO 1 and 2. |
| | | | | u8 | | Bits 3 and 4 store the output level of GPIO 3 and 4. |
| `APP_ADDR` | r/w | r | 4B | u32 | | Firmware stores app load address here, so app can read its own location |
| `APP_SIZE` | r/w | r | 4B | u32 | | Firmware stores app app size here, so app can read its own size |
| `BLAKE2S` | r/w | r | 4B | u32 | | Function pointer to a BLAKE2S function in the firmware |
| `CDI_FIRST` | r/w | r | 32B | u8[32] | | Compound Device Identifier (CDI). UDS+measurement... |
| `CDI_LAST` | | r | | | | Last word of CDI |
| `RAM_ASLR` | w | invisible | 4B | u32 | | Address Space Randomization seed value for the RAM |
| `RAM_SCRAMBLE` | w | invisible | 4B | u32 | | Data scrambling seed value for the RAM |
| `CPU_MON_CTRL` | w | w | 4B | u32 | | Bit 0 enables CPU execution monitor. Can't be unset. Lock adresses |
| `CPU_MON_FIRST` | w | w | 4B | u32 | | First address of the area monitored for execution attempts |
| `CPU_MON_LAST` | w | w | 4B | u32 | | Last address of the area monitored for execution attempts |

[^3]: The UDS can only be read *once* per power-cycle.

2 changes: 1 addition & 1 deletion hw/application_fpga/application_fpga.bin.sha256
Original file line number Diff line number Diff line change
@@ -1 +1 @@
6585aafa13727dc5bf560f34c457048ca3d13ee6ab502c2afc737b1e70fa5a00 application_fpga.bin
f28a9b5585b34f050f959159efd926164357bc6a2e9479531e9b87e6222671e2 application_fpga.bin
5 changes: 3 additions & 2 deletions hw/application_fpga/core/fw_ram/README.md
Original file line number Diff line number Diff line change
@@ -21,5 +21,6 @@ The contents of the fw_ram is cleared when the FPGA is powered up and
configured by the bitstream. The contents is not cleared by a system
reset.

If the fw_app_mode input is set, no memory accesses are allowed. Any
reads when the fw_app_mode is set will retun an all zero word.
If the system_mode input is set, i.e. in firmware mode, no memory
accesses are allowed. Any reads when the system_mode is set will
return an all zero word.
28 changes: 14 additions & 14 deletions hw/application_fpga/core/fw_ram/rtl/fw_ram.v
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ module fw_ram (
input wire clk,
input wire reset_n,

input wire fw_app_mode,
input wire system_mode,

input wire cs,
input wire [ 3 : 0] we,
@@ -35,17 +35,17 @@ module fw_ram (
reg [31 : 0] mem_read_data0;
reg [31 : 0] mem_read_data1;
reg ready_reg;
wire fw_app_cs;
wire system_mode_cs;
reg bank0;
reg bank1;


//----------------------------------------------------------------
// Concurrent assignment of ports.
//----------------------------------------------------------------
assign read_data = tmp_read_data;
assign ready = ready_reg;
assign fw_app_cs = cs && ~fw_app_mode;
assign read_data = tmp_read_data;
assign ready = ready_reg;
assign system_mode_cs = cs && ~system_mode;


//----------------------------------------------------------------
@@ -56,12 +56,12 @@ module fw_ram (
.RADDR({3'h0, address[7 : 0]}),
.RCLK(clk),
.RCLKE(1'h1),
.RE(fw_app_cs & bank0),
.RE(system_mode_cs & bank0),
.WADDR({3'h0, address[7 : 0]}),
.WCLK(clk),
.WCLKE(1'h1),
.WDATA(write_data[15 : 0]),
.WE((|we & fw_app_cs & bank0)),
.WE((|we & system_mode_cs & bank0)),
.MASK({{8{~we[1]}}, {8{~we[0]}}})
);

@@ -70,12 +70,12 @@ module fw_ram (
.RADDR({3'h0, address[7 : 0]}),
.RCLK(clk),
.RCLKE(1'h1),
.RE(fw_app_cs & bank0),
.RE(system_mode_cs & bank0),
.WADDR({3'h0, address[7 : 0]}),
.WCLK(clk),
.WCLKE(1'h1),
.WDATA(write_data[31 : 16]),
.WE((|we & fw_app_cs & bank0)),
.WE((|we & system_mode_cs & bank0)),
.MASK({{8{~we[3]}}, {8{~we[2]}}})
);

@@ -85,12 +85,12 @@ module fw_ram (
.RADDR({3'h0, address[7 : 0]}),
.RCLK(clk),
.RCLKE(1'h1),
.RE(fw_app_cs & bank1),
.RE(system_mode_cs & bank1),
.WADDR({3'h0, address[7 : 0]}),
.WCLK(clk),
.WCLKE(1'h1),
.WDATA(write_data[15 : 0]),
.WE((|we & fw_app_cs & bank1)),
.WE((|we & system_mode_cs & bank1)),
.MASK({{8{~we[1]}}, {8{~we[0]}}})
);

@@ -99,12 +99,12 @@ module fw_ram (
.RADDR({3'h0, address[7 : 0]}),
.RCLK(clk),
.RCLKE(1'h1),
.RE(fw_app_cs & bank1),
.RE(system_mode_cs & bank1),
.WADDR({3'h0, address[7 : 0]}),
.WCLK(clk),
.WCLKE(1'h1),
.WDATA(write_data[31 : 16]),
.WE((|we & fw_app_cs & bank1)),
.WE((|we & system_mode_cs & bank1)),
.MASK({{8{~we[3]}}, {8{~we[2]}}})
);

@@ -129,7 +129,7 @@ module fw_ram (
bank1 = 1'h0;
tmp_read_data = 32'h0;

if (fw_app_cs) begin
if (system_mode_cs) begin
if (address[8]) begin
bank1 = 1'h1;
tmp_read_data = mem_read_data1;
8 changes: 4 additions & 4 deletions hw/application_fpga/core/tk1/README.md
Original file line number Diff line number Diff line change
@@ -26,7 +26,7 @@ applications.
### Control of execution mode

```
ADDR_SWITCH_APP: 0x08
ADDR_SYSTEM_MODE_CTRL: 0x08
```

This register controls if the device is executing in FW mode or in App
@@ -75,7 +75,7 @@ corresponding register is one or zero.
These registers provide read only information to the loaded app to
itself - where it was loaded and its size. The values are written by
FW as part of the loading of the app. The registers can't be written
when the ADDR_SWITCH_APP has been set.
when the ADDR_SYSTEM_MODE_CTRL has been set.


### Access to Blake2s
@@ -86,7 +86,7 @@ when the ADDR_SWITCH_APP has been set.

This register provides the 32-bit function pointer address to the
Blake2s hash function in the FW. It is written by FW during boot. The
register can't be written to when the ADDR_SWITCH_APP has been set.
register can't be written to when the ADDR_SYSTEM_MODE_CTRL has been set.


### Access to CDI
@@ -99,7 +99,7 @@ register can't be written to when the ADDR_SWITCH_APP has been set.
These registers provide access to the 256-bit compound device secret
calculated by the FW as part of loading an application. The registers
are written by the FW. The register can't be written to when the
ADDR_SWITCH_APP has been set. Apps can read the CDI and is it as base
ADDR_SYSTEM_MODE_CTRL has been set. Apps can read the CDI and is it as base
secret for any secrets it needs to perform its intended use case.


40 changes: 20 additions & 20 deletions hw/application_fpga/core/tk1/rtl/tk1.v
Original file line number Diff line number Diff line change
@@ -18,7 +18,7 @@ module tk1 (
input wire reset_n,

input wire cpu_trap,
output wire fw_app_mode,
output wire system_mode,

input wire [31 : 0] cpu_addr,
input wire cpu_instr,
@@ -59,7 +59,7 @@ module tk1 (
localparam ADDR_NAME1 = 8'h01;
localparam ADDR_VERSION = 8'h02;

localparam ADDR_SWITCH_APP = 8'h08;
localparam ADDR_SYSTEM_MODE_CTRL = 8'h08;

localparam ADDR_LED = 8'h09;
localparam LED_R_BIT = 2;
@@ -112,8 +112,8 @@ module tk1 (
reg [31 : 0] cdi_mem [0 : 7];
reg cdi_mem_we;

reg switch_app_reg;
reg switch_app_we;
reg system_mode_reg;
reg system_mode_we;

reg [ 2 : 0] led_reg;
reg led_we;
@@ -185,7 +185,7 @@ module tk1 (
assign read_data = tmp_read_data;
assign ready = tmp_ready;

assign fw_app_mode = switch_app_reg;
assign system_mode = system_mode_reg;

assign force_trap = force_trap_reg;

@@ -248,7 +248,7 @@ module tk1 (
//----------------------------------------------------------------
always @(posedge clk) begin : reg_update
if (!reset_n) begin
switch_app_reg <= 1'h0;
system_mode_reg <= 1'h0;
led_reg <= 3'h6;
gpio1_reg <= 2'h0;
gpio2_reg <= 2'h0;
@@ -287,8 +287,8 @@ module tk1 (
gpio2_reg[0] <= gpio2;
gpio2_reg[1] <= gpio2_reg[0];

if (switch_app_we) begin
switch_app_reg <= 1'h1;
if (system_mode_we) begin
system_mode_reg <= 1'h1;
end

if (led_we) begin
@@ -414,7 +414,7 @@ module tk1 (
// api
//----------------------------------------------------------------
always @* begin : api
switch_app_we = 1'h0;
system_mode_we = 1'h0;
led_we = 1'h0;
gpio3_we = 1'h0;
gpio4_we = 1'h0;
@@ -443,8 +443,8 @@ module tk1 (
if (cs) begin
tmp_ready = 1'h1;
if (we) begin
if (address == ADDR_SWITCH_APP) begin
switch_app_we = 1'h1;
if (address == ADDR_SYSTEM_MODE_CTRL) begin
system_mode_we = 1'h1;
end

if (address == ADDR_LED) begin
@@ -457,13 +457,13 @@ module tk1 (
end

if (address == ADDR_APP_START) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
app_start_we = 1'h1;
end
end

if (address == ADDR_APP_SIZE) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
app_size_we = 1'h1;
end
end
@@ -473,25 +473,25 @@ module tk1 (
end

if (address == ADDR_BLAKE2S) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
blake2s_addr_we = 1'h1;
end
end

if ((address >= ADDR_CDI_FIRST) && (address <= ADDR_CDI_LAST)) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
cdi_mem_we = 1'h1;
end
end

if (address == ADDR_RAM_ADDR_RAND) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
ram_addr_rand_we = 1'h1;
end
end

if (address == ADDR_RAM_DATA_RAND) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
ram_data_rand_we = 1'h1;
end
end
@@ -538,8 +538,8 @@ module tk1 (
tmp_read_data = TK1_VERSION;
end

if (address == ADDR_SWITCH_APP) begin
tmp_read_data = {32{switch_app_reg}};
if (address == ADDR_SYSTEM_MODE_CTRL) begin
tmp_read_data = {32{system_mode_reg}};
end

if (address == ADDR_LED) begin
@@ -567,7 +567,7 @@ module tk1 (
end

if ((address >= ADDR_UDI_FIRST) && (address <= ADDR_UDI_LAST)) begin
if (!switch_app_reg) begin
if (!system_mode_reg) begin
tmp_read_data = udi_rdata;
end
end
16 changes: 8 additions & 8 deletions hw/application_fpga/core/tk1/tb/tb_tk1.v
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ module tb_tk1 ();
localparam ADDR_NAME1 = 8'h01;
localparam ADDR_VERSION = 8'h02;

localparam ADDR_SWITCH_APP = 8'h08;
localparam ADDR_SYSTEM_MODE_CTRL = 8'h08;

localparam ADDR_LED = 8'h09;
localparam LED_R_BIT = 2;
@@ -76,7 +76,7 @@ module tb_tk1 ();
reg tb_clk;
reg tb_reset_n;
reg tb_cpu_trap;
wire tb_fw_app_mode;
wire tb_system_mode;

reg [31 : 0] tb_cpu_addr;
reg tb_cpu_instr;
@@ -122,7 +122,7 @@ module tb_tk1 ();
.reset_n(tb_reset_n),

.cpu_trap(tb_cpu_trap),
.fw_app_mode(tb_fw_app_mode),
.system_mode(tb_system_mode),

.cpu_addr (tb_cpu_addr),
.cpu_instr (tb_cpu_instr),
@@ -192,7 +192,7 @@ module tb_tk1 ();
$display("------------");
if (tb_main_monitor) begin
$display("Inputs and outputs:");
$display("tb_cpu_trap: 0x%1x, fw_app_mode: 0x%1x", tb_cpu_trap, tb_fw_app_mode);
$display("tb_cpu_trap: 0x%1x, system_mode: 0x%1x", tb_cpu_trap, tb_system_mode);
$display("cpu_addr: 0x%08x, cpu_instr: 0x%1x, cpu_valid: 0x%1x, force_tap: 0x%1x",
tb_cpu_addr, tb_cpu_instr, tb_cpu_valid, tb_force_trap);
$display("ram_addr_rand: 0x%08x, ram_data_rand: 0x%08x", tb_ram_addr_rand,
@@ -441,7 +441,7 @@ module tb_tk1 ();
read_check_word(ADDR_CDI_LAST + 0, 32'h70717273);

$display("--- test3: Switch to app mode.");
write_word(ADDR_SWITCH_APP, 32'hdeadbeef);
write_word(ADDR_SYSTEM_MODE_CTRL, 32'hdeadbeef);

$display("--- test3: Try to write CDI again.");
write_word(ADDR_CDI_FIRST + 0, 32'hfffefdfc);
@@ -489,7 +489,7 @@ module tb_tk1 ();
read_check_word(ADDR_BLAKE2S, 32'hcafebabe);

$display("--- test4: Switch to app mode.");
write_word(ADDR_SWITCH_APP, 32'hf00ff00f);
write_word(ADDR_SYSTEM_MODE_CTRL, 32'hf00ff00f);

$display("--- test4: Write Blake2s entry point again.");
write_word(ADDR_BLAKE2S, 32'hdeadbeef);
@@ -525,7 +525,7 @@ module tb_tk1 ();
read_check_word(ADDR_APP_SIZE, 32'h47114711);

$display("--- test5: Switch to app mode.");
write_word(ADDR_SWITCH_APP, 32'hf000000);
write_word(ADDR_SYSTEM_MODE_CTRL, 32'hf000000);

$display("--- test5: Write app start address and size again.");
write_word(ADDR_APP_START, 32'hdeadbeef);
@@ -564,7 +564,7 @@ module tb_tk1 ();
dut.ram_addr_rand, dut.ram_data_rand);

$display("--- test6: Switch to app mode.");
write_word(ADDR_SWITCH_APP, 32'hf000000);
write_word(ADDR_SYSTEM_MODE_CTRL, 32'hf000000);

$display("--- test6: Write to ADDR_RAM_ADDR_RAND and ADDR_RAM_DATA_RAND again.");
write_word(ADDR_RAM_ADDR_RAND, 32'hdeadbeef);
2 changes: 1 addition & 1 deletion hw/application_fpga/core/uds/README.md
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ Unique Device Secret core

This core store and protect the Unique Device Secret (UDS) asset. The
UDS can be accessed as eight separate 32-bit words. The words can only
be accessed as long as the fw_app_mode input is low, implying that the
be accessed as long as the system_mode input is low, implying that the
CPU is executing the FW.

The UDS words can be accessed in any order, but a given word can only
4 changes: 2 additions & 2 deletions hw/application_fpga/core/uds/rtl/uds.v
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ module uds (
input wire clk,
input wire reset_n,

input wire fw_app_mode,
input wire system_mode,

input wire cs,
input wire [ 2 : 0] address,
@@ -89,7 +89,7 @@ module uds (
if (cs) begin
tmp_ready = 1'h1;

if (!fw_app_mode) begin
if (!system_mode) begin
if (uds_rd_reg[address[2 : 0]] == 1'h0) begin
uds_rd_we = 1'h1;
end
8 changes: 4 additions & 4 deletions hw/application_fpga/core/uds/tb/tb_uds.v
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@ module tb_uds ();

reg tb_clk;
reg tb_reset_n;
reg tb_fw_app_mode;
reg tb_system_mode;
reg tb_cs;
reg [ 7 : 0] tb_address;
wire [31 : 0] tb_read_data;
@@ -50,7 +50,7 @@ module tb_uds ();
.clk(tb_clk),
.reset_n(tb_reset_n),

.fw_app_mode(tb_fw_app_mode),
.system_mode(tb_system_mode),

.cs(tb_cs),
.address(tb_address),
@@ -95,7 +95,7 @@ module tb_uds ();
$display("State of DUT at cycle: %08d", cycle_ctr);
$display("------------");
$display("Inputs and outputs:");
$display("fw_app_mode: 0x%1x", tb_fw_app_mode);
$display("system_mode: 0x%1x", tb_system_mode);
$display("cs: 0x%1x, address: 0x%02x, read_data: 0x%08x", tb_cs, tb_address, tb_read_data);
$display("");

@@ -160,7 +160,7 @@ module tb_uds ();

tb_clk = 1'h0;
tb_reset_n = 1'h1;
tb_fw_app_mode = 1'h0;
tb_system_mode = 1'h0;
tb_cs = 1'h0;
tb_address = 8'h0;
end
2 changes: 1 addition & 1 deletion hw/application_fpga/fw/README.md
Original file line number Diff line number Diff line change
@@ -188,7 +188,7 @@ Typical expected use scenario:
more automatic variables.

8. Firmware starts the application by first switching to from
firmware mode to application mode by writing to the `SWITCH_APP`
firmware mode to application mode by writing to the `SYSTEM_MODE_CTRL`
register. In this mode the MMIO region is restricted, e.g. some
registers are removed (`UDS`), and some are switched from
read/write to read-only (see [the memory
38 changes: 19 additions & 19 deletions hw/application_fpga/fw/testfw/main.c
Original file line number Diff line number Diff line change
@@ -10,20 +10,20 @@
#include "../tk1_mem.h"

// clang-format off
volatile uint32_t *tk1name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
volatile uint32_t *tk1name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
volatile uint32_t *uds = (volatile uint32_t *)TK1_MMIO_UDS_FIRST;
volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
volatile uint32_t *udi = (volatile uint32_t *)TK1_MMIO_TK1_UDI_FIRST;
volatile uint32_t *switch_app = (volatile uint32_t *)TK1_MMIO_TK1_SWITCH_APP;
volatile uint8_t *fw_ram = (volatile uint8_t *)TK1_MMIO_FW_RAM_BASE;
volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_TIMER;
volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER;
volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS;
volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL;
volatile uint32_t *trng_status = (volatile uint32_t *)TK1_MMIO_TRNG_STATUS;
volatile uint32_t *trng_entropy = (volatile uint32_t *)TK1_MMIO_TRNG_ENTROPY;
volatile uint32_t *fw_blake2s_addr = (volatile uint32_t *)TK1_MMIO_TK1_BLAKE2S;
volatile uint32_t *tk1name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
volatile uint32_t *tk1name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
volatile uint32_t *uds = (volatile uint32_t *)TK1_MMIO_UDS_FIRST;
volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
volatile uint32_t *udi = (volatile uint32_t *)TK1_MMIO_TK1_UDI_FIRST;
volatile uint32_t *system_mode_ctrl = (volatile uint32_t *)TK1_MMIO_TK1_SYSTEM_MODE_CTRL;
volatile uint8_t *fw_ram = (volatile uint8_t *)TK1_MMIO_FW_RAM_BASE;
volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_TIMER;
volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER;
volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS;
volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL;
volatile uint32_t *trng_status = (volatile uint32_t *)TK1_MMIO_TRNG_STATUS;
volatile uint32_t *trng_entropy = (volatile uint32_t *)TK1_MMIO_TRNG_ENTROPY;
volatile uint32_t *fw_blake2s_addr = (volatile uint32_t *)TK1_MMIO_TK1_BLAKE2S;
// clang-format on

#define UDS_WORDS 8
@@ -257,9 +257,9 @@ int main(void)
}
}

uint32_t sw = *switch_app;
uint32_t sw = *system_mode_ctrl;
if (sw != 0) {
failmsg("switch_app is not 0 in fw mode");
failmsg("system_mode_ctrl is not 0 in fw mode");
anyfailed = 1;
}

@@ -269,11 +269,11 @@ int main(void)
// Turn on application mode.
// -------------------------

*switch_app = 1;
*system_mode_ctrl = 1;

sw = *switch_app;
sw = *system_mode_ctrl;
if (sw != 0xffffffff) {
failmsg("switch_app is not 0xffffffff in app mode");
failmsg("system_mode_ctrl is not 0xffffffff in app mode");
anyfailed = 1;
}

38 changes: 19 additions & 19 deletions hw/application_fpga/fw/tk1/main.c
Original file line number Diff line number Diff line change
@@ -12,24 +12,24 @@
#include "types.h"

// clang-format off
static volatile uint32_t *uds = (volatile uint32_t *)TK1_MMIO_UDS_FIRST;
static volatile uint32_t *switch_app = (volatile uint32_t *)TK1_MMIO_TK1_SWITCH_APP;
static volatile uint32_t *name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
static volatile uint32_t *name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
static volatile uint32_t *ver = (volatile uint32_t *)TK1_MMIO_TK1_VERSION;
static volatile uint32_t *udi = (volatile uint32_t *)TK1_MMIO_TK1_UDI_FIRST;
static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
static volatile uint32_t *app_addr = (volatile uint32_t *)TK1_MMIO_TK1_APP_ADDR;
static volatile uint32_t *app_size = (volatile uint32_t *)TK1_MMIO_TK1_APP_SIZE;
static volatile uint32_t *fw_blake2s_addr = (volatile uint32_t *)TK1_MMIO_TK1_BLAKE2S;
static volatile uint32_t *trng_status = (volatile uint32_t *)TK1_MMIO_TRNG_STATUS;
static volatile uint32_t *trng_entropy = (volatile uint32_t *)TK1_MMIO_TRNG_ENTROPY;
static volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_TIMER;
static volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER;
static volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS;
static volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL;
static volatile uint32_t *ram_addr_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND;
static volatile uint32_t *ram_data_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_DATA_RAND;
static volatile uint32_t *uds = (volatile uint32_t *)TK1_MMIO_UDS_FIRST;
static volatile uint32_t *system_mode_ctrl = (volatile uint32_t *)TK1_MMIO_TK1_SYSTEM_MODE_CTRL;
static volatile uint32_t *name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
static volatile uint32_t *name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
static volatile uint32_t *ver = (volatile uint32_t *)TK1_MMIO_TK1_VERSION;
static volatile uint32_t *udi = (volatile uint32_t *)TK1_MMIO_TK1_UDI_FIRST;
static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
static volatile uint32_t *app_addr = (volatile uint32_t *)TK1_MMIO_TK1_APP_ADDR;
static volatile uint32_t *app_size = (volatile uint32_t *)TK1_MMIO_TK1_APP_SIZE;
static volatile uint32_t *fw_blake2s_addr = (volatile uint32_t *)TK1_MMIO_TK1_BLAKE2S;
static volatile uint32_t *trng_status = (volatile uint32_t *)TK1_MMIO_TRNG_STATUS;
static volatile uint32_t *trng_entropy = (volatile uint32_t *)TK1_MMIO_TRNG_ENTROPY;
static volatile uint32_t *timer = (volatile uint32_t *)TK1_MMIO_TIMER_TIMER;
static volatile uint32_t *timer_prescaler = (volatile uint32_t *)TK1_MMIO_TIMER_PRESCALER;
static volatile uint32_t *timer_status = (volatile uint32_t *)TK1_MMIO_TIMER_STATUS;
static volatile uint32_t *timer_ctrl = (volatile uint32_t *)TK1_MMIO_TIMER_CTRL;
static volatile uint32_t *ram_addr_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_ADDR_RAND;
static volatile uint32_t *ram_data_rand = (volatile uint32_t *)TK1_MMIO_TK1_RAM_DATA_RAND;
// clang-format on

// Context for the loading of a TKey program
@@ -343,7 +343,7 @@ static void run(const struct context *ctx)
// clang-format on

// Flip over to application mode
*switch_app = 1;
*system_mode_ctrl = 1;

// XXX Firmware stack now no longer available
// Don't use any function calls!
2 changes: 2 additions & 0 deletions hw/application_fpga/fw/tk1_mem.h
Original file line number Diff line number Diff line change
@@ -109,7 +109,9 @@
#define TK1_MMIO_TK1_NAME1 0xff000004
#define TK1_MMIO_TK1_VERSION 0xff000008

// Deprecated - use _SYSTEM_MODE_CTRL instead
#define TK1_MMIO_TK1_SWITCH_APP 0xff000020
#define TK1_MMIO_TK1_SYSTEM_MODE_CTRL 0xff000020

dehanj marked this conversation as resolved.
Show resolved Hide resolved
#define TK1_MMIO_TK1_LED 0xff000024
#define TK1_MMIO_TK1_LED_R_BIT 2
8 changes: 4 additions & 4 deletions hw/application_fpga/rtl/application_fpga.v
Original file line number Diff line number Diff line change
@@ -142,7 +142,7 @@ module application_fpga (
reg [31 : 0] tk1_write_data;
wire [31 : 0] tk1_read_data;
wire tk1_ready;
wire fw_app_mode;
wire system_mode;
wire force_trap;
wire [14 : 0] ram_addr_rand;
wire [31 : 0] ram_data_rand;
@@ -237,7 +237,7 @@ module application_fpga (
.clk(clk),
.reset_n(reset_n),

.fw_app_mode(fw_app_mode),
.system_mode(system_mode),

.cs(fw_ram_cs),
.we(fw_ram_we),
@@ -277,7 +277,7 @@ module application_fpga (
.clk(clk),
.reset_n(reset_n),

.fw_app_mode(fw_app_mode),
.system_mode(system_mode),

.cs(uds_cs),
.address(uds_address),
@@ -320,7 +320,7 @@ module application_fpga (
.clk(clk),
.reset_n(reset_n),

.fw_app_mode(fw_app_mode),
.system_mode(system_mode),

.cpu_addr (cpu_addr),
.cpu_instr (cpu_instr),
4 changes: 2 additions & 2 deletions hw/application_fpga/tb/application_fpga_vsim.v
Original file line number Diff line number Diff line change
@@ -152,7 +152,7 @@ module application_fpga (
reg [31 : 0] tk1_write_data;
wire [31 : 0] tk1_read_data;
wire tk1_ready;
wire fw_app_mode;
wire system_mode;


//----------------------------------------------------------------
@@ -304,7 +304,7 @@ module application_fpga (
.clk(clk),
.reset_n(reset_n),

.fw_app_mode(fw_app_mode),
.system_mode(system_mode),

.led_r(led_r),
.led_g(led_g),