Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Poc: persistant storage #298

Draft
wants to merge 27 commits into
base: main
Choose a base branch
from
Draft

Poc: persistant storage #298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
18ebdae
Remove types.h in favor of standard libs such as stdint, stddef
dehanj Sep 12, 2024
c00d531
fw: Create compute_app_digest() function
dehanj Sep 4, 2024
a873e7c
Import spi.[ch] and flash.[ch]
dehanj Aug 30, 2024
a0ce957
WIP partition table
dehanj Aug 30, 2024
d859ca0
WIP preload_app
dehanj Sep 3, 2024
9a1c963
WIP auth app
dehanj Sep 3, 2024
7f7820b
Add fw state and fw cmd to trigger a start of a preloaded app
dehanj Sep 3, 2024
ece53e0
temp commit: Expose write functions to make development easier
dehanj Sep 4, 2024
5188584
fw: Break out htif functions for qemu to separate files
dehanj Sep 4, 2024
8c0f662
fw: break out trng and xorwow to rng.[ch]
dehanj Sep 4, 2024
5da60cb
Include authentication of preloaded app
dehanj Sep 9, 2024
c4d738a
fw: use bool as return type for memeq
dehanj Sep 18, 2024
9259624
fw: remove address-of operator (&) where it is not needed
dehanj Sep 12, 2024
2541790
WIP management app
dehanj Sep 12, 2024
496c5fb
preload_app: only allow mgmt app to store or delete
dehanj Sep 18, 2024
150cf29
WIP app storage calls
dehanj Sep 12, 2024
d22d9b8
Wip syscall function.
dehanj Sep 17, 2024
c300718
Temporarily override the blake2s trampoline
dehanj Sep 17, 2024
e046b7a
Implement preload_store
dehanj Sep 19, 2024
9fabff9
Increase ROM to 8K
dehanj Sep 19, 2024
6ac8745
Optimize SPI functions, lowering ROM usage by 70 bytes.
dehanj Sep 30, 2024
290f826
storage: add erase command
dehanj Sep 30, 2024
027978f
fw: switch to FW RAM when executing a syscall.
dehanj Oct 4, 2024
e21961c
fw: simplify switch to FW_RAM
dehanj Oct 16, 2024
a57178f
fw: add workaround so objdump can disassemble compressed rv32
dehanj Oct 16, 2024
a65eddb
temp: add define to toggle the use of fw RAM
dehanj Nov 11, 2024
8c073c3
fw: adapt fw syscall to hw syscall implementation
dehanj Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 42 additions & 8 deletions hw/application_fpga/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ TARGET_FREQ ?= 21

# Size in 32-bit words, must be divisible by 256 (pairs of EBRs, because 16
# bits wide; an EBR is 128 32-bits words)
BRAM_FW_SIZE ?= 1536
BRAM_FW_SIZE ?= 2048

PIN_FILE ?= application_fpga_tk1.pcf

Expand All @@ -47,7 +47,7 @@ CFLAGS = \
-mabi=ilp32 \
-static \
-std=gnu99 \
-O2 \
-Os \
-ffast-math \
-fno-common \
-fno-builtin-printf \
Expand Down Expand Up @@ -106,11 +106,21 @@ PICORV32_SRCS = \

FIRMWARE_DEPS = \
$(P)/fw/tk1_mem.h \
$(P)/fw/tk1/types.h \
$(P)/fw/tk1/lib.h \
$(P)/fw/tk1/proto.h \
$(P)/fw/tk1/assert.h \
$(P)/fw/tk1/led.h
$(P)/fw/tk1/led.h \
$(P)/fw/tk1/blake2s/blake2s.h \
$(P)/fw/tk1/spi.h \
$(P)/fw/tk1/flash.h \
$(P)/fw/tk1/partition_table.h \
$(P)/fw/tk1/preload_app.h \
$(P)/fw/tk1/auth_app.h \
$(P)/fw/tk1/htif.h \
$(P)/fw/tk1/rng.h \
$(P)/fw/tk1/mgmt_app.h \
$(P)/fw/tk1/storage.h \
$(P)/fw/tk1/syscall.h

FIRMWARE_OBJS = \
$(P)/fw/tk1/main.o \
Expand All @@ -119,15 +129,35 @@ FIRMWARE_OBJS = \
$(P)/fw/tk1/lib.o \
$(P)/fw/tk1/assert.o \
$(P)/fw/tk1/led.o \
$(P)/fw/tk1/blake2s/blake2s.o
$(P)/fw/tk1/blake2s/blake2s.o \
$(P)/fw/tk1/spi.o \
$(P)/fw/tk1/flash.o \
$(P)/fw/tk1/partition_table.o \
$(P)/fw/tk1/preload_app.o \
$(P)/fw/tk1/auth_app.o \
$(P)/fw/tk1/htif.o \
$(P)/fw/tk1/rng.o \
$(P)/fw/tk1/mgmt_app.o \
$(P)/fw/tk1/storage.o \
$(P)/fw/tk1/syscall.o

FIRMWARE_SOURCES = \
$(P)/fw/tk1/main.c \
$(P)/fw/tk1/proto.c \
$(P)/fw/tk1/lib.c \
$(P)/fw/tk1/assert.c \
$(P)/fw/tk1/led.c \
$(P)/fw/tk1/blake2s/blake2s.c
$(P)/fw/tk1/blake2s/blake2s.c \
$(P)/fw/tk1/spi.c \
$(P)/fw/tk1/flash.c \
$(P)/fw/tk1/partition_table.c \
$(P)/fw/tk1/preload_app.c \
$(P)/fw/tk1/auth_app.c \
$(P)/fw/tk1/htif.c \
$(P)/fw/tk1/rng.c \
$(P)/fw/tk1/mgmt_app.c \
$(P)/fw/tk1/storage.c \
$(P)/fw/tk1/syscall.c

TESTFW_OBJS = \
$(P)/fw/testfw/main.o \
Expand Down Expand Up @@ -168,7 +198,11 @@ secret:
# Firmware generation.
# Included in the bitstream.
#-------------------------------------------------------------------
LDFLAGS = -T $(P)/fw/tk1/firmware.lds
# -Wl,-mllvm,-mattr=+c,-mllvm,-mattr=+zmmul added as a workaround to be able to
# disassemble compressed RV32 instructions
LDFLAGS = \
-T $(P)/fw/tk1/firmware.lds \
-Wl,-mllvm,-mattr=+c,-mllvm,-mattr=+zmmul

$(FIRMWARE_OBJS): $(FIRMWARE_DEPS)
$(TESTFW_OBJS): $(FIRMWARE_DEPS)
Expand Down Expand Up @@ -332,7 +366,7 @@ tb:
# Synthesis. Place & Route. Bitstream generation.
#-------------------------------------------------------------------

YOSYS_FLAG ?=
YOSYS_FLAG ?=-DINCLUDE_SPI_MASTER

synth.json: $(FPGA_SRC) $(VERILOG_SRCS) $(PICORV32_SRCS) bram_fw.hex \
$(P)/data/uds.hex $(P)/data/udi.hex
Expand Down
4 changes: 3 additions & 1 deletion hw/application_fpga/fw/testfw/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@
#include "../tk1/blake2s/blake2s.h"
#include "../tk1/lib.h"
#include "../tk1/proto.h"
#include "../tk1/types.h"
#include "../tk1_mem.h"

#include <stddef.h>
#include <stdint.h>

// clang-format off
volatile uint32_t *tk1name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
volatile uint32_t *tk1name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/fw/tk1/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Uses ../.clang-format
FMTFILES=main.c lib.h lib.c proto.h proto.c types.h assert.c assert.h led.c led.h
FMTFILES=main.c lib.h lib.c proto.h proto.c assert.c assert.h led.c led.h
.PHONY: fmt
fmt:
clang-format --dry-run --ferror-limit=0 $(FMTFILES)
Expand Down
1 change: 1 addition & 0 deletions hw/application_fpga/fw/tk1/assert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

#include "assert.h"
#include "htif.h"
#include "lib.h"

void assert_fail(const char *assertion, const char *file, unsigned int line,
Expand Down
68 changes: 68 additions & 0 deletions hw/application_fpga/fw/tk1/auth_app.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
// Copyright (C) 2024 - Tillitis AB
// SPDX-License-Identifier: GPL-2.0-only

#include "auth_app.h"
#include "../tk1_mem.h"
#include "blake2s/blake2s.h"
#include "lib.h"
#include "partition_table.h"
#include "rng.h"

#include <stdbool.h>
#include <stdint.h>

static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;

/* Calculates the authentication digest based on a supplied nonce and the CDI.
* Requires that the CDI is already calculated and stored */
static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
{
/* TODO: Check so the CDI is non-zero? */

blake2s_ctx ctx = {0};

// Generate a 16 byte authentication digest
blake2s_init(&ctx, 16, NULL, 0);
blake2s_update(&ctx, (const void *)cdi, 32);
blake2s_update(&ctx, nonce, 16);
blake2s_final(&ctx, auth_digest);
}

/* Generates a 16 byte nonce */
static void generate_nonce(uint32_t *nonce)
{

for (uint8_t i = 0; i < 4; i++) {
nonce[i] = rng_get_word();
}
return;
}
/* Returns the authentication digest and random nonce. Requires that the CDI is
* already calculated and stored */
void auth_app_create(auth_metadata_t *auth_table)
{
uint8_t nonce[16];
uint8_t auth_digest[16];

generate_nonce((uint32_t *)nonce);

calculate_auth_digest(nonce, auth_digest);

memcpy_s(auth_table->authentication_digest, 16, auth_digest, 16);
memcpy_s(auth_table->nonce, 16, nonce, 16);

return;
}

bool auth_app_authenticate(auth_metadata_t *auth_table)
{
uint8_t auth_digest[16];

calculate_auth_digest(auth_table->nonce, auth_digest);

if (memeq(auth_digest, auth_table->authentication_digest, 16)) {
return true;
}

return false;
}
14 changes: 14 additions & 0 deletions hw/application_fpga/fw/tk1/auth_app.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Copyright (C) 2024 - Tillitis AB
// SPDX-License-Identifier: GPL-2.0-only

#ifndef AUTH_APP_H
#define AUTH_APP_H

#include "partition_table.h"

#include <stdbool.h>

void auth_app_create(auth_metadata_t *auth_table);
bool auth_app_authenticate(auth_metadata_t *auth_table);

#endif
4 changes: 3 additions & 1 deletion hw/application_fpga/fw/tk1/blake2s/blake2s.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@
// A simple blake2s Reference Implementation.
//======================================================================

#include "../types.h"
#include "../lib.h"
#include "blake2s.h"

#include <stdint.h>
#include <stddef.h>

// Dummy printf() for verbose mode
static void printf(const char *format, ...)
{
Expand Down
3 changes: 2 additions & 1 deletion hw/application_fpga/fw/tk1/blake2s/blake2s.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
#ifndef BLAKE2S_H
#define BLAKE2S_H

#include "../types.h"
#include <stdint.h>
#include <stddef.h>

// state context
typedef struct {
Expand Down
Loading