PoC: Automatically control system_mode in hardware using a "blessed" address

[dehanj]

Description

This is a proof of concept:

• Syscall API using a C function address to jump to execute a function in ROM
• Changing system_mode between firmware_mode and app_mode depending on location of execution. A call to syscall_addr_reg will switch back to firmware mode.
• SPI Master only accessible from firmware mode
• Restrict ROM from being executable in app_mode, except for the function address in syscall_addr_reg or blak2s_addr_reg.
• ROM is still readable, and I have verified with tkey-verification that it works.
• Making sensitive assets only readable/writable before the first system_mode change
• Readme documentation updated
• Testbench updated

The utilization in the FPGA does increase, but not significantly. We are at around 95-96% with this solution.
Built locally with yosys-45 and nextpnr-0.7.

ICESTORM_LC:  5111/ 5280    96%

In CI (older toolchain):

ICESTORM_LC:  5105/ 5280    96%

Notes:

• Removes the option of writing to the system_mode API, still readable however.
• The hardware construction in this PR can be tested with the firmware in the branch persistant_storage_fw_. Run the hardware and firmware on target using apps with latest commits in tillitis/tkey-testapps:storage.
• qemu is partly updated, and includes the syscall api, but not any of the hardware locks, use branch tillitis/qemu:test-wo-app-mode and apps from tillitis/tkey-testapps:storage latest commit.
• Testfw is not updated, and may not function properly at the moment.

Type of change

• Breaking Change (a change which would cause existing functionality to not work as expected)

Submission checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my changes
• I have tested and verified my changes on target
• My changes are well written and CI is passing
• I have squashed my work to relevant commits and rebased on main for linear history
• I have added a "Co-authored-by: x" if several people contributed, either pair programming or by squashing commits from different authors.
• I have updated the documentation where relevant (readme, dev.tillitis.se etc.)
• QEMU is updated to reflect changes

[dehanj]

We can potentially simplify the check due to unsigned arithmetic

%Warning-UNSIGNED: /__w/tillitis-key1/tillitis-key1/hw/application_fpga/core/tk1/rtl/tk1.v:428:27: Comparison is constant due to unsigned arithmetic
                                                                                                 : ... In instance application_fpga.tk1_inst
  428 |             if ((cpu_addr >= FW_ROM_FIRST) && (cpu_addr <= FW_ROM_LAST)) begin
      |                           ^~
                   ... For warning description see https://verilator.org/warn/UNSIGNED?v=5.012
                   ... Use "/* verilator lint_off UNSIGNED */" and lint_on around source to disable this message.
%Error: Exiting due to 1 warning(s)

But we might want to show intent, and if ROM moves it might lower the risk for a bug.

EDIT:
I removed the unnecessary comparison, but added a comment to it.
The comparison costs ~18 LCs, so I don't think it is wort to keep for showing intent.