Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add complete checks for invalid memory accesses #311

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add complete checks for invalid memory accesses #311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hw/application_fpga/application_fpga.bin.sha256
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
44086edb70377991b57d3f1c231f743fcf0c2c9d2303843ec133f76cc42449a8 application_fpga.bin
d610fd2e21eabe6fd840cee9f2a9f5ec00be8b40fbdfd069232f6450cd108a96 application_fpga.bin
5 changes: 3 additions & 2 deletions hw/application_fpga/core/tk1/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,9 @@ ADDR_CPU_MON_LAST: 0x62
Monitors events and state changes in the SoC and handles security
violations. Currently checks for:

1. Trying to execute instructions in FW\_RAM. *Always enabled.*
2. Trying to access RAM outside of the physical memory. *Always enabled*
1. Trying to access memory that is outside of the defined size of the
defined memory areas. *Always enabled*
2. Trying to execute instructions in FW\_RAM. *Always enabled.*
3. Trying to execute instructions from a memory area in RAM defined by
the application.

Expand Down
63 changes: 62 additions & 1 deletion hw/application_fpga/core/tk1/rtl/tk1.v
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,8 @@ module tk1 #(
// Monitor events and state changes in the SoC, and handle
// security violations. We currently check for:
//
// Any access to RAM but outside of the size of the physical mem.
// Any memory access that is outside of the defined size of the
// defined memory areas.
//
// Trying to execute instructions in FW-RAM.
//
Expand All @@ -393,10 +394,70 @@ module tk1 #(
force_trap_set = 1'h0;

if (cpu_valid) begin
// Outside ROM area
if (cpu_addr[31 : 30] == 2'h0 & |cpu_addr[29 : 14]) begin
force_trap_set = 1'h1;
end

// Outside RAM area
if (cpu_addr[31 : 30] == 2'h1 & |cpu_addr[29 : 17]) begin
force_trap_set = 1'h1;
end

// In RESERVED area
if (cpu_addr[31 : 30] == 2'h2) begin
force_trap_set = 1'h1;
end

// MMIO
if (cpu_addr[31 : 30] == 2'h3) begin

// Outside TRNG
if (cpu_addr[29 : 24] == 6'h00 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside TIMER
if (cpu_addr[29 : 24] == 6'h01 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside UDS
if (cpu_addr[29 : 24] == 6'h02 & |cpu_addr[23 : 5]) begin
force_trap_set = 1'h1;
end

// Outside UART
if (cpu_addr[29 : 24] == 6'h03 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside TOUCH_SENSE
if (cpu_addr[29 : 24] == 6'h04 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// In unused space
if ((cpu_addr[29 : 24] > 6'h04) && (cpu_addr[29 : 24] < 6'h10)) begin
force_trap_set = 1'h1;
end

// Outside FW_RAM
if (cpu_addr[29 : 24] == 6'h10 & |cpu_addr[23 : 11]) begin
force_trap_set = 1'h1;
end

// In unused space
if ((cpu_addr[29 : 24] > 6'h10) && (cpu_addr[29 : 24] < 6'h3f)) begin
force_trap_set = 1'h1;
end

// Outside TK1
if (cpu_addr[29 : 24] == 6'h3f & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end
end

if (cpu_instr) begin
if ((cpu_addr >= FW_RAM_FIRST) && (cpu_addr <= FW_RAM_LAST)) begin
force_trap_set = 1'h1;
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/firmware.bin.sha512
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
edb39fca7dafb8ea0b89fdeecd960d7656e14ce461e49af97160a8bd6e67d9987e816adad37ba0fcfa63d107c3160988e4c3423ce4a71c39544bc0045888fec1 firmware.bin
39d5aee11b8553544ba9171f83fbe6f5b7546a15c70d03325e72a2b0ca86c8f7a2b5b6bf121d1d3ffc84a502a2a1a6f3ea140d1424cd424336e055be2f394f83 firmware.bin
4 changes: 2 additions & 2 deletions hw/application_fpga/fw/tk1_mem.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@
#define TK1_MMIO_TIMER_TIMER 0xc100002c

#define TK1_MMIO_UDS_BASE 0xc2000000
#define TK1_MMIO_UDS_FIRST 0xc2000040
#define TK1_MMIO_UDS_LAST 0xc200005c
#define TK1_MMIO_UDS_FIRST 0xc2000000
#define TK1_MMIO_UDS_LAST 0xc200001c

#define TK1_MMIO_UART_BASE 0xc3000000
#define TK1_MMIO_UART_RX_STATUS 0xc3000080
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/rtl/application_fpga.v
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,7 @@ module application_fpga (

ram_cs = 1'h0;
ram_we = 4'h0;
ram_address = cpu_addr[17 : 2];
ram_address = cpu_addr[16 : 2];
ram_write_data = cpu_wdata;

fw_ram_cs = 1'h0;
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/tb/application_fpga_sim.v
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ module application_fpga_sim (

ram_cs = 1'h0;
ram_we = 4'h0;
ram_address = cpu_addr[17 : 2];
ram_address = cpu_addr[16 : 2];
ram_write_data = cpu_wdata;

fw_ram_cs = 1'h0;
Expand Down
Loading