Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PoC: Persistent storage #273

Closed
wants to merge 26 commits into from
Closed

PoC: Persistent storage #273

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
fa75ea0
Remove types.h in favor of standard libs such as stdint, stddef
dehanj Sep 12, 2024
40c1bf7
fw: Create compute_app_digest() function
dehanj Sep 4, 2024
8a2ef28
Import spi.[ch] and flash.[ch]
dehanj Aug 30, 2024
3c292a9
WIP partition table
dehanj Aug 30, 2024
f0ae8bf
WIP preload_app
dehanj Sep 3, 2024
bdc4351
WIP auth app
dehanj Sep 3, 2024
9330b9b
Add fw state and fw cmd to trigger a start of a preloaded app
dehanj Sep 3, 2024
53e655c
temp commit: Expose write functions to make development easier
dehanj Sep 4, 2024
f1a7219
fw: Break out htif functions for qemu to separate files
dehanj Sep 4, 2024
7279526
fw: break out trng and xorwow to rng.[ch]
dehanj Sep 4, 2024
45a1e3b
Include authentication of preloaded app
dehanj Sep 9, 2024
6a2474f
fw: use bool as return type for memeq
dehanj Sep 18, 2024
deb2961
fw: remove address-of operator (&) where it is not needed
dehanj Sep 12, 2024
7c698cf
WIP management app
dehanj Sep 12, 2024
caba77d
preload_app: only allow mgmt app to store or delete
dehanj Sep 18, 2024
1a64b73
WIP app storage calls
dehanj Sep 12, 2024
23b76b6
Wip syscall function.
dehanj Sep 17, 2024
121d991
Temporarily override the blake2s trampoline
dehanj Sep 17, 2024
cb8bdab
Implement preload_store
dehanj Sep 19, 2024
40ef36b
Increase ROM to 8K
dehanj Sep 19, 2024
04f9e2d
Optimize SPI functions, lowering ROM usage by 70 bytes.
dehanj Sep 30, 2024
26e64f4
storage: add erase command
dehanj Sep 30, 2024
dd60b7c
fw: switch to FW RAM when executing a syscall.
dehanj Oct 4, 2024
9b17edf
fw: simplify switch to FW_RAM
dehanj Oct 16, 2024
3771726
fw: add workaround so objdump can disassemble compressed rv32
dehanj Oct 16, 2024
0c2d62b
temp: add define to toggle the use of fw RAM
dehanj Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 42 additions & 8 deletions hw/application_fpga/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ TARGET_FREQ ?= 21

# Size in 32-bit words, must be divisible by 256 (pairs of EBRs, because 16
# bits wide; an EBR is 128 32-bits words)
BRAM_FW_SIZE ?= 1536
BRAM_FW_SIZE ?= 2048

PIN_FILE ?= application_fpga_tk1.pcf

Expand All @@ -47,7 +47,7 @@ CFLAGS = \
-mabi=ilp32 \
-static \
-std=gnu99 \
-O2 \
-Os \
-ffast-math \
-fno-common \
-fno-builtin-printf \
Expand Down Expand Up @@ -106,11 +106,21 @@ PICORV32_SRCS = \

FIRMWARE_DEPS = \
$(P)/fw/tk1_mem.h \
$(P)/fw/tk1/types.h \
$(P)/fw/tk1/lib.h \
$(P)/fw/tk1/proto.h \
$(P)/fw/tk1/assert.h \
$(P)/fw/tk1/led.h
$(P)/fw/tk1/led.h \
$(P)/fw/tk1/blake2s/blake2s.h \
$(P)/fw/tk1/spi.h \
$(P)/fw/tk1/flash.h \
$(P)/fw/tk1/partition_table.h \
$(P)/fw/tk1/preload_app.h \
$(P)/fw/tk1/auth_app.h \
$(P)/fw/tk1/htif.h \
$(P)/fw/tk1/rng.h \
$(P)/fw/tk1/mgmt_app.h \
$(P)/fw/tk1/storage.h \
$(P)/fw/tk1/syscall.h

FIRMWARE_OBJS = \
$(P)/fw/tk1/main.o \
Expand All @@ -119,15 +129,35 @@ FIRMWARE_OBJS = \
$(P)/fw/tk1/lib.o \
$(P)/fw/tk1/assert.o \
$(P)/fw/tk1/led.o \
$(P)/fw/tk1/blake2s/blake2s.o
$(P)/fw/tk1/blake2s/blake2s.o \
$(P)/fw/tk1/spi.o \
$(P)/fw/tk1/flash.o \
$(P)/fw/tk1/partition_table.o \
$(P)/fw/tk1/preload_app.o \
$(P)/fw/tk1/auth_app.o \
$(P)/fw/tk1/htif.o \
$(P)/fw/tk1/rng.o \
$(P)/fw/tk1/mgmt_app.o \
$(P)/fw/tk1/storage.o \
$(P)/fw/tk1/syscall.o

FIRMWARE_SOURCES = \
$(P)/fw/tk1/main.c \
$(P)/fw/tk1/proto.c \
$(P)/fw/tk1/lib.c \
$(P)/fw/tk1/assert.c \
$(P)/fw/tk1/led.c \
$(P)/fw/tk1/blake2s/blake2s.c
$(P)/fw/tk1/blake2s/blake2s.c \
$(P)/fw/tk1/spi.c \
$(P)/fw/tk1/flash.c \
$(P)/fw/tk1/partition_table.c \
$(P)/fw/tk1/preload_app.c \
$(P)/fw/tk1/auth_app.c \
$(P)/fw/tk1/htif.c \
$(P)/fw/tk1/rng.c \
$(P)/fw/tk1/mgmt_app.c \
$(P)/fw/tk1/storage.c \
$(P)/fw/tk1/syscall.c

TESTFW_OBJS = \
$(P)/fw/testfw/main.o \
Expand Down Expand Up @@ -168,7 +198,11 @@ secret:
# Firmware generation.
# Included in the bitstream.
#-------------------------------------------------------------------
LDFLAGS = -T $(P)/fw/tk1/firmware.lds
# -Wl,-mllvm,-mattr=+c,-mllvm,-mattr=+zmmul added as a workaround to be able to
# disassemble compressed RV32 instructions
LDFLAGS = \
-T $(P)/fw/tk1/firmware.lds \
-Wl,-mllvm,-mattr=+c,-mllvm,-mattr=+zmmul

$(FIRMWARE_OBJS): $(FIRMWARE_DEPS)
$(TESTFW_OBJS): $(FIRMWARE_DEPS)
Expand Down Expand Up @@ -325,7 +359,7 @@ tb:
# Synthesis. Place & Route. Bitstream generation.
#-------------------------------------------------------------------

YOSYS_FLAG ?=
YOSYS_FLAG ?=-DINCLUDE_SPI_MASTER

synth.json: $(FPGA_SRC) $(VERILOG_SRCS) $(PICORV32_SRCS) bram_fw.hex \
$(P)/data/uds.hex $(P)/data/udi.hex
Expand Down
4 changes: 3 additions & 1 deletion hw/application_fpga/fw/testfw/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@
#include "../tk1/blake2s/blake2s.h"
#include "../tk1/lib.h"
#include "../tk1/proto.h"
#include "../tk1/types.h"
#include "../tk1_mem.h"

#include <stddef.h>
#include <stdint.h>

// clang-format off
volatile uint32_t *tk1name0 = (volatile uint32_t *)TK1_MMIO_TK1_NAME0;
volatile uint32_t *tk1name1 = (volatile uint32_t *)TK1_MMIO_TK1_NAME1;
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/fw/tk1/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Uses ../.clang-format
FMTFILES=main.c lib.h lib.c proto.h proto.c types.h assert.c assert.h led.c led.h
FMTFILES=main.c lib.h lib.c proto.h proto.c assert.c assert.h led.c led.h
.PHONY: fmt
fmt:
clang-format --dry-run --ferror-limit=0 $(FMTFILES)
Expand Down
1 change: 1 addition & 0 deletions hw/application_fpga/fw/tk1/assert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

#include "assert.h"
#include "htif.h"
#include "lib.h"

void assert_fail(const char *assertion, const char *file, unsigned int line,
Expand Down
68 changes: 68 additions & 0 deletions hw/application_fpga/fw/tk1/auth_app.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
// Copyright (C) 2024 - Tillitis AB
// SPDX-License-Identifier: GPL-2.0-only

#include "auth_app.h"
#include "../tk1_mem.h"
#include "blake2s/blake2s.h"
#include "lib.h"
#include "partition_table.h"
#include "rng.h"

#include <stdbool.h>
#include <stdint.h>

static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;

/* Calculates the authentication digest based on a supplied nonce and the CDI.
* Requires that the CDI is already calculated and stored */
static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
{
/* TODO: Check so the CDI is non-zero? */

blake2s_ctx ctx = {0};

// Generate a 16 byte authentication digest
blake2s_init(&ctx, 16, NULL, 0);
blake2s_update(&ctx, (const void *)cdi, 32);
blake2s_update(&ctx, nonce, 16);
blake2s_final(&ctx, auth_digest);
}

/* Generates a 16 byte nonce */
static void generate_nonce(uint32_t *nonce)
{

for (uint8_t i = 0; i < 4; i++) {
nonce[i] = rng_get_word();
}
return;
}
/* Returns the authentication digest and random nonce. Requires that the CDI is
* already calculated and stored */
void auth_app_create(auth_metadata_t *auth_table)
{
uint8_t nonce[16];
uint8_t auth_digest[16];

generate_nonce((uint32_t *)nonce);

calculate_auth_digest(nonce, auth_digest);

memcpy_s(auth_table->authentication_digest, 16, auth_digest, 16);
memcpy_s(auth_table->nonce, 16, nonce, 16);

return;
}

bool auth_app_authenticate(auth_metadata_t *auth_table)
{
uint8_t auth_digest[16];

calculate_auth_digest(auth_table->nonce, auth_digest);

if (memeq(auth_digest, auth_table->authentication_digest, 16)) {
return true;
}

return false;
}
14 changes: 14 additions & 0 deletions hw/application_fpga/fw/tk1/auth_app.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Copyright (C) 2024 - Tillitis AB
// SPDX-License-Identifier: GPL-2.0-only

#ifndef AUTH_APP_H
#define AUTH_APP_H

#include "partition_table.h"

#include <stdbool.h>

void auth_app_create(auth_metadata_t *auth_table);
bool auth_app_authenticate(auth_metadata_t *auth_table);

#endif
4 changes: 3 additions & 1 deletion hw/application_fpga/fw/tk1/blake2s/blake2s.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@
// A simple blake2s Reference Implementation.
//======================================================================

#include "../types.h"
#include "../lib.h"
#include "blake2s.h"

#include <stdint.h>
#include <stddef.h>

// Dummy printf() for verbose mode
static void printf(const char *format, ...)
{
Expand Down
3 changes: 2 additions & 1 deletion hw/application_fpga/fw/tk1/blake2s/blake2s.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
#ifndef BLAKE2S_H
#define BLAKE2S_H

#include "../types.h"
#include <stdint.h>
#include <stddef.h>

// state context
typedef struct {
Expand Down
Loading
Loading