Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC: Raise privilege if executing in ROM #258

Draft
wants to merge 7 commits into
base: pc_based_access_control_spi_2
Choose a base branch
from
Draft

PoC: Raise privilege if executing in ROM #258

wants to merge 7 commits into from

Conversation

dehanj
Copy link
Member

@dehanj dehanj commented Aug 29, 2024

Description

PoC of a generic syscall and how a lock could look like.

Fixes # (issues)

Type of change

Please tick any that are relevant to this PR and remove any that aren't.

  • Bugfix (non breaking change which resolve an issue)
  • Feature (non breaking change which adds functionality)
  • Breaking Change (a change which would cause existing functionality to not work as expected)
  • Documentation (a change to documentation)

Submission checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my changes
  • I have tested and verified my changes on target
  • My changes are well written and CI is passing
  • I have squashed my work to relevant commits and rebased on main for linear history
  • I have added a "Co-authored-by: x" if several people contributed, either pair programming or by squashing commits from different authors.
  • I have updated the documentation where relevant (readme, dev.tillitis.se etc.)
  • QEMU is updated to reflect changes

dehanj
dehanj commented Aug 29, 2024
View reviewed changes
hw/application_fpga/core/tk1/rtl/tk1.v
Comment on lines +500 to +501
fw_app_mode_new = 1'h1;
fw_app_mode_new = 1'h1;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fw_app_mode_new set twice.

@mchack-work mchack-work mentioned this pull request Sep 25, 2024
Open
@dehanj dehanj changed the title PoC: Syscall PoC: Raise privilege if executing in ROM Nov 14, 2024
@dehanj dehanj force-pushed the pc_based_access_control_spi_2 branch from f5f57ff to 90c94ce Compare November 15, 2024 13:13
@secworks @dehanj
FPGA: Add SPI access control logic
42e375a 
      Access logic looks at instruction execution from a defined
      trampoline address to enable stateful SPI access.

      The access is disabled as soon as an instruction is executed
      from any address in RAM.

Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
fpga: Add testcase for SPI access control
6c0fc26 
      Add testcase that checks that access control
      is enabled and disabled as expected.

Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
fpga: Include SPI master during linting
3a98f03 
Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
(fpga) Start adding support for new control of FW and appo mode.
3f67e77 
Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
(fpga) Debug build and sim target.
23348d3 
       1. Debug tk1 core with initial changes to fw-app-mode.

       2. Debug testbench with fixes related to name changes for
       address and data RAM randomization.

       3. Debug test6 that checks SPI access.

Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
(fw) Enable FW mode at start.
ad18c33 
     FW mode must now be explicitlty enabled. App mode will be
     automatically enabled when jumping to the start of the loaded
     application.

Signed-off-by: Joachim Strömbergson <[email protected]>
@secworks @dehanj
(fpga) Add API register for syscall trampoline address.
fd357a2 
Signed-off-by: Joachim Strömbergson <[email protected]>
@dehanj dehanj force-pushed the pc_based_access_control_spi_2_sycalls_fur_alle branch from df10908 to fd357a2 Compare November 15, 2024 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dehanj @secworks