search

tillitis / tillitis-key1

Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑
https://www.tillitis.se
391 stars 24 forks source link

Handling of illegal instructions #87

Closed secworks closed 1 year ago

secworks commented 1 year ago

We need to at least document how the CPU in the TKey1 handles illegal instructions. Possibly we should also add functionality to signal to the user that an illegal instruction event has occurred.

secworks commented 1 year ago

Digging through the code for the PicoRV32: https://github.com/tillitis/tillitis-key1/blob/main/hw/application_fpga/core/picorv32/rtl/picorv32.v

One can see that if the CATCH_ILLINSN option is set (it is set by default), but no IRQs are enabled (they are not enabled by default), the CPU will move to the cpu_state_trap (see line 1491). In this state, the CPU will set the trap signal (which is an external port), and then stay in the state until reset. This means that in our instance of the CPU, any illegal instructions will hang the CPU at the instruction that was decoded. Not really clear what happens if CATCH_ILLSN is not set. The CPU probably executes something. Which we don't want.

What we could do is have hardware that observes the trap signal, and if being set starts flashing the LEDs.

secworks commented 1 year ago

The following commit contains functionality to look at the trap signal being set. And if it is set will flash the LEDs until the device is reset. The cost of the HW functionality is 63 LCs. The design meets timing,

https://github.com/tillitis/tillitis-key1/compare/main...trap_indicator

The design needs to be tested.

quite commented 1 year ago

I've tried executing 0x0000cafe and got a nice red flash!

secworks commented 1 year ago

I'd say we merge this into main.

quite commented 1 year ago

@secworks agreed

secworks commented 1 year ago

Merged.