Skip to content

Instantly share code, notes, and snippets.

View ilebedev's full-sized avatar
🌶️
🥺

Ilia Lebedev ilebedev

🌶️
🥺
View GitHub Profile
@ilebedev
ilebedev / freechips.rocketchip.system.rv64iamfd.v
Last active January 9, 2019 15:52
freechips.rocketchip.system.DefaultConfig.v
module ExampleRocketSystem( // @[:freechips.rocketchip.system.DefaultConfig.fir@214349.2]
input clock, // @[:freechips.rocketchip.system.DefaultConfig.fir@214350.4]
input reset, // @[:freechips.rocketchip.system.DefaultConfig.fir@214351.4]
output debug_clockeddmi_dmi_req_ready, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
input debug_clockeddmi_dmi_req_valid, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
input [6:0] debug_clockeddmi_dmi_req_bits_addr, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
input [31:0] debug_clockeddmi_dmi_req_bits_data, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
input [1:0] debug_clockeddmi_dmi_req_bits_op, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
input debug_clockeddmi_dmi_resp_ready, // @[:freechips.rocketchip.system.DefaultConfig.fir@214353.4]
output debug_clockeddmi_dmi_resp_valid, // @[:freechips.rocketchip.system.DefaultCon
OUTPUT_ARCH( "riscv" )
ENTRY( reset_vector )
SECTIONS
{
/* Root of trust in a trusted ROM */
. = 0x1000;
.rot : {
_start = .;
PROVIDE(reset_vector = .);
*(.bootloader.entry)
.global reset_vector
reset_vector:
# this resides at address 0x1000
# 1. Set aside space in system memory for a software stack.
la sp, m_stack_ptr # Stack pointer for core 0
csrr a0, mhartid # a0 <-- mhartid
# 2. All but hart 0 wait for a signal via IPI. Hart 0 proceeds, and will wake other harts.
bne a0, zero, .hart_non_zero # hart 0
# 2. Erase DRAM (if applicable)
#ifdef ERASE_DRAM
.global reset_vector
reset_vector:
la sp, m_stack_ptr # sp for hart 0 (to be adjusted for other harts)
csrr a0, mhartid # a0 <-- mhartid
# 2. All but hart 0 wait for a signal via IPI. Hart 0 proceeds, and will wake other harts.
bne a0, zero, .hart_non_zero # hart 0
# 2. Erase DRAM (if applicable)
#ifdef ERASE_DRAM
sha3_ctx_t hash_ctx;
uint8_t cert_hash[64];
uint8_t cert_sig[64];
extern uint8_t PK_T[32];
// uint8_t S_H[64] has been previously computed
// uint8_t PK_S[32] has been previously computed
// uint8_t PK_T[32] has been previously retrieved
/* Hash the parts of the certificate into one message */
uint8_t SK_T[64];
uint8_t PK_S[32];
uint8_t SK_S[64];
sha3_ctx_t hash_ctx;
uint8_t seed[64];
// uint8_t S_H[64] has been previously computed
/* Retrieve SK_T and prevent any subsequent
software from accessing it */
/* The unique public key assigned by M
to one of the devices it has manufactured. */
extern uint8_t PK_T[64];
/* The manufacturer's cryptographic key pair
is extremely sensitive information. */
extern uint8_t PK_M[32];
extern uint8_t SK_M[64];
/* The endorsement. */
#include <sha3/sha3.h>
/* Address of the base of S, at a location
specified by a linker script */
extern const void* s_ptr;
/* Address of the size of S, at a location
specified by a linker script */
extern const size_t* s_size;
void get_sk_d(uint8_t[64] out_sk_d);
/* Accessor for the device key SKd populates the buffer out_sk_d with the key unless `hide_sk_t_until_reboot` has previously been invoked. */
void hide_sk_d_until_reboot();
/* Ensures that subsequent calls to `get_sk_d` do not yield any information about SKd until the system restarts. */
#include <ed25519/ed25519.h>
uint8_t pk[32];
uint8_t sk[64];
/* This seed is as valuable as the secret key! */
uint8_t secret_entropy[64];
/* NOTE: we assume some application-dependent source of trusted entropy */
get_trusted_entropy(secret_entropy, 64);