[Cryptech-Commits] [core/util/keywrap] 19/37: Hardened the keywrap API to not allow reads or writes when the core is busy.

git at cryptech.is git at cryptech.is
Wed Apr 29 16:51:55 UTC 2020


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository core/util/keywrap.

commit aced6ee13af2d15ee0a9ccd8e681faf1519106ea
Author: Joachim Strömbergson <joachim at secworks.se>
AuthorDate: Tue Oct 23 10:50:22 2018 +0200

    Hardened the keywrap API to not allow reads or writes when the core is busy.
---
 src/rtl/keywrap.v | 55 +++++++++++++++++++++++++++++--------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index cc6f8ac..53deaaf 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -321,45 +321,48 @@ module keywrap #(parameter ADDR_BITS = 13)
       api_rd_delay_new = 32'h0;
 
       // api_mux
-      if (address[(ADDR_BITS - 1)])
-        tmp_read_data = core_api_rd_data;
-      else
-        tmp_read_data = api_rd_delay_reg;
+      if (core_ready)
+        if (address[(ADDR_BITS - 1)])
+          tmp_read_data = core_api_rd_data;
+        else
+          tmp_read_data = api_rd_delay_reg;
 
       if (cs)
         begin
           if (we)
             begin
-              // Write access
-              if (address == {{PAD{1'h0}}, ADDR_CTRL})
+              if (core_ready)
                 begin
-                  init_new  = write_data[CTRL_INIT_BIT];
-                  next_new  = write_data[CTRL_NEXT_BIT];
-                  read_new  = write_data[CTRL_READ_BIT];
-                  write_new = write_data[CTRL_WRITE_BIT];
-                end
+                  if (address == {{PAD{1'h0}}, ADDR_CTRL})
+                    begin
+                      init_new  = write_data[CTRL_INIT_BIT];
+                      next_new  = write_data[CTRL_NEXT_BIT];
+                      read_new  = write_data[CTRL_READ_BIT];
+                      write_new = write_data[CTRL_WRITE_BIT];
+                    end
 
-              if (address == {{PAD{1'h0}}, ADDR_CONFIG})
-                config_we = 1'h1;
+                  if (address == {{PAD{1'h0}}, ADDR_CONFIG})
+                    config_we = 1'h1;
 
-              if (address == {{PAD{1'h0}}, ADDR_RLEN})
-                rlen_we = 1'h1;
+                  if (address == {{PAD{1'h0}}, ADDR_RLEN})
+                    rlen_we = 1'h1;
 
-              if (address == {{PAD{1'h0}}, ADDR_A0})
-                a0_we = 1'h1;
+                  if (address == {{PAD{1'h0}}, ADDR_A0})
+                    a0_we = 1'h1;
 
-              if (address == {{PAD{1'h0}}, ADDR_A1})
-                a1_we = 1'h1;
+                  if (address == {{PAD{1'h0}}, ADDR_A1})
+                    a1_we = 1'h1;
 
-              if (address == {{PAD{1'h0}}, ADDR_MSTATUS})
-                mstatus_we = 1'h1;
+                  if (address == {{PAD{1'h0}}, ADDR_MSTATUS})
+                    mstatus_we = 1'h1;
 
-              if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) &&
-                   (address <= {{PAD{1'h0}}, ADDR_KEY7}))
-                key_we = 1'h1;
+                  if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) &&
+                      (address <= {{PAD{1'h0}}, ADDR_KEY7}))
+                    key_we = 1'h1;
 
-              if (address[(ADDR_BITS - 1)])
-                core_api_we = 1'h1;
+                  if (address[(ADDR_BITS - 1)])
+                    core_api_we = 1'h1;
+                end
             end // if (we)
           else
             begin



More information about the Commits mailing list