[Cryptech Tech] Lattice boards for developing a custom master key memory

Joachim Strömbergson joachim.strombergson at assured.se
Thu May 3 08:48:25 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Thanks for good feedback. Some comments below.

Peter Stuge wrote:
> I like this idea, but I would definitely stick with a synchronous
> bus such as SPI.

What would you say are the main reasons for using SPI?

To me, a UART is simpler to not screw up. We have a simplistic SPI
master for the current master key serial SRAM. But it would need to be
extended to be able to handle other records/commands etc. We also have a
UART and a command handler that would basically be possible to drop into
the new FPGA.

The chief disadvantage I see is performance. But we won't be sending
kBytes of data over the interface anyway.


> Joachim Strömbergson wrote:
>> We are currently considering using the Lattice ICE devices. One of
>> the chief reasons is the project IceStorm
> 
> I am a fan of Yosys and the iCE40 devices, and also made a board
> with the hand-solderable VQ100 HX1K.
> 
> 
> I would recommend buying either the Olimex iCE40HX1K-EVB: 
> https://www.olimex.com/Products/FPGA/iCE40/iCE40HX1K-EVB/open-source-hardware
>
>  ..or maybe maybe the iCEstick.
> 
> The Olimex iCE40HX1K-EVB has 28 IOs and a 100 MHz oscillator which
> is available externally, but no USB interface, so flashing a
> bitstream requires another device (similar to flashing the Alpha
> STM32) - but OTOH flashing only needs to be done once.
> 
> The iCEstick includes an FTDI USB chip for easy flashing, but only 
> has 24 IOs spread over three connectors, only has a 12 MHz
> oscillator and is designed to only be powered via USB.
> 
> Note that HX1K has no PLL in the VQ100 package used on both these 
> boards, so no clock can run faster than the oscillator. But a good
> design should not rely on a clock for tamper detect anyway, I think
> that should be asynchronous.

Good point on power supply. The stick would only be used for testing and
prototype development. Then we either have to design our own board that
fits on top of Alpha headers, or adapt something like the TinyFPGA
board. I think the stick is a good start for now.

As far as I see it, 24 I/Os are more than plenty (a few I/Os for the
interface, one or two for tamper detect and possibly a few for debug)

Regarding the clocking. The control FSM handling storage including
tamper reaction will be clocked.

The tamper event inputs needs to at least be sampled in a proper manner.
Just having a level input that pulls the reset of a register sounds to
me like asking for an over sensitive system that will cause reliability
issues and bad surprises. Please, explain why this would be good design.
I'm probably missing something smart.


Yours
JoachimS



> 
> 
> A more powerful option would be the Olimex iCE40HX8K-EVB: 
> https://www.olimex.com/Products/FPGA/iCE40/iCE40HX8K-EVB/open-source-hardware
>
>  This is similar to the iCE40HX1K-EVB but has about 6x logic
> capacity, 2 PLLs and another 132 IOs.
> 
> 
> Pro iCEstick: USB interface Con: Made by Lattice
> 
> I like to support Olimex when possible, since they are very strong
> if not leading when it comes to open hardware. They use only open
> source design software and have always been very good at publishing
> designs as open hardware. They ship from EU stock immediately using
> pretty much any courier.
> 
> 
> //Peter _______________________________________________ Tech mailing
> list Tech at cryptech.is https://lists.cryptech.is/listinfo/tech


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Assured AB
========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJa6szZAAoJEF3cfFQkIuyN19AQALeh4vFwUQPZSqiRgaoDx2UD
ZY9AV3LE6nS5NJIPV6U746OTw89CVcn1Gmx/OREy5TmQqSrjOcxBg9oG7j3J9i8i
gxVl+OsGIYomwhRo3iuyQw64yM1TNjY0IrSBO2m5o/7rHLjlBL9FwLN1NQ4hftLA
y/dcJKLUWiVJd5Id8Qp9HOzpNTofeEkMluWdC7+7efgkeF1nUFxb/EYSq5gnmSj6
zaVf3i5k5zxLfr5bEOFSvTK11WEwWKm6u8m8xpM8A4d2pmKo5yf88/4sW2yjlbTQ
3NCsk1x/ydY+LVOPoezZwPbtmx/JIzbqRxwTYam+ehcwKC0l8grDqrqeti4VUd8Q
Uv553q0NiCi0hHS5zFGcsJCUvNuzKDClIFP3SiKG+HKM1VT91zZYjNsh/F3uqQWr
pwhU68zBUcSfnW1qsDpShW/yxdZRSPBUfuCp1EN+9XZEyi7+LUKCnAN8OsMC4aSc
aHHlBebelMp3uIujW2vvvIVKpCgBtmmH2kKX0wF7wSdC05CSmD+Hnks7LDwWeGkl
yKnOh2fzeLScPKQpYQpG0ZN87rWc4zwxsyqNw3o8GoJEu1N7Vev3Lg0WUwF7NdR6
J4E3ZqDa0qOfJyZhuzFQyy/PhI6AL6UxD3VYjz3qtTKQCjEudGGOfz2nVj+ah9I3
AlOF1AgmGpMpGcWssPJ7
=ZftP
-----END PGP SIGNATURE-----


More information about the Tech mailing list