Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨🔒 add optional on-chip debugger authentication #1053

Merged
merged 21 commits into from
Oct 11, 2024
Merged

✨🔒 add optional on-chip debugger authentication #1053

merged 21 commits into from
Oct 11, 2024

Conversation

stnolting
Copy link
Owner

@stnolting stnolting commented Oct 11, 2024
edited
Loading

This PR adds optional support for a authentication module for the on-chip debugger.

The authentication module is enabled by the new OCD_AUTHENTICATION top generic. A simple/exemplary authentication module is implemented in neorv32_debug_auth.vhd. Users can modify/replace this module to implement custom security mechanism.

The interface complies to the the RISC-V debug spec. Hence, the authenticator can (also) be accessed by openOCD (https://openocd.org/doc/html/Architecture-and-Core-Commands.html):

16.11.4 RISC-V Authentication Commands

The following commands can be used to authenticate to a RISC-V system. Eg. a trivial challenge-response protocol could be implemented as follows in a configuration file, immediately following init:

set challenge [riscv authdata_read]
riscv authdata_write [expr {$challenge + 1}]

Command: riscv authdata_read
Return the 32-bit value read from authdata.

Command: riscv authdata_write value
Write the 32-bit value to authdata.

⚠️ This PR also renames the OCD-related top generics:

  • ON_CHIP_DEBUGGER_EN -> OCD_EN
  • DM_LEGACY_MODE -> OCD_DM_LEGACY_MODE

@stnolting stnolting added enhancement New feature or request HW Hardware-related labels Oct 11, 2024
@stnolting stnolting self-assigned this Oct 11, 2024
@stnolting
[sysinfo] add OCD authentication flag
64102b1
@stnolting
[rtl] add OCD authenticator module
b530b00
@stnolting
⚠️ [top] rework OCD generics
b14ea49
@stnolting
[changelog] add v1.10.5.5
9f11fbe
@stnolting
[rtl] update wrapper generics
db35d0d
@stnolting
[vivado_ip] update generics
e7492a6 
plus minor cleanups
@stnolting
[docs] clean up entire OCD chapter
1789e3d
@stnolting
[figures] OCD complex: add authentication block
a520c67
@stnolting
[vivado_ip] fix mtime configuration issue
5ad2635
@stnolting
[docs] minor edits
d8483a5
@stnolting
[docs] add debug authentication section
d3f7125
@stnolting
[rtl] adjust OCD authentication configuration
dffdc3d
@stnolting
[sw/openocd] add authentication
d5139ea
@stnolting
[docs] minor edits
e89fb51
@stnolting
[rtl] DM: add authentication logic
59d3a23
@stnolting
Merge branch 'main' into debug_authentication
ba0e5a7
@stnolting
Merge branch 'main' into debug_authentication
1ac6ffb
@stnolting
[rtl] code cleanup
562a928
@stnolting
[sw/common] ELF file is required for gdb target
1e9fb33
@stnolting stnolting marked this pull request as ready for review October 11, 2024 18:09
@stnolting stnolting merged commit 8d978b3 into main Oct 11, 2024
14 checks passed
@stnolting stnolting deleted the debug_authentication branch October 11, 2024 18:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@stnolting stnolting

Labels
enhancement New feature or request HW Hardware-related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stnolting