|
2 | 2 |
|
3 | 3 | Descriptions of the tagged TKey releases. |
4 | 4 |
|
| 5 | + |
| 6 | +## TK1-24.03 |
| 7 | + |
| 8 | +This is an official release of the "Bellatrix" version of the Tillitis' |
| 9 | +TKey. This version is ready for general use. |
| 10 | + |
| 11 | +Using OCI image `ghcr.io/tillitis/tkey-builder:4`, built from |
| 12 | +`../contrib/Dockerfile`, and the generic |
| 13 | +`../hw/application_fpga/data/uds.hex` and |
| 14 | +`../hw/application_fpga/data/udi.hex`, a clean build should generate |
| 15 | +the following digest: |
| 16 | + |
| 17 | +``` |
| 18 | +321924aa3b26507f2a02325750e63c83b306c7831f8e2c87e8d198cecf8cc1c1 application_fpga.bin |
| 19 | +``` |
| 20 | + |
| 21 | +### FPGA |
| 22 | +- Security Monitor now prevents access to RAM outside of the physical |
| 23 | + memory. If it detects an access outside of the RAM address space, it |
| 24 | + will halt the CPU. |
| 25 | +- CPU Monitor changes name to Security monitor, which CPU Monitor is a |
| 26 | + part of. Prepare for more functions in the future. |
| 27 | +- Support incremental builds for the bitstream, when changing UDS/UDI |
| 28 | + between builds. Requires tkey-builder:3 or higher. |
| 29 | +- Update Verilog linter to Verilog-2005 and fixed warnings. |
| 30 | +- Complete testbenches and add 9 tests for the FPGA cores. |
| 31 | + |
| 32 | +### Firmware |
| 33 | +- Protect zeroisation against compiler optimisation by using |
| 34 | + secure_wipe(), fixing a memset() that was removed during |
| 35 | + compilation. |
| 36 | +- Make memeq() function side channel silent. |
| 37 | +- Change memory constants to defines instead of an enum, to be |
| 38 | + compatible with ISO C. |
| 39 | +- Deprecate TK1_MMIO_TK1_RAM_ASLR and introduce |
| 40 | + TK1_MMIO_TK1_RAM_ADDR_RAND instead to distinguish from OS-level |
| 41 | + ASLR. |
| 42 | +- Use pedantic warnings while building firmware and fixed warnings. |
| 43 | +- Use clang-tidy in CI. |
| 44 | +- Fix warnings from splint. |
| 45 | + |
| 46 | +### TP1 |
| 47 | +- New plastic clip o and update of BOM. |
| 48 | +- Build TP1 firmware in CI. |
| 49 | + |
| 50 | +### CH552 |
| 51 | +- Fixed a bug where a byte of data could in some rare circumstances be |
| 52 | + dropped, causing a client app to hang. |
| 53 | +- General clean-up of code, translated all comments to English. |
| 54 | + |
| 55 | +### TK1 |
| 56 | +- New injection moulded plastic case |
| 57 | + |
| 58 | +### tkey-builder |
| 59 | +- Updated to version 3. Bumping Ubuntu to 23.10, Yosys to 0.36 and |
| 60 | + nextpnr to 0.6. |
| 61 | +- Updated to version 4. Bumping pico-sdk to 1.5.1, adding clang-tidy |
| 62 | + and splint. |
| 63 | + |
| 64 | +### Docs |
| 65 | +- Fixing broken links, cleaning up docs and READMEs. |
| 66 | +- Clarify warm boot attack mitigations and scope for Bellatrix in |
| 67 | + threat model. |
| 68 | + |
| 69 | +For full change log [see](https://github.com/tillitis/tillitis-key1/compare/TK1-23.03.2...TK1-24.03) |
| 70 | + |
| 71 | + |
5 | 72 | ## TK1-23.03.2 |
6 | 73 |
|
7 | 74 | This is the official release of the "Bellatrix" version of the |
@@ -87,12 +154,12 @@ f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fp |
87 | 154 | will start flashing red. Note that the CPU will stay in the trap |
88 | 155 | state until the TKey device is disconnected. |
89 | 156 |
|
90 | | -- (HW) The RAM memory now includes an initial adress and scrambling |
91 | | - mechanism to make it harder to find assets generated by and |
92 | | - stored in the RAM by applications. The address space layout |
93 | | - randomizarion (ASLR) and data value scrambling is set up by the |
94 | | - firmware before the application is loaded, and does not affect |
95 | | - how applications executes. |
| 157 | +- (HW) The RAM memory now includes an address randomisation and data |
| 158 | + scrambling mechanism to make it harder for someone outside of the |
| 159 | + CPU to find assets generated by and stored in the RAM by |
| 160 | + applications. This randomisation and scrambling is set up by |
| 161 | + firmware before the application is loaded, and does not affect how |
| 162 | + applications executes. |
96 | 163 |
|
97 | 164 | - (HW) The UART Rx FIFO now allows applications to read out the |
98 | 165 | number of bytes received and not yet consumed by the application. |
@@ -142,8 +209,8 @@ f11d6b0f57c5405598206dcfea284008413391a2c51f124a2e2ae8600cb78f0b application_fp |
142 | 209 | PicoRV32. Please compile your programs with the Zmmul extension, |
143 | 210 | `-march=rv32iczmmul` for `clang`. |
144 | 211 |
|
145 | | -- (HW) The UDI is locked down and can now only be accessed by |
146 | | - firmware, not applications. |
| 212 | +- (HW) The UDI is locked down and can only be accessed by firmware, to |
| 213 | + prevent applications from tracking a particular TKey. |
147 | 214 |
|
148 | 215 | - (HW) The timer MMIO API now takes separate start and stop bits for |
149 | 216 | triggering the respective action, mitigating a time-of-check to |
|
0 commit comments