ContextQMD
Back to Tock

Tock OT Notes 5/14/2020

doc/wg/opentitan/notes/2020-05-14.md

latest3.0 KB
Original Source

Tock OT Notes 5/14/2020

Present:

  • Brad Campbell (Chair), University of Virginia
  • Jon Flatley, Google
  • Silvestrs Timofejevs, lowRISC
  • Johnathan Van Why, Google
  • Garret Kelly, Google
  • Alistair Francis, Western Digital
  • Phil Levis, Stanford
  • Alphan Ulusoy, Google

Updates

  • Alistair: Updating hifive1 to Rev b and it is working.

  • libtock-rs apps can run (blinky and hello world)

  • Had to shrink stack size to make it fit.

  • Brad: I also had to change the stack size for libtock-c.

  • Alistair: libtock-rs needs to be updated to make stack size per-app rather than per-board.

  • Alistair: Also, the PMP works as well.

  • Brad: Were you able to get clock configuration working?

  • Alistair: I'm just using the default clock from the bootloader.

  • Brad: Did you find the bootloader?

  • Alistair: No.

  • Brad: Yeah, it would be great to not have completely unknown code running on the board.

  • Phil: I can ask Megan about the bootloader.

  • Alphan: I'm working on 3 PRs which are in progress.

  • Brad: I added fixed address TLV support to elf2tab.

Roadmap

  • Garret: Vadim can present next week on the Chromebook use case.

BLE Stack

  • Alistair: What is the state of BLE support in Tock?
  • Brad: There is some support. I believe advertisements work, and there is some code for connections. It is not well tested or well organized, however.

OT SPI Passthrough

  • Garret: Oscar has been thinking about and working on SPI passthrough support in Tock based on the Tock-on-Titan code.
  • He is thinking about what a HIL might look like. Looking for advice/help.
  • Phil: I'm happy to chat and am familiar with the Titan implementation.
  • Johnathan and Dom talked a bunch about how to support it in Tock.
  • Garret: So far getting SPS working.
  • Phil: For some background, SPI passthrough allows a chip to snoop on the SPI lines to verify something like the boot code has not be altered. The peripheral must be able to do this at line speed because it is just watching the bus. The SPI passthrough mechanism can interrupt the SPI transaction, however, if there is something wrong.
  • Garret: The SPI passthrough peripheral also has to be able to respond to commands on the SPI bus.
  • Alistair: Does the peripheral use the same chip select line?
  • Garret: Yes.
  • Garret: SPI passthrough can control the CS line to the flash chip, however.
  • Garret: If the peripheral cannot keep up it can abort a transaction later. This does open an attack surface if the application uses the data before OT notifies that it is bad, but this is very difficult and outside of the threat model.
  • Garret: This gets more complicated with Quad SPI devices, where the CS line is re-used as a data line. There the SPI passthrough cannot step on the CS line, but it can corrupt a header or a CRC check or something like that.
  • Brad: Can you give us a sense of what kind of checks the hardware can do?
  • Garret: Make sure the application processor is not overwriting boot code with something unexpected. It can also respond to commands.