security.rmh

和picoblaze完全兼容的mcu ip core

14417 // @082 #612: COMPARE(s4,serial_number7) ;check for 8 bytes processed
2b000 // @083 #613: RETURN(Z)
18401 // @084 #614: ADD(s4,1) ;increment memory pointer
34080 // @085 #615: JUMP(CRC_send_loop)
// #616: ;
// #617: ;
// #618: ;**************************************************************************************
// #619: ; Compute 16-bit CRC using the polynomial X16 + X15 + X2 + 1.
// #620: ;**************************************************************************************
// #621: ;
// #622: ;
// #623: ; This routine computes a 16-bit CRC in the register pair [sE,sD] and these
// #624: ; registers must not be disturbed between calls of this routine.
// #625: ;
// #626: ; This routine has been written such that the CRC can be computed one
// #627: ; byte at a time. The byte to be processed should be provided in register 's3'
// #628: ; and the contents of this register are preserved.
// #629: ;
// #630: ; Before starting a CRC computation either clear or pre-load (seed) the register pair
// #631: ; [sE,sD] and do not disturb the value of the register pair between calling this routine.
// #632: ;
// #633: ; Registers used s0,s1,s3,sD,sE
// #634: ;    s3 is preserved.
// #635: ;    sD and sE should not be disturbed between calls if CRC value is required.
// #636: ;
// #637: ;
// #638: ;
// @086 #639: [compute_CRC16]
00108 // @086 #639: LOAD(s1,8) ;8-bits to shift
// @087 #640: [crc16_loop]
010d0 // @087 #640: LOAD(s0,sD) ;copy current CRC value
0f030 // @088 #641: XOR(s0,s3) ;Need to know LSB XOR next input bit
12001 // @089 #642: TEST(s0,1) ;test result of XOR in LSB
35c8d // @08a #643: JUMP(NC,crc16_shift)
0ed02 // @08b #644: XOR(sD,2) ;compliment bit 1 of CRC
0ee40 // @08c #645: XOR(sE,64) ;compliment bit 14 of CRC
// @08d #646: [crc16_shift]
2000e // @08d #646: SR0(s0) ;Carry gets LSB XOR next input bit
20e08 // @08e #647: SRA(sE) ;shift Carry into MSB to form new CRC value
20d08 // @08f #648: SRA(sD)
2030c // @090 #649: RR(s3) ;shift input value
1c101 // @091 #650: SUB(s1,1) ;count bits
35487 // @092 #651: JUMP(NZ,crc16_loop) ;next bit
2a000 // @093 #652: RETURN
// #653: ;
// #654: ;
// #655: ;**************************************************************************************
// #656: ; Read 256 bytes of StrataFLASH memory including the authentication value.
// #657: ;**************************************************************************************
// #658: ;
// #659: ; This routine reads the authentication value from the StrataFLASH memory. In this
// #660: ; design the authentication value is only 2 bytes which once read will be returned
// #661: ; in the register pair [sB,sA].
// #662: ;
// #663: ; To make the authentication value more difficult to identify, it is hidden in 256 bytes
// #664: ; of pseudo random values which will also appear different in each FLASH device inspected.
// #665: ; This routine deliberately reads all 256 bytes that are stored and abstracts the required
// #666: ; 2 bytes of information from them otherwise it would be easy to observe which addresses
// #667: ; of the block were being accessed.
// #668: ;
// #669: ; Another way that an attacker may deduce which address locations are important would be to
// #670: ; observe the time between read accesses and note when there is any difference. In this case
// #671: ; the attacker is attempting to detect when PicoBlaze takes slightly longer to execute the
// #672: ; instructions which store the important bytes in scratch pad memory. So to avoid this
// #673: ; detection this routine inserts an additional random delay between reads to mask any code
// #674: ; execution differences.
// #675: ;
// #676: ; The 256 bytes are stored at addresses 060000 to 0600FF hex (the first block above the
// #677: ; XC3S500E configuration image which occupies 000000 to 04547F hex). The 2 bytes forming the
// #678: ; actual authentication value are stored as 4-bit nibbles in 4 different locations in this range.
// #679: ;
// #680: ;
// #681: ;                             High Order Nibble           Low Order Nibble
// #682: ;                               (NNNNxxxx)                  (xxxxNNNN)
// #683: ;
// #684: ; LS-Byte in 'sA'              Addr=060010                 Addr=06007F
// #685: ; MS-Byte in 'sB'              Addr=060025                 Addr=0600FA
// #686: ;
// #687: ;
// @094 #688: [read_authentication]
00906 // @094 #688: LOAD(s9,6) ;start address in FLASH
00800 // @095 #689: LOAD(s8,0)
00700 // @096 #690: LOAD(s7,0)
// @097 #691: [auth_read_loop]
30101 // @097 #691: CALL(SF_byte_read) ;read byte from FLASH into s0
14710 // @098 #692: COMPARE(s7,16) ;check for bytes/nibbles that contain real information
3549c // @099 #693: JUMP(NZ,auth_check2)
01a00 // @09a #694: LOAD(sA,s0) ;isolate upper order nibble for LS-Byte
0aaf0 // @09b #695: AND(sA,F0)
// @09c #696: [auth_check2]
14725 // @09c #696: COMPARE(s7,37)
354a0 // @09d #697: JUMP(NZ,auth_check3)
01b00 // @09e #698: LOAD(sB,s0) ;isolate upper order nibble for MS-Byte
0abf0 // @09f #699: AND(sB,F0)
// @0a0 #700: [auth_check3]
1477f // @0a0 #700: COMPARE(s7,127)
354a4 // @0a1 #701: JUMP(NZ,auth_check4)
0a00f // @0a2 #702: AND(s0,15) ;isolate lower order nibble for LS-Byte
0da00 // @0a3 #703: OR(sA,s0) ;  and merge with upper order nibble
// @0a4 #704: [auth_check4]
147fa // @0a4 #704: COMPARE(s7,FA)
354a8 // @0a5 #705: JUMP(NZ,next_auth_read)
0a00f // @0a6 #706: AND(s0,15) ;isolate lower order nibble for MS-Byte
0db00 // @0a7 #707: OR(sB,s0) ;  and merge with upper order nibble
// @0a8 #708: [next_auth_read]
18701 // @0a8 #708: ADD(s7,1) ;increment address
2b000 // @0a9 #709: RETURN(Z) ;complete after 256 reads
04004 // @0aa #710: INPUT(s0,random_value_port) ;random delay between reads
// @0ab #711: [auth_read_delay]
1c001 // @0ab #711: SUB(s0,1)
354ab // @0ac #712: JUMP(NZ,auth_read_delay)
34097 // @0ad #713: JUMP(auth_read_loop)
// #714: ;
// #715: ;
// #716: ;**************************************************************************************
// #717: ; Read 256 bytes (page) of StrataFLASH memory containing the authentication value.
// #718: ;**************************************************************************************
// #719: ;
// #720: ; This routine reads the StrataFLASH memory and displays the contents on the PC display
// #721: ; via the UART. The display will be 256 bytes from address range 060000 to 0600FF displayed
// #722: ; as 16 lines of 16 bytes with each line commencing with the address of the first byte.
// #723: ;
// @0ae #724: [send_auth_page]
00906 // @0ae #724: LOAD(s9,6) ;start address in FLASH
00800 // @0af #725: LOAD(s8,0)
00700 // @0b0 #726: LOAD(s7,0)
// @0b1 #727: [auth_line_loop]
30154 // @0b1 #727: CALL(send_CR)
30146 // @0b2 #728: CALL(send_hex_3bytes) ;display address
30157 // @0b3 #729: CALL(send_space)
// @0b4 #730: [auth_byte_loop]
30157 // @0b4 #730: CALL(send_space)
30101 // @0b5 #731: CALL(SF_byte_read) ;read byte into s0
30140 // @0b6 #732: CALL(send_hex_byte) ;display byte
18701 // @0b7 #733: ADD(s7,1) ;increment FLASH address
1270f // @0b8 #734: TEST(s7,15) ;test for 16 byte boundary
354b4 // @0b9 #735: JUMP(NZ,auth_byte_loop)
127ff // @0ba #736: TEST(s7,FF) ;test for roll over of 256 bytes
354b1 // @0bb #737: JUMP(NZ,auth_line_loop)
30154 // @0bc #738: CALL(send_CR)
2a000 // @0bd #739: RETURN
// #740: ;
// #741: ;
// #742: ;
// #743: ;
// #744: ;**************************************************************************************
// #745: ; Write 256 bytes of StrataFLASH memory including the authentication value.
// #746: ;**************************************************************************************
// #747: ;
// #748: ; This routine writes the authentication value to the StrataFLASH memory. This routine
// #749: ; would normally be part of a production programming mechanism and not part of the
// #750: ; final design which only reads and confirms authentication. This routine does not
// #751: ; require and special measures to confuse an attacker if it is only used in a secure
// #752: ; production environment.
// #753: ;
// #754: ; The 2 bytes forming the actual authentication value are stored as 4-bit nibbles in
// #755: ; 4 different locations in the address range 600000 to 6000FF hex (256 bytes) with
// #756: ; all remaining locations filled with pseudo random values.
// #757: ;
// #758: ; The authentication value to be stored in StrataFLASH memory should be provided in
// #759: ; the register pair [sE,sD] and will be stored in the following locations.
// #760: ;
// #761: ;                             High Order Nibble           Low Order Nibble
// #762: ;                               (NNNNxxxx)                  (xxxxNNNN)
// #763: ;
// #764: ; LS-Byte in 'sD'              Addr=060010                 Addr=06007F
// #765: ; MS-Byte in 'sE'              Addr=060025                 Addr=0600FA
// #766: ;
// #767: ;
// @0be #768: [write_authentication]
00906 // @0be #768: LOAD(s9,6) ;start address in FLASH
00800 // @0bf #769: LOAD(s8,0)
00700 // @0c0 #770: LOAD(s7,0)
// @0c1 #771: [auth_write_loop]
04004 // @0c1 #771: INPUT(s0,random_value_port) ;Obtain random value
14710 // @0c2 #772: COMPARE(s7,16) ;check for bytes/nibbles that need to be real information
354c8 // @0c3 #773: JUMP(NZ,auth_write_check2)
011d0 // @0c4 #774: LOAD(s1,sD) ;merge upper order nibble for LS-Byte with random
0a1f0 // @0c5 #775: AND(s1,F0)
0a00f // @0c6 #776: AND(s0,15)
0d010 // @0c7 #777: OR(s0,s1)
// @0c8 #778: [auth_write_check2]
14725 // @0c8 #778: COMPARE(s7,37)
354ce // @0c9 #779: JUMP(NZ,auth_write_check3)
011e0 // @0ca #780: LOAD(s1,sE) ;merge upper order nibble for MS-Byte with random
0a1f0 // @0cb #781: AND(s1,F0)
0a00f // @0cc #782: AND(s0,15)
0d010 // @0cd #783: OR(s0,s1)
// @0ce #784: [auth_write_check3]
1477f // @0ce #784: COMPARE(s7,127)
354d4 // @0cf #785: JUMP(NZ,auth_write_check4)
011d0 // @0d0 #786: LOAD(s1,sD) ;merge lower order nibble for LS-Byte with random
0a10f // @0d1 #787: AND(s1,15)
0a0f0 // @0d2 #788: AND(s0,F0)
0d010 // @0d3 #789: OR(s0,s1)
// @0d4 #790: [auth_write_check4]
147fa // @0d4 #790: COMPARE(s7,FA)
354da // @0d5 #791: JUMP(NZ,write_auth)
011e0 // @0d6 #792: LOAD(s1,sE) ;merge lower order nibble for MS-Byte with random
0a10f // @0d7 #793: AND(s1,15)
0a0f0 // @0d8 #794: AND(s0,F0)
0d010 // @0d9 #795: OR(s0,s1)
// @0da #796: [write_auth]
300ec // @0da #796: CALL(SF_single_byte_write) ;write byte to FLASH
18701 // @0db #797: ADD(s7,1) ;increment address
2b000 // @0dc #798: RETURN(Z) ;complete after 256 writes
340c1 // @0dd #799: JUMP(auth_write_loop)
// #800: ;
// #801: ;
// #802: ;**************************************************************************************
// #803: ; Erase authentication value from StrataFLASH memory.
// #804: ;**************************************************************************************
// #805: ;
// #806: ; Erase block 3 of the StrataFLASH memory which covers the address range 060000 to 07FFFF.
// #807: ; This erases the area containing the authentication value and random values which helps
// #808: ; to hide it.
// #809: ;
// @0de #810: [erase_authentication]
00906 // @0de #810: LOAD(s9,6) ;set address to 06xxxx hex which defines block 3 (060000 to 07FFFF)
300e4 // @0df #811: CALL(SF_erase_block)
2a000 // @0e0 #812: RETURN
// #813: ;
// #814: ;
// #815: ;**************************************************************************************
// #816: ; Initialise the StrataFlash Memory control signals.
// #817: ;**************************************************************************************
// #818: ;
// #819: ; SF_read = 0   - Output enable off
// #820: ; SF_ce = 1     - Deselect StrataFLASH memory
// #821: ; SF_we = 1     - Write enable off
// #822: ;
// #823: ; Register used s0
// #824: ;
// @0e1 #825: [SF_init]
00006 // @0e1 #825: LOAD(s0,6)
2c040 // @0e2 #826: OUTPUT(s0,SF_control_port)
2a000 // @0e3 #827: RETURN
// #828: ;
// #829: ;
// #830: ;
// #831: ;**************************************************************************************
// #832: ; StrataFLASH Block Erase
// #833: ;**************************************************************************************
// #834: ;
// #835: ; This routine will erase one 128k-byte block of the StrataFLASH memory.
// #836: ; The block to be erased is specified by the contents of register 's9'.
// #837: ;
// #838: ; s9=06 erases Block 3 (address range 060000 to 07FFFF)
// #839: ;
// #840: ;
// #841: ; To erase a block the 24-bit address must be set and then the block erase command
// #842: ; (20 hex) written to the memory followed by the write confirm command (D0 hex).
// #843: ;
// #844: ; The act of erasing a block may take up to 1 second to complete. This routine
// #845: ; waits for the memory to be ready before restoring the normal read array mode and
// #846: ; returning.
// #847: ;
// #848: ; Registers used s0,s1,s7,s8,s9
// #849: ;
// @0e4 #850: [SF_erase_block]
00800 // @0e4 #850: LOAD(s8,0) ;define lower address of block = xx0000
00700 // @0e5 #851: LOAD(s7,0)
00120 // @0e6 #852: LOAD(s1,32) ;block erase command
3010b // @0e7 #853: CALL(SF_byte_write)
001d0 // @0e8 #854: LOAD(s1,D0) ;write confirm command
3010b // @0e9 #855: CALL(SF_byte_write)
30118 // @0ea #856: CALL(wait_SF_ready) ;wait for erase to complete
2a000 // @0eb #857: RETURN
// #858: ;
// #859: ;
// #860: ;**************************************************************************************
// #861: ; Write a single byte to StrataFlash Memory
// #862: ;**************************************************************************************
// #863: ;
// #864: ; To write a single byte to StrataFLASH memory the address must be set and the
// #865: ; single-word/byte program command (40 hex) sent to the memory. Then the data byte can
// #866: ; be written to the memory using the same address.
// #867: ;
// #868: ; The 24-bit address should be supplied in register set [s9,s8,s7].
// #869: ; Register s0 should contain the byte data to be written to the memory.
// #870: ;
// #871: ; The act of writing the memory array may take up to 175us to complete. This routine
// #872: ; waits for the memory to be ready before restoring the normal read array mode and
// #873: ; returning.
// #874: ;
// #875: ; Registers used s0,s1,s7,s8,s9   (s7,s8,s9 not changed)
// #876: ;
// #877: ; Registers used s0,s1,s7,s8,s9
// #878: ;
// @0ec #879: [SF_single_byte_write]
00140 // @0ec #879: LOAD(s1,64) ;command for single byte program
3010b // @0ed #880: CALL(SF_byte_write)
01100 // @0ee #881: LOAD(s1,s0) ;write data to be programmed
3010b // @0ef #882: CALL(SF_byte_write)
30118 // @0f0 #883: CALL(wait_SF_ready) ;wait for program to complete
2a000 // @0f1 #884: RETURN
// #885: ;
// #886: ;