-
Getting Started: Scripts to get you set up for Development
-
FISMOS:
Makefilesto call IDE with TCL scripts from./scripts/and start programmer -
Scripts: Scripts for synthesizing, compiling and deploying
-
Gateware: RTL in
Verilog -
Firmware:
C-Code to be compiled and run on the PicoRV32 -
Software: Contains Linux Kernel Modules and User Applications for ARM-Cores
-
misc (optional): Logos, tutorials, write-ups, etc.
| Address Range | Description |
|---|---|
| 0x0000_0000 : 0x0300_0000 | Internal SRAM |
| 0x0400_0000 | 32bit Output from PicoRV32 |
| 0x0500_0000 : 0xFeFF_FFFF | Reserved for Additional Security Hardware |
| 0xFF00_0000 | FISMOS Instruction Register (32bit) |
| 0xFF00_0004 | Return Register (32bit) |
| 0xFF00_0008 : 0xFFFF_FFFF | Shared Memory |
As seen from the PicoRV32 processor. These addresses are used in the Firmware.
| Address Range | Description |
|---|---|
| AXI_BASE_ADDRESS + 0x00 | FISMOS Instruction Register (32bit) |
| AXI_BASE_ADDRESS + 0x04 | Return Register (32bit) |
| AXI_BASE_ADDRESS + 0x08 | Start of Shared Memory |
As seen from the external AXI4-Lite connection. These addresses are used in the Linux Software.
AXI_BASE_ADDRESS is configured viaTCLscript or chosen manually during synthesis
| Bit | Description |
|---|---|
| 31:25 | Don't Care |
| 24 | Interrupt from Linux to FISMOS |
| 23:0 | Selected Mode for FISMOS |
| Value [15:0] | Mode |
|---|---|
| 0x0001 | AES-256-CBC-Decrypt with tinyAES |
| 0x0002 | AES-256-CBC-Encrypt with tinyAES |
| 0x0003 | Compute HMAC (SHA256) with mbedTLS |
| 0x0004 | Compare HMAC (SHA256) with mbedTLS |
| 0x0005 | Sign Data with RSA and mbedTLS |
| 0x000F | Get key, based on requested 256bit identifier |
| 0xFFFF | RESERVED |
| Bit | Description |
|---|---|
| 31:25 | Don't Care |
| 24 | Interrupt from FISMOS to Linux |
| 23:0 | State of FISMOS |
| Value [23:0] | Status |
|---|---|
| 0x00_FFFF | Interrupt from Linux accepted |
| 0xFF_FFFF | Reset Interrupt Line to Linux |
| 0x0F_{MODE} | Working on Requested Mode |
| 0xFF_{MODE} | Requested Mode Done |
Motivation of the presented FISMOS is to overcome the need for external components for security features. In case, OpenTitan seems a little overpowered or too big for the considered design, the FISMOS might be ideal. Furthermore, the proposed system might replace external secure elements, like basic functions of a TPM or ATECC.
The FISMOS is implemented on the programmable logic inside a SoC, It is utilizing surplus elements, adding a trusted environment to the ARM cores. Communicating to Linux on mentioned cores, the FISMOS is connected via the AXI4-Lite bus, either directly or via a LKM. This repository was created during the MAPR of Philipp Schubaur at HSA_innos and was financally funded by SiS 4.0.
This project was inspired by the PicoSoc from Cliffard Wolf, as well as basic structures for AXI Components from Alex Forencich in combination with tutorials from ZipCPU.
Long-term, programming in Rust is considered as well as making use of dedicated security modules in programmable logic.
This repository is planned to be compliant to reuse in the near future.
A first research paper can be found here. A follow-up paper was published at the ARES IoT-SECFOR 2023. To cite the FISMOS, you can use the official BibTex entries:
@inproceedings{10.1145/3600160.3605168,
author = {Schubaur, Philipp and Knauer, Peter and Merli, Dominik},
title = {FISMOS – An FPGA Implementation of a Security Module as Open Source},
year = {2023},
isbn = {9798400707728},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3600160.3605168},
doi = {10.1145/3600160.3605168},
booktitle = {Proceedings of the 18th International Conference on Availability, Reliability and Security},
articleno = {88},
numpages = {8},
keywords = {Embedded Security, FPGA, RISC-V, Security Module, SoC},
location = {Benevento, Italy},
series = {ARES '23}
}
@InProceedings{10.25929/7mtt-nz04,\
author = {Schubaur, Philipp and Merli, Dominik},\
booktitle = {{Applied Research Conference 2021}},\
pages = {76-80},\
date = {2021-07-23},\
title = {{Choosing a RISC-V Core for Implementing an FPGA-Based Security Module}},\
url = {https://doi.org/10.25929/7mtt-nz04},\
}