Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC: Implement syscalls using PicoRV32 interrupts #305

Draft
wants to merge 32 commits into
base: main
Choose a base branch
from
Draft

PoC: Implement syscalls using PicoRV32 interrupts #305

wants to merge 32 commits into from

Conversation

agren
Copy link
Member

@agren agren commented Dec 9, 2024
edited
Loading

Description

This is a proof of concept of using PicoRV32 interrupts to implement syscalls.
The idea is to let in app execute system calls by raising an interrupt. The
following sequence describes a syscall call:

  1. App raises interrupt by writing to a raise-interrupt-address
  2. Interrupt handler get executed
  3. Syscall gets handled
  4. Interrupt handler returns to app by calling PicoRV32-specific
    instruction retirq.

One interrupt is added: IRQ31. An interrupt is triggered by writing
to a specific memory area. Triggering an interrupt hands over execution to the interrupt handler in firmware ROM (address 0x10).
The PicoRV32 eoi signal is used to make certain resources, which are otherwise unavailable in app mode, available to the interrupt handler.

Four example firmwares are available to demonstrate interrupt handling:

  • hw/application_fpga/fw/irqpoc/start.S
  • hw/application_fpga/fw/irqpoc_led_toggle/start.S
  • hw/application_fpga/fw/irq_poc_with_app/start.S
  • hw/application_fpga/fw/irqpoc_c_example/start.S

Added so far:

  • Enable PicoRV32 interrupts
  • Allow access to resources during syscall interrupt
    • Executing from firmware ROM allowed
    • Firmware RAM available
    • SPI accessible
  • Lock down resources only available in firmware mode
  • Example firmware with syscall implementation in C (see irqpoc_c_example)
  • Example app calling of syscalls from C

This draft PR is part of investigating #234.

@agren agren force-pushed the syscall_picorv32_irq branch from 54af78a to 713a9e0 Compare December 9, 2024 13:03
@agren agren mentioned this pull request Dec 10, 2024
Open
@agren agren force-pushed the syscall_picorv32_irq branch 5 times, most recently from 4afcea2 to 6023d97 Compare December 17, 2024 17:16
dehanj
dehanj reviewed Dec 18, 2024
View reviewed changes
hw/application_fpga/core/tk1/rtl/tk1.v
@@ -291,7 +293,7 @@ module tk1 #(
gpio2_reg[1] <= gpio2_reg[0];

if (system_mode_we) begin
system_mode_reg <= 1'h1;
system_mode_reg <= system_mode_new;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep system_mode_reg <= 1'h1;

Then we can remove system_mode_new completely. Since what I can see we never return to system_mode_reg = 0.

@mchack-work mchack-work mentioned this pull request Jan 21, 2025
Closed
@mchack-work mchack-work linked an issue Jan 21, 2025 that may be closed by this pull request
Hardware syscall support #234
Open
@agren agren force-pushed the syscall_picorv32_irq branch 7 times, most recently from c40f63c to c8f43bb Compare February 4, 2025 08:35
agren added 2 commits February 4, 2025 12:25
@agren
PoC: PicoRV32 interrupts
5535323 
A proof-of-concept of enabling PicoRV32 interrupts. Two interrupt
sources, which can be triggered by writes to memory addresses, are
added.  The design has only been simulated, not run on hardware.

Synthesis:

Ice40 LC utilization is 93% (4934/5280) when built using tkey-builder:4

Simulation:

A `tb_application_fpga_irqpoc` target is added. Running `make
tb_application_fpga_irqpoc` creates `tb_application_fpga_sim.fst` which
can be inspected in GTKWave or Surfer.

Firmware:

A simple firmware is added in `fw/irqpoc`. It enables both interrupts
and triggers each interrupt once.

Custom PicoRV32 instructions are located in `custom_ops.S`. It is
imported from upstream PicoRV32 commit:
YosysHQ/picorv32@70f3c33
@agren
PoC: Add LED toggling interrupt example
d36e9c9 
Add example firmware for demoing interrupts on Tkey hardware.
@agren agren force-pushed the syscall_picorv32_irq branch from c8f43bb to 2a11b76 Compare February 4, 2025 11:32
dehanj and others added 7 commits February 7, 2025 12:54
@dehanj @agren
PoC: Automatically control system_mode in hardware
2d762fa 
Instead of manually switching to app mode using the system mode
register, app mode will be enabled when executing outside of firmware
ROM.

Co-authored-by: Mikael Ågren <mikael@tillitis.se>
@agren
PoC: Remove Blake2s register
b53666e
@agren @dehanj
PoC: Trap when executing from ROM in app mode
e4d19e8 
Only allow executing from ROM when in one of the following execution
contexts:
- Firmware mode
- IRQ_SYSCALL_LO
- IRQ_SYSCALL_HI

Co-authored-by: Daniel Jobson <jobson@tillitis.se>
@agren
PoC: Add basic syscall example firmware
a871d23 
Adds a basic example firmware that copies an app to app RAM. The app
triggers syscall interrupts and tries to execute ROM code from app mode.

A make target (`tb_application_fpga_irqpoc_with_app`) that simulates a
Tkey running the firmware is added.
@agren
PoC: Control access to FW RAM
62dba7c 
Allow FW RAM access only in the following execution contexts:
- Firmware mode
- IRQ_SYSCALL_HI

Input port `system_mode` of the `fw_ram` module is replaced with an
enable port. Since access to FW RAM not longer depend only on
system_mode
@agren
PoC: Add example firmware with embedded that calls syscalls implement…
4877e0a 
…ed in C

App is embedded in firmware and is loaded into app RAM when firmware
starts.
App continuously calls SET_LED syscalls.

Simulation: `make tb_application_fpga_irqpoc_c_example`
@dehanj @agren
PoC: Deny access to the SPI master in app mode
ecdbb25 
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
agren and others added 23 commits February 7, 2025 12:54
@agren
PoC: Remove low privilege syscall
7f34f5d
@dehanj @agren
PoC: Make sensitive assets only readable/writable before system_mode …
2ec2196 
…is set

After the first time system_mode is set to one, the assets will no
longer be read- or writeable, even if system_mode is set to zero at a
later syscall. This is to make sure syscalls does not have the same
privilege as the firmware has at first boot.

We need to monitor when system_mode is set to one, otherwise we might
accedentially lock the assets before actually leaving firmware, for
example if firmware would use a function set in any of the registers
used in system_mode_ctrl.

Co-authored-by: Mikael Ågren <mikael@tillitis.se>
@agren
PoC: Remove IRQ30 from fw/irqpoc
0520292 
Removing IRQ30 since it us no longer exist
@agren
PoC: Remove IRQ30 from fw/irqpoc_led_toggle
14f266e 
Removing IRQ30 since it us no longer exist
@agren
PoC: Remove IRQ30 from fw/irqpoc_with_app
82d408f 
Removing IRQ30 since it us no longer exist
@agren
PoC: Remove IRQ30 from fw/irqpoc_c_example
7f95e09 
Removing IRQ30 since it us no longer exist
@agren
PoC: tb: Write data only once per call to write_word() in tb_tk1
3269d25 
Keep WE and CS high for one clock cycle instead of two. To avoid writing
the same address twice.
@agren
tb: Display errors in tb_tk1 even if DEBUG is 0
93a74bc 
Always display errors to make them easy to find and troubleshoot.
@agren
PoC: tb: Update tk1 test bench with new ports
007aa69 
Fixing tests that broke when adding interrupt based syscalls
@agren
PoC: tb: Remove tb_tk1 blake2s test
a646c8b 
Removing the blake2s test since the blake2s registers are removed.
@agren
PoC: tb: Add fetch instruction helper task to tb_tk1
5c56304
@agren
PoC: tb: Fix tb_tk1 test3 (CDI)
6c2a7ef 
Fix test1. It broke while implementing interrupt based syscalls.

Instead of writing to ADDR_SYSTEM_MODE_CTRL, app mode is now entered
automatically when executing outside of ROM.
@agren
PoC: tb: Fix tb_tk1 test5 (APP_START/APP_SIZE)
8c6e4a3 
Fix test1. It broke while implementing interrupt based syscalls.

Instead of writing to ADDR_SYSTEM_MODE_CTRL, app mode is now entered
automatically when executing outside of ROM.
@agren
PoC: tb: Fix tb_tk1 test10 (SPI loop back test)
97005bb 
Fix test10. It broke while implementing interrupt based syscalls.

Cleaning up after the previous test. We reset the memory bus to a known
idle state. We also reset the DUT to make the SPI master visible.
@agren
PoC: tb: Expand existing tests with access checks in app mode and sys…
e851efd 
…calls

Checks availability of:
- CDI
- UDI
- RAM
- SPI
@agren
PoC: Add experimental syscalls to firmware
926f3c6 
Adds:
- SYSCALL_RESET
- SYSCALL_SET_LED
@agren
PoC: testfw: Remove blake2s test
1a505f4 
Removing the blake2s test since the possibility for the firmware to
expose a blake2s function to the app has been removed.
@agren
PoC: testfw: Break out tests running in app mode into separate app
d1b8b6e 
App mode can no longer be controlled from software. So the tests have to
run from firmware RAM.
@dehanj @agren
PoC: fw: Import spi.[ch] and flash.[ch]
ea7f710
@agren
PoC: Integrate spi and flash code
52694b5
@agren
PoC: testfw: Check that SPI flash is available in firmware mode
3665c3e
@agren
PoC: testapp: Call syscall accessing SPI flash
f34b4c3
@agren
PoC: testapp: Call reset syscall
c0a9819
@agren agren force-pushed the syscall_picorv32_irq branch from 2a11b76 to c0a9819 Compare February 7, 2025 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dehanj dehanj dehanj left review comments

@mchack-work mchack-work Awaiting requested review from mchack-work

@jthornblad jthornblad Awaiting requested review from jthornblad

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Hardware syscall support
2 participants
@agren @dehanj