From 31ccc060dbd0ba6daa2eedb8911b40603b96a26f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Sun, 9 Dec 2018 11:30:09 +0100
Subject: Adding support for SW to keep loaded key alive by reading status.
 Adding support for SW to trigger zeroisation of a loaded key.

---
 src/rtl/keywrap.v | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'src/rtl/keywrap.v')

diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index c03e903..02c20fc 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -72,6 +72,7 @@ module keywrap #(parameter ADDR_BITS = 13)
   localparam ADDR_CTRL        = 8'h08;
   localparam CTRL_INIT_BIT    = 0;
   localparam CTRL_NEXT_BIT    = 1;
+  localparam CTRL_ZEROISE_BIT = 2;
 
   localparam ADDR_STATUS       = 8'h09;
   localparam STATUS_READY_BIT  = 0;
@@ -136,6 +137,12 @@ module keywrap #(parameter ADDR_BITS = 13)
   reg [31 : 0] timeout_reg;
   reg          timeout_we;
 
+  reg          ping_reg;
+  reg          ping_new;
+
+  reg          zeroise_reg;
+  reg          zeroise_new;
+
   reg [31 : 0] api_rd_delay_reg;
   reg [31 : 0] api_rd_delay_new;
 
@@ -192,6 +199,8 @@ module keywrap #(parameter ADDR_BITS = 13)
                     .loaded(core_loaded),
 
                     .timeout(timeout_reg),
+                    .ping(ping_reg),
+                    .zeroise(zeroise_reg),
 
                     .rlen(rlen_reg),
 
@@ -232,6 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13)
           a1_reg           <= 32'h0;
           api_rd_delay_reg <= 32'h0;
           timeout_reg      <= DEFAULT_TIMEOUT;
+          ping_reg         <= 1'h0;
+          zeroise_reg      <= 1'h0;
         end
       else
         begin
@@ -240,6 +251,8 @@ module keywrap #(parameter ADDR_BITS = 13)
           loaded_reg       <= core_loaded;
           init_reg         <= init_new;
           next_reg         <= next_new;
+          ping_reg         <= ping_new;
+          zeroise_reg      <= zeroise_new;
           api_rd_delay_reg <= api_rd_delay_new;
 
           if (config_we)
@@ -283,6 +296,8 @@ module keywrap #(parameter ADDR_BITS = 13)
       a1_we            = 1'h0;
       tmp_read_data    = 32'h0;
       tmp_error        = 1'h0;
+      ping_new         = 1'h0;
+      zeroise_new      = 1'h0;
       api_rd_delay_new = 32'h0;
 
       // api_mux
@@ -297,8 +312,9 @@ module keywrap #(parameter ADDR_BITS = 13)
             begin
               if (address == {{PAD{1'h0}}, ADDR_CTRL})
                 begin
-                  init_new = write_data[CTRL_INIT_BIT];
-                  next_new = write_data[CTRL_NEXT_BIT];
+                  init_new    = write_data[CTRL_INIT_BIT];
+                  next_new    = write_data[CTRL_NEXT_BIT];
+                  zeroise_new = write_data[CTRL_ZEROISE_BIT];
                 end
 
               if (address == {{PAD{1'h0}}, ADDR_CONFIG})
@@ -339,7 +355,10 @@ module keywrap #(parameter ADDR_BITS = 13)
                 api_rd_delay_new = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg};
 
               if (address == {{PAD{1'h0}}, ADDR_STATUS})
-                api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+                begin
+                  api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+                  ping_new = 1'h1;
+                end
 
               if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
                 api_rd_delay_new = timeout_reg;
-- 
cgit v1.2.3