TK1-24.03 Bellatrix

TK1-24.03

This is an official release of the "Bellatrix" version of the Tillitis' TKey. This version is ready for general use.

Using OCI image ghcr.io/tillitis/tkey-builder:4, built from ../contrib/Dockerfile, and the generic ../hw/application_fpga/data/uds.hex and ../hw/application_fpga/data/udi.hex, a clean build should generate the following digest:

321924aa3b26507f2a02325750e63c83b306c7831f8e2c87e8d198cecf8cc1c1  application_fpga.bin

FPGA

• Security Monitor now prevents access to RAM outside of the physical memory. If it detects an access outside of the RAM address space, it will halt the CPU.
• CPU Monitor changes name to Security monitor, which CPU Monitor is a part of. Prepare for more functions in the future.
• Support incremental builds for the bitstream, when changing UDS/UDI between builds. Requires tkey-builder:3 or higher.
• Update Verilog linter to Verilog-2005 and fixed warnings.
• Complete testbenches and add 9 tests for the FPGA cores.

Firmware

• Protect zeroisation against compiler optimisation by using secure_wipe(), fixing a memset() that was removed during compilation.
• Make memeq() function side channel silent.
• Change memory constants to defines instead of an enum, to be compatible with ISO C.
• Deprecate TK1_MMIO_TK1_RAM_ASLR and introduce TK1_MMIO_TK1_RAM_ADDR_RAND instead to distinguish from OS-level
  ASLR.
• Use pedantic warnings while building firmware and fixed warnings.
• Use clang-tidy in CI.
• Fix warnings from splint.

TP1

• New plastic clip o and update of BOM.
• Build TP1 firmware in CI.

CH552

• Fixed a bug where a byte of data could in some rare circumstances be dropped, causing a client app to hang.
• General clean-up of code, translated all comments to English.

TK1

• New injection moulded plastic case

tkey-builder

• Updated to version 3. Bumping Ubuntu to 23.10, Yosys to 0.36 and nextpnr to 0.6.
• Updated to version 4. Bumping pico-sdk to 1.5.1, adding clang-tidy and splint.

Docs

• Fixing broken links, cleaning up docs and READMEs.
• Clarify warm boot attack mitigations and scope for Bellatrix in threat model.

For full change log see

TK1-23.03.2 Bellatrix

This release contains a BOM change to the hardware.

• A PCB spring contact is used instead of a capacitor for the touch sensor.
• The file application_fpga.bin is a pre-built FPGA bitstream, containing the hardware design and firmware, using the test UDS and test UDI you can use for experiments.

Please observe: Using this prepared bitstream gives the same base secret, UDS, and device ID, UID, on every TKey you use it with. Don't use for real use cases!

See the Dev Handbook for more information on how to use a bitstream with the TKey Unlocked and the TKey Programmer.

See the release notes for details.

TK1-23.03.1 Bellatrix

This bug fix release contains the following changes:

• Change the firmware protocol max frame size back to 128 bytes
• Correct a bug with the reading out of UDS

See the release notes for details.

TK1-23.03 Bellatrix

First official release ready for general use.

New features:

• Memory execution protection of FW_RAM and settable region in RAM (typically the stack) by device apps.
• RAM address and content scrambling.
• FW_RAM size increased to 2 kilobyte.
• Illegal instruction monitor.
• Use of locked down non-volatile configuration memory in FPGA chip for bitstream possible.
• Simplified firmware state machine with early exits and with stack inside FW_RAM.

See release notes for details.