Off by default, enabled with --debug-auth.
The protocol is very simple (definitely not secure) to allow debuggers
to test their authentication feature. To authenticate a debugger must:
1. Read authdata
2. Write to authdata the value that it just read, plus 1
///////////////////////// debug_module_t
-debug_module_t::debug_module_t(sim_t *sim, unsigned progbufsize, unsigned max_bus_master_bits) :
+debug_module_t::debug_module_t(sim_t *sim, unsigned progbufsize, unsigned max_bus_master_bits,
+ bool require_authentication) :
progbufsize(progbufsize),
program_buffer_bytes(4 + 4*progbufsize),
max_bus_master_bits(max_bus_master_bits),
+ require_authentication(require_authentication),
debug_progbuf_start(debug_data_start - program_buffer_bytes),
debug_abstract_start(debug_progbuf_start - debug_abstract_size*4),
sim(sim)
dmstatus = {0};
dmstatus.impebreak = true;
- dmstatus.authenticated = 1;
+ dmstatus.authenticated = !require_authentication;
dmstatus.version = 2;
abstractcs = {0};
sbcs.access16 = true;
if (max_bus_master_bits >= 8)
sbcs.access8 = true;
+
+ challenge = random();
}
void debug_module_t::add_device(bus_t *bus) {
case DMI_SBDATA3:
result = sbdata[3];
break;
+ case DMI_AUTHDATA:
+ result = challenge;
+ break;
default:
result = 0;
D(fprintf(stderr, "Unexpected. Returning Error."));
bool debug_module_t::dmi_write(unsigned address, uint32_t value)
{
D(fprintf(stderr, "dmi_write(0x%x, 0x%x)\n", address, value));
+
+ if (!dmstatus.authenticated && address != DMI_AUTHDATA &&
+ address != DMI_DMCONTROL)
+ return false;
+
if (address >= DMI_DATA0 && address < DMI_DATA0 + abstractcs.datacount) {
unsigned i = address - DMI_DATA0;
if (!abstractcs.busy)
if (!dmcontrol.dmactive && get_field(value, DMI_DMCONTROL_DMACTIVE))
reset();
dmcontrol.dmactive = get_field(value, DMI_DMCONTROL_DMACTIVE);
+ if (!dmstatus.authenticated)
+ return true;
if (dmcontrol.dmactive) {
dmcontrol.haltreq = get_field(value, DMI_DMCONTROL_HALTREQ);
dmcontrol.resumereq = get_field(value, DMI_DMCONTROL_RESUMEREQ);
case DMI_SBDATA3:
sbdata[3] = value;
return true;
+ case DMI_AUTHDATA:
+ D(fprintf(stderr, "debug authentication: got 0x%x; 0x%x unlocks\n", value,
+ challenge + secret));
+ if (require_authentication) {
+ if (value == challenge + secret) {
+ dmstatus.authenticated = true;
+ } else {
+ dmstatus.authenticated = false;
+ challenge = random();
+ }
+ }
+ return true;
}
}
return false;
class debug_module_t : public abstract_device_t
{
public:
- debug_module_t(sim_t *sim, unsigned progbufsize, unsigned max_bus_master_bits);
+ /*
+ * If require_authentication is true, then a debugger must authenticate as
+ * follows:
+ * 1. Read a 32-bit value from authdata:
+ * 2. Write the value that was read back, plus one, to authdata.
+ */
+ debug_module_t(sim_t *sim, unsigned progbufsize, unsigned max_bus_master_bits,
+ bool require_authentication);
~debug_module_t();
void add_device(bus_t *bus);
// Actual size of the program buffer, which is 1 word bigger than we let on
// to implement the implicit ebreak at the end.
unsigned program_buffer_bytes;
- unsigned max_bus_master_bits ;
+ unsigned max_bus_master_bits;
+ bool require_authentication;
static const unsigned debug_data_start = 0x380;
unsigned debug_progbuf_start;
uint32_t sbaddress[4];
uint32_t sbdata[4];
+ uint32_t challenge;
+ const uint32_t secret = 1;
+
processor_t *current_proc() const;
void reset();
bool perform_abstract_command();
enum {
IR_IDCODE=1,
IR_DTMCONTROL=0x10,
- IR_DBUS=0x11
+ IR_DBUS=0x11,
+ IR_RESET=0x1c
};
#define DTMCONTROL_VERSION 0xf
case SHIFT_IR:
_tdo = ir & 1;
break;
- case UPDATE_IR:
- break;
+ //case UPDATE_IR:
+ //if (ir == IR_RESET) {
+ // Make a reset happen
+ //}
+ //break;
default:
break;
}
std::vector<std::pair<reg_t, mem_t*>> mems,
const std::vector<std::string>& args,
std::vector<int> const hartids, unsigned progsize,
- unsigned max_bus_master_bits)
+ unsigned max_bus_master_bits, bool require_authentication)
: htif_t(args), mems(mems), procs(std::max(nprocs, size_t(1))),
start_pc(start_pc), current_step(0), current_proc(0), debug(false),
- remote_bitbang(NULL), debug_module(this, progsize, max_bus_master_bits)
+ remote_bitbang(NULL),
+ debug_module(this, progsize, max_bus_master_bits, require_authentication)
{
signal(SIGINT, &handle_signal);
sim_t(const char* isa, size_t _nprocs, bool halted, reg_t start_pc,
std::vector<std::pair<reg_t, mem_t*>> mems,
const std::vector<std::string>& args, const std::vector<int> hartids,
- unsigned progsize, unsigned max_bus_master_bits);
+ unsigned progsize, unsigned max_bus_master_bits, bool require_authentication);
~sim_t();
// run the simulation to completion
fprintf(stderr, " --extlib=<name> Shared library to load\n");
fprintf(stderr, " --rbb-port=<port> Listen on <port> for remote bitbang connection\n");
fprintf(stderr, " --dump-dts Print device tree string and exit\n");
- fprintf(stderr, " --progsize=<words> progsize for the debug module [default 2]\n");
- fprintf(stderr, " --debug-sba=<bits> debug bus master supports up to "
+ fprintf(stderr, " --progsize=<words> Progsize for the debug module [default 2]\n");
+ fprintf(stderr, " --debug-sba=<bits> Debug bus master supports up to "
"<bits> wide accesses [default 0]\n");
+ fprintf(stderr, " --debug-auth Debug module requires debugger to authenticate\n");
exit(1);
}
bool use_rbb = false;
unsigned progsize = 2;
unsigned max_bus_master_bits = 0;
+ bool require_authentication = false;
std::vector<int> hartids;
auto const hartids_parser = [&](const char *s) {
parser.option(0, "progsize", 1, [&](const char* s){progsize = atoi(s);});
parser.option(0, "debug-sba", 1,
[&](const char* s){max_bus_master_bits = atoi(s);});
+ parser.option(0, "debug-auth", 0,
+ [&](const char* s){require_authentication = true;});
auto argv1 = parser.parse(argv);
std::vector<std::string> htif_args(argv1, (const char*const*)argv + argc);
mems = make_mems("2048");
sim_t s(isa, nprocs, halted, start_pc, mems, htif_args, std::move(hartids),
- progsize, max_bus_master_bits);
+ progsize, max_bus_master_bits, require_authentication);
std::unique_ptr<remote_bitbang_t> remote_bitbang((remote_bitbang_t *) NULL);
std::unique_ptr<jtag_dtm_t> jtag_dtm(new jtag_dtm_t(&s.debug_module));
if (use_rbb) {
projects / riscv-isa-sim.git / commitdiff