[tock] Define a Tock kernel for OpenTitan

Initially, this kernel/board definition is a clone of the upstream kernel. Over time, we will customize this kernel to the exact configuration needed. Signed-off-by: Chris Frantz <cfrantz@google.com>
lowRISC · Aug 18, 2023 · 4b0d70b · 4b0d70b
1 parent a098f58
commit 4b0d70b
Show file tree

Hide file tree

Showing 5 changed files with 1,225 additions and 0 deletions.
diff --git a/sw/device/silicon_owner/tock/kernel/BUILD b/sw/device/silicon_owner/tock/kernel/BUILD
@@ -0,0 +1,73 @@
+# Copyright lowRISC contributors.
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@rules_rust//rust:defs.bzl", "rust_binary")
+load("//rules:linker.bzl", "ld_library")
+load("//rules:opentitan.bzl", "elf_to_disassembly", "obj_transform")
+
+package(default_visibility = ["//visibility:public"])
+
+ld_library(
+    name = "kernel_layout",
+    includes = [
+        "@tock//boards:kernel_layout",
+    ],
+)
+
+ld_library(
+    name = "layout",
+    script = "layout.ld",
+    deps = [
+        ":kernel_layout",
+    ],
+)
+
+cc_library(
+    name = "nostartfiles",
+    linkopts = [
+        "-nostartfiles",
+    ],
+)
+
+rust_binary(
+    name = "kernel",
+    srcs = [
+        "src/io.rs",
+        "src/main.rs",
+        "src/otbn.rs",
+    ],
+    rustc_flags = [
+        "-g",
+        # TODO(cfrantz): determine the appropriate set of linker flags.
+        #"-Clinker=rust-lld",
+        #"-Clinker-flavor=ld.lld",
+        #"-Crelocation-model=static",
+        #"-Clink-arg=-nmagic",
+        #"-Clink-arg=-icf=all",
+        #"-Cforce-frame-pointers=no",
+    ],
+    # We don't want to build the kernel automatically if matched
+    # by a bazel wildcard because the kernel will not fit in the allocated
+    # space if built in `fastbuild` or `dbg` modes.
+    tags = ["manual"],
+    deps = [
+        ":layout",
+        ":nostartfiles",
+        "@tock//arch/rv32i",
+        "@tock//boards/components",
+        "@tock//capsules/aes_gcm:capsules-aes-gcm",
+        "@tock//capsules/core:capsules-core",
+        "@tock//capsules/extra:capsules-extra",
+        "@tock//chips/earlgrey",
+        "@tock//chips/lowrisc",
+        "@tock//kernel",
+        "@tock//libraries/tock-tbf",
+    ],
+)
+
+obj_transform(
+    name = "raw_kernel",
+    srcs = [":kernel"],
+    tags = ["manual"],
+)
diff --git a/sw/device/silicon_owner/tock/kernel/layout.ld b/sw/device/silicon_owner/tock/kernel/layout.ld
@@ -0,0 +1,57 @@
+/* Copyright lowRISC contributors. */
+/* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
+/* SPDX-License-Identifier: Apache-2.0 */
+
+
+/* Licensed under the Apache License, Version 2.0 or the MIT License. */
+/* SPDX-License-Identifier: Apache-2.0 OR MIT                         */
+/* Copyright Tock Contributors 2023.                                  */
+
+MEMORY
+{
+  rom   (rx)  : ORIGIN = 0x20000000, LENGTH = 0x40000
+  /* Support up to 0x2009_0000 for apps
+   * and 0x2009_0000 to 0x2010_0000 is for flash storage.
+   */
+  prog  (rx)  : ORIGIN = 0x20040000, LENGTH = 0x60000
+  ram   (!rx) : ORIGIN = 0x10000000, LENGTH = 0x20000
+}
+
+SECTIONS {
+    .manifest ORIGIN(rom):
+    {
+        _manifest = .;
+        /* see: sw/device/silicon_creator/lib/manifest.h */
+        . += 384; /* rsa_signature */
+        . += 4;   /* usage_constraints.selector_bits */
+        . += 32;  /* usage_constraints.device_id */
+        . += 4;   /* usage_constraints.manuf_state_creator */
+        . += 4;   /* usage_constraints.manuf_state_owner */
+        . += 4;   /* usage_constraints.life_cycle_state */
+        . += 384; /* rsa_modulus */
+        . += 4;   /* address_translation */
+        . += 4;   /* identifier */
+        . += 4;   /* manifest_version */
+        . += 4;   /* signed_region_end */
+        . += 4;   /* length */
+        . += 4;   /* version_major */
+        . += 4;   /* version_minor */
+        . += 4;   /* security_version */
+        . += 8;   /* timestamp */
+        . += 32;  /* binding_value */
+        . += 4;   /* max_key_version */
+        . += 4;   /* code_start */
+        . += 4;   /* code_end */
+        LONG(_stext - ORIGIN(rom)); /* . = . + 4; entry_point */
+        /* manifest extension table */
+        /* see: sw/device/silicon_creator/lib/base/chip.h */
+        /* CHIP_MANIFEST_EXT_TABLE_COUNT = 15 */
+        /* sizeof(manifest_ext_table_entry) = 8 */
+        . += 120; /* manifest_ext_table */
+    } > rom
+}
+
+ASSERT (((_etext - _manifest) > 0), "Error: PMP and Flash protection setup assumes _etext follows _manifest");
+/* TODO(cfrantz): Fix the ld_library rule to allow include paths and avoid  */
+/* having to specify an `external` path here */
+INCLUDE external/tock/boards/kernel_layout.ld
diff --git a/sw/device/silicon_owner/tock/kernel/src/io.rs b/sw/device/silicon_owner/tock/kernel/src/io.rs
@@ -0,0 +1,102 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+use core::fmt::Write;
+use core::panic::PanicInfo;
+use core::str;
+use kernel::debug;
+use kernel::debug::IoWrite;
+
+use crate::CHIP;
+use crate::PROCESSES;
+use crate::PROCESS_PRINTER;
+
+struct Writer {}
+
+static mut WRITER: Writer = Writer {};
+
+impl Write for Writer {
+    fn write_str(&mut self, s: &str) -> ::core::fmt::Result {
+        self.write(s.as_bytes());
+        Ok(())
+    }
+}
+
+impl IoWrite for Writer {
+    fn write(&mut self, buf: &[u8]) -> usize {
+        // This creates a second instance of the UART peripheral, and should only be used
+        // during panic.
+        earlgrey::uart::Uart::new(
+            earlgrey::uart::UART0_BASE,
+            earlgrey::chip_config::CONFIG.peripheral_freq,
+        )
+        .transmit_sync(buf);
+        buf.len()
+    }
+}
+
+#[cfg(not(test))]
+use kernel::hil::gpio::Configure;
+#[cfg(not(test))]
+use kernel::hil::led;
+
+/// Panic handler.
+#[cfg(not(test))]
+#[no_mangle]
+#[panic_handler]
+pub unsafe extern "C" fn panic_fmt(pi: &PanicInfo) -> ! {
+    let first_led_pin = &mut earlgrey::gpio::GpioPin::new(
+        earlgrey::gpio::GPIO0_BASE,
+        earlgrey::gpio::PADCTRL_BASE,
+        earlgrey::gpio::pins::pin7,
+    );
+    first_led_pin.make_output();
+    let first_led = &mut led::LedLow::new(first_led_pin);
+    let writer = &mut WRITER;
+
+    #[cfg(feature = "sim_verilator")]
+    debug::panic(
+        &mut [first_led],
+        writer,
+        pi,
+        &|| {},
+        &PROCESSES,
+        &CHIP,
+        &PROCESS_PRINTER,
+    );
+
+    #[cfg(not(feature = "sim_verilator"))]
+    debug::panic(
+        &mut [first_led],
+        writer,
+        pi,
+        &rv32i::support::nop,
+        &PROCESSES,
+        &CHIP,
+        &PROCESS_PRINTER,
+    );
+}
+
+#[cfg(test)]
+#[no_mangle]
+#[panic_handler]
+pub unsafe extern "C" fn panic_fmt(pi: &PanicInfo) -> ! {
+    let writer = &mut WRITER;
+
+    #[cfg(feature = "sim_verilator")]
+    debug::panic_print(writer, pi, &|| {}, &PROCESSES, &CHIP, &PROCESS_PRINTER);
+    #[cfg(not(feature = "sim_verilator"))]
+    debug::panic_print(
+        writer,
+        pi,
+        &rv32i::support::nop,
+        &PROCESSES,
+        &CHIP,
+        &PROCESS_PRINTER,
+    );
+
+    let _ = writeln!(writer, "{}", pi);
+    // Exit QEMU with a return code of 1
+    crate::tests::semihost_command_exit_failure();
+}