Doc: move implementation details of RAM scrambling to RAM core

tillitis · Nov 20, 2024 · 1941a22 · 1941a22
1 parent de8fcb8
commit 1941a22
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/hw/application_fpga/README.md b/hw/application_fpga/README.md
@@ -75,7 +75,10 @@ The memory is cleared by firmware before an application is loaded.
 
 The application RAM is available to use by firmware and applications.
 
-MC: Is the scrambling here now?
+The RAM core also implements (from the view of the CPU) transparent
+RAM address and data scrambling. This scrambling is applied to make it
+harder to extract application and application data from a memory dump
+directly from the memory cores.
 
 ## `rom`
 
@@ -132,21 +135,7 @@ should make it infeasible to improve asset extraction by observing
 multiple memory dumps from the same TKey device. The attack should
 also not directly scale to multiple TKey devices.
 
-The memory protection is based on two separate mechanisms:
-
-1. Address randomisation
-2. Address dependent data randomization
-
-The address randomization is implemented by XORing the CPU address
-with the contents of the ADDR\_RAM\_ADDR\_RAND register in the tk1
-core. The result is used as the RAM address
-
-The data randomization is implemented by XORing the data written to the
-RAM with the contents of the ADDR\_RAM\_DATA\_RAND register in the tk1
-core as well as XORing with the CPU address. This means that the same
-data written to two different addresses will be scrambled differently.
-The same pair or XOR operations is also performed on the data read out
-from the RAM.
+The RAM address and data scrambling is done in de RAM core.
 
 The memory protection is setup by the firmware. Access to the memory
 protection controls is disabled for applications. Before the memory
@@ -168,11 +157,6 @@ setup the memory protection:
 6. Receive the application sent from the client and write it in
    sequence into RAM.
 
-Future TKey devices may implement a more secure ASLR mechanism, and
-use real encryption (for example PRINCE) for memory content
-protection. From the application point of view such a change will be
-transparent.
-
 ## `touch_sense`
 
 Provide touch sensor events to software.

diff --git a/hw/application_fpga/core/ram/README.md b/hw/application_fpga/core/ram/README.md
@@ -23,6 +23,22 @@ ram_data_rand inputs as seeds for the scrambling mechanism. When data
 is read out it is descrambled before sent out on the read_data output
 port. The scrambling functionality does not add latency.
 
+The memory protection is based on two separate mechanisms:
+
+1. Address randomisation
+2. Address dependent data randomization
+
+The address randomization is implemented by XORing the RAM address
+with the contents of the ADDR\_RAM\_ADDR\_RAND register in the tk1
+core. The result is used as the RAM address.
+
+The data randomization is implemented by XORing the data written to
+the RAM with the contents of the ADDR\_RAM\_DATA\_RAND register in the
+tk1 core as well as XORing with the CPU address. This means that the
+same data written to two different addresses will be scrambled
+differently. The same pair or XOR operations is also performed on the
+data read out from the RAM.
+
 Note: the scrambling mechanism is NOT a cryptographically secure
 function. Even if it was, a 32 bit key would be too short to add any
 security.