Skip to content

[fisim/crypto] Add instruction skip simulator #28549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

[fisim/crypto] Add instruction skip simulator #28549

wants to merge 1 commit into from
+986 −36

Conversation

@siemen11
Copy link
Contributor

This only works for a debug enabled FPGA/chip and is only been tested on a CW340!

Add a script to load the pentest framework, connect to OpenOCD, and connect to GDB. Generate a trace file of a called function.
Use the trace file to insert instruction skips in order to simulate fault attacks and test countermeasures.

@siemen11 siemen11 force-pushed the fisim branch 2 times, most recently from a700471 to b9dc25c Compare October 23, 2025 10:36
@siemen11
Copy link
Contributor Author

siemen11 commented Oct 23, 2025
edited
Loading

FPGAsetup

A reference picture of the FPGA setup

With instructions

JP1, JP2, JP3, JP4, JP5 are set to HD
JP11, JP12 are set to FDTI
J10 is bridged to J13
J23 is bridged to J25

@siemen11
Copy link
Contributor Author

To run the test, the command is

./bazelisk.sh run //sw/device/tests/penetrationtests:fi_asym_cryptolib_python_gdb_test_fpga_cw340_rom_ext

@siemen11 siemen11 force-pushed the fisim branch 2 times, most recently from f71eeb7 to 14d7af1 Compare October 23, 2025 11:31
@siemen11
Copy link
Contributor Author

siemen11 commented Oct 23, 2025
edited
Loading

Still to improve:

  • Get GDB to check the flow of the program instead of having a UART providing no output, GDB can tell us whether it actually crashed
  • Try larger functions for the tracing and the instruction skips
  • Improve the parsing to truncate trace files and get the correct addresses of target functions

@siemen11
Copy link
Contributor Author

Also open question if someone can help: it would be nice to have something in CI, but for this we need a debug enabled FPGA. Is there something we can do so this code does not waste over time?

@siemen11 siemen11 force-pushed the fisim branch 6 times, most recently from 02c81a0 to 8fc0d13 Compare October 26, 2025 21:49
@siemen11
[fisim/crypto] Add instruction skip simulator
e2120cb 
This only works for a debug enabled FPGA/chip and is only been tested on a CW340!

Add a script to load the pentest framework, connect to OpenOCD, and connect to GDB.
Generate a trace file of a called function.
Use the trace file to insert instruction skips in order to simulate fault attacks and test countermeasures.

Signed-off-by: Siemen Dhooghe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nasahlpa nasahlpa Awaiting requested review from nasahlpa

@engdoreis engdoreis Awaiting requested review from engdoreis

@johannheyszl johannheyszl Awaiting requested review from johannheyszl

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@siemen11