Skip to content

isec-tugraz/coco-ibex

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
ci
ci
 
 
doc
doc
 
 
dv
dv
 
 
examples
examples
 
 
lint
lint
 
 
rtl
rtl
 
 
shared
shared
 
 
syn
syn
 
 
util
util
 
 
vendor
vendor
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
CREDITS.md
CREDITS.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
azure-pipelines.yml
azure-pipelines.yml
 
 
check_tool_requirements.core
check_tool_requirements.core
 
 
ibex_configs.yaml
ibex_configs.yaml
 
 
ibex_core.core
ibex_core.core
 
 
ibex_core_tracing.core
ibex_core_tracing.core
 
 
ibex_icache.core
ibex_icache.core
 
 
ibex_pkg.core
ibex_pkg.core
 
 
ibex_tracer.core
ibex_tracer.core
 
 
python-requirements.txt
python-requirements.txt
 
 
src_files.yml
src_files.yml
 
 
tool_requirements.py
tool_requirements.py
 
 

Repository files navigation

Coco-Ibex

Repo which contains the design of the secured Ibex core, as shown in COCO: Co-Design and Co-Verification of Masked Software Implementations onCPUs.

The design is based on commit #863fb56eb166d of the original Ibex core.

Structure

  • rtl: contains the hardware design of the modified Ibex core.
    • secure.sv: allows to enable/disable certain security features
  • shared/rtl: contains the secure RAM implementation

Enabling/disabling security features

We implemented the following security features:

  • REGREAD_SECURE: gating mechanism for reads from the register file
  • REGWRITE_SECURE: gating mechanism for writes to the register file
  • MEM_SECURE: use secure RAM
  • MD_SECURE: gating mechanism for multiplication unit
  • SHIFT_SECURE: gating mechanism for shifter in ALU
  • ADDER_SECURE: gating mechanism for adder in ALU
  • CSR_SECURE: gating mechanism for CSR unit

Each of these features is standalone, i.e., disabling REGREAD_SECURE but enabling all other features will still work. Disabling can be done by uncommenting the respective line in secure.sv.

We did not add an enabling/disabling mechanism for clearing the hidden LSU state.

Configuring secure RAM

Configurations can be made by altering a and b in ram_1p_secure.v:

  • a: number of 32-bit cells per block
  • b: number of blocks

In-block addressing is done using one-hot encoded addresses.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

7 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages