fc-sim-sniff: doc/Sniffer-FPGA-design annotate

annotate doc/Sniffer-FPGA-design @ 25:c03a882cc49e

doc/Sniffer-FPGA-design: update for working status

author	Mychaela Falconia <falcon@freecalypso.org>
date	Tue, 29 Aug 2023 06:37:58 +0000
parents	41e6026e5d1a
children	695ca51e1564

rev	line source
25 c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	1 The first version of SIMtrace3 sniffer FPGA (the version in fpga/sniffer-basic,
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	2 no PPS catcher, F/D=372 only for now) has been implemented, tested and proven
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	3 working. It is an FPGA image for Lattice Icestick, an inexpensive off-the-shelf
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	4 iCE40 FPGA board, and it implements the function of passive sniffing: receiving
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	5 level-shifted SIM RST, CLK and I/O signals from the 74LVC4T3144 buffer and
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	6 capturing all exchanges that happen on the SIM interface between a GSM ME or
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	7 other interface device (ME/ID for short) and a SIM.
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	8
25 c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	9 Hardware architecture and FPGA design principle
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	10 ===============================================
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	11
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	12 The two principal components of the Icestick board are an iCE40HX1K FPGA and an
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	13 FT2232H-based USB host interface. Our sniffer logic function in the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	14 operates principally as a byte forwarder from the ISO 7816-3 sniffer block to
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	15 the FT2232H UART: every time the bus sniffer block captures a character (in ISO
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	16 7816-3 terminology) being passed on the SIM electrical interface in either
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	17 direction (the two directions of transmission are indistinguishable to a tap
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	18 sniffer that does not actively participate in the protocol), the FPGA will
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	19 forward this character to the connected host computer (by way of FT2232H UART)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	20 for further processing in software. The UART data line going from the FPGA to
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	21 the FT2232H is the sole functional output from this FPGA, beyond debug outputs
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	22 being added during logic development and troubleshooting. The other UART data
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	23 line going the opposite direction (output from FT2232H) remains unused in this
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	24 application, i.e., the host software application will only read/receive from the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	25 ttyUSBx FPGA device and won't send anything to it. All modem control lines on
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	26 this UART interface likewise remain unused.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	27
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	28 Serial interface format
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	29 =======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	30
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	31 For every ISO 7816-3 character captured by the sniffer, two back-to-back UART
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	32 bytes will be transferred from the FPGA to the host computer; more generally,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	33 the FPGA will only transmit pairs of back-to-back bytes on this UART and no
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	34 singletons or other arrangements - thus the host receiver can always recover
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	35 synchronization by dropping any partially received two-byte message (the first
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	36 byte of an expected pair) during prolonged pauses. The FPGA will transmit the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	37 two back-to-back UART bytes as a single shift-out of 20 bits, conveying two
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	38 bytes in 8N1 framing.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	39
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	40 Why are we turning every captured ISO 7816-3 character into a pair of bytes on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	41 our internal UART interface, why not simply forward it as a single byte? The
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	42 reason is that we need to pass some additional bits beyond the 8 that comprise
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	43 the ISO 7816-3 character payload; the additional bits which we need to pass are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	44 as follows:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	45
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	46 - the received parity bit;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	47 - a flag indicating whether or not an error signal (ISO 7816-3 section 7.3)
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	48 was seen;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	49 - additional flag bits communicating SIM RST assertion and negation events,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	50 as distinct from ISO 7816-3 characters;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	51 - an additional flag indicating an action of the integrated PPS catcher state
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	52 machine, to be described later in this document.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	53
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	54 Assertion or negation of SIM RST is the only other possible event (besides ISO
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	55 7816-3 character capture, with or without attendant PPS catcher state machine
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	56 action) that can cause the FPGA to send a byte-pair UART message to the host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	57 computer. One bit in the 16-bit message will distinguish between characters
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	58 and RST events, another bit will indicate the state of RST at the time of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	59 event (new RST for transitions, 1 for characters), and all other bits are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	60 meaningful only for characters.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	61
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	62 Detailed serial interface format
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	63 --------------------------------
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	64
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	65 Treating the two transmitted bytes as a single 16-bit word, with the least
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	66 significant 8 bits transmitted first (matching the transmission order of bits
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	67 within a byte), the 16 bits of this word are assigned as follows:
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	68
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	69 Bit 15: set to 0 if this message signals ISO 7816-3 character reception or 1 if
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	70 it signals a change of state in the RST line.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	71
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	72 Bit 14: new state of RST in the case of RST state change messages; should always
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	73 be 1 in character Rx messages.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	74
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	75 Bits [13:11]: currently unused and set to 0.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	76
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	77 The remaining bits are valid only in character Rx messages:
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	78
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	79 Bit 10: set to 1 if the error signal of ISO 7816-3 section 7.3 was detected,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	80 0 otherwise.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	81
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	82 Bit 9: sampled line value at the midpoint of the start bit, should be 0 in a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	83 properly working system.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	84
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	85 Bit 8: received parity bit;
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	86
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	87 Bits [7:0]: payload bits of the received character.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	88
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	89 UART baud rate
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	90 ==============
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	91
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	92 The baud rate on the UART interface between the FPGA and the FT2232H converter
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	93 is 3000000 bps. This high (and very non-RS232-standard) UART baud rate was
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	94 chosen for the following reasons:
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	95
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	96 * Our UART interface is totally private, going nowhere but the on-board FT2232H,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	97 thus it doesn't matter if the baud rate is standard-ish or totally
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	98 non-standard.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	99
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	100 * No cables of any kind are used, instead the UART interface is confined to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	101 short PCB traces running between the FPGA and the FTDI chip on the same board
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	102 - hence high baud rates are not a problem.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	103
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	104 * Our UART baud rate needs to be high enough to provide good margin, despite
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	105 our 2x expansion, at the highest possible effective bps rate on the SIM
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	106 interface, meaning the highest possible SIM CLK frequency and the most
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	107 aggressive F/D ratio. The combination of SIM CLK at 5 MHz, F=512 and D=64
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	108 corresponds to 625000 bps effective on the SIM interface; running our UART at
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	109 3 Mbps provides sufficient margin.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	110
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	111 Clocking design
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	112 ===============
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	113
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	114 The FPGA on the Icestick board receives a 12 MHz clock input. Our original
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	115 plan was to use the FPGA's on-chip PLL to multiply this clock by 4, producing a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	116 48 MHz system clock - however, this plan has been shelved for now, and our
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	117 current sniffer-basic design uses the 12 MHz clock directly as its system clock.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	118
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	119 The 3 inputs to the FPGA coming from the SIM electrical sniffer (buffered and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	120 level-shifted SIM RST, CLK and I/O lines) pass through two cascaded DFFs,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	121 bringing them into our internal clock domain. The delay added by these cascaded
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	122 DFFs is not a concern: we are a passive sniffer without any output back to the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	123 SIM interface, and all 3 signal inputs will be subject to the same delay.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	124
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	125 As stated in the previous section, the baud rate on the UART interface between
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	126 the FPGA and the FT2232H converter is 3000000 bps. The UART output block in
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	127 the FPGA uses a simple /4 divider from CLK12 (board-level 12 MHz clock input)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	128 to time its output bits; the original intent was to use a /16 divider from
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	129 48 MHz SYSCLK.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	130
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	131 ISO 7816-3 sniffer block
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	132 ========================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	133
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	134 Our ISO 7816-3 receiver will trigger on the falling edge of the I/O line. Once
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	135 it detects a high-to-low transition on the SYSCLK-synchronized SIM_IO input, it
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	136 will start counting SIM CLK cycles - we are arbitrarily choosing low-to-high
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	137 transition of SYSCLK-synchronized SIM_CLK input as the trigger point. (This
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	138 choice is arbitrary because per the spec there is no defined phase relation
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	139 between SIM CLK and SIM I/O transitions.) Our ISO 7816-3 receiver will need to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	140 know how many SIM CLK cycles constitute one etu - or more precisely, our
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	141 sniffing receiver needs to know how many SIM CLK cycles constitute 0.5 etu,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	142 1 etu and 1.5 etu, in order to locate various needed sampling points relative
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	143 to the instant at which SIM_IO was initially sampled low.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	144
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	145 The initial version of our sniffer gateware (the version in fpga/sniffer-basic)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	146 omits the PPS catcher block, hence the just-described etu durations are
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	147 currently fixed to F/D=372 default values.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	148
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	149 Direct and inverse coding conventions
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	150 =====================================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	151
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	152 Only the card and not the interface device (ISO 7816-3 terminology) determines
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	153 which coding convention is used, direct or inverse. So far we (FreeCalypso)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	154 have not yet encountered a real-life SIM that uses the inverse convention, only
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	155 the direct convention kind. In the sniffer function of SIMtrace-ice, we are
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	156 going to keep our FPGA gateware simple in this regard and punt all inverse
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	157 convention handling to the software application on the host computer: the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	158 passes the 9 received bits (8 data bits and 1 parity bit) to the 16-bit UART
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	159 message as-is, without inverting or reordering them.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	160
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	161 Integrated PPS catcher
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	162 ======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	163
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	164 The logic described so far and implemented in the sniffer-basic version will be
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	165 sufficient to capture all exchanges on the SIM interface between ME/ID and a SIM
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	166 if the etu-defining F/D ratio is never switched from the basic default of 372.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	167 However, given that most SIM cards of interest to us (our own FCSIM1, as well as
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	168 SIMs issued by various commercial operators) support Fi=512 Di=8 or higher, and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	169 given that even very classic implementations of GSM ME (including our dear
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	170 Calypso) support this F=512 D=8 speed enhancement mode endorsed by GSM 11.11
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	171 spec, many real-life ME/ID-to-SIM sessions (which we would like to sniff and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	172 trace) will include a PPS exchange switching to a smaller number of SIM CLK
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	173 cycles per etu.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	174
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	175 The main difficulty with capturing SIM interface sessions that use speed
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	176 enhancement is as follows: in order for the session capture to be complete,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	177 without any lost bits, the sniffing receiver's knowledge of how many SIM CLK
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	178 cycles constitute an etu needs to change to the new value at exactly the
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	179 correct moment in time, which is the moment immediately after the last byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	180 (PCK) of the SIM's PPS response passes across the wire. If we were to rely on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	181 host software to decode all byte exchanges up to this point (ATR from the SIM,
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	182 PPS request from ME/ID, then PPS response) and command the FPGA (UART in the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	183 other direction, or a modem control line) to switch the etu counters (the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	184 0.5 etu, 1 etu and 1.5 etu counters mentioned above), we stand very little
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	185 chance of getting this command to the FPGA in time, before ME/ID starts
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	186 transmitting its next command to the SIM using the new etu definition.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	187
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	188 The Mother's proposed solution is to embed a PPS catcher state machine in the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	189 sniffer FPGA. This state machine will be set to its initial state upon the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	190 session-opening low-to-high transition on the RST line, and it will look at
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	191 every ISO 7816-3 character received by the sniffer. The machine will need to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	192 step through the following states between this starting point and the final
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	193 action of changing the half-etu count register:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	194
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	195 * As the ATR bytes are transferred, the state machine will need to understand
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	196 enough of ATR format to know which byte constitutes the end of ATR. A fatal
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	197 error in ATR real-time parsing (if the first byte is anything other than
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	198 8'h3B) will put the machine into its inactive state for the remainder of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	199 session until next reset.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	200
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	201 * If the byte following ATR is 8'hFF, the machine will proceed into PPS request
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	202 real-time parsing state. If this byte equals any other value, go to the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	203 inactive state for the remainder of the session.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	204
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	205 * In the PPS request real-time parsing series of states, the state machine will
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	206 need to catch the PPS0 byte and based on this byte, figure out how many bytes
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	207 it needs to skip.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	208
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	209 * Following the PPS request, the machine will need to real-time-parse the PPS
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	210 response. Any invalid conditions will take it to the inactive state; however,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	211 if the PPS exchange is valid, the machine will need to capture the PPS1 byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	212 and then step through states until the final PCK byte of the PPS response.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	213
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	214 * Upon receiving that last PCK byte after all prior bytes following the expected
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	215 protocol, effect the etu counter change. Either way, the inactive state is
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	216 entered at this point, and the state machine will take no further action for
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	217 the remainder of the session.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	218
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	219 This state machine is of course going to be very complicated, as evident from
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	220 the functional requirements listed above. The first version of SIMtrace-ice
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	221 sniffer FPGA omits this block altogether, and we will get the rest of the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	222 system working for ME/ID-to-SIM sessions that stick with F/D=372 - a good test
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	223 configuration would be to use a FreeCalypso GSM ME, with SIM speed enhancement
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	224 disabled via AT@SPENH=0. Then we shall embark on implementing this proposed
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	225 PPS catcher state machine.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	226
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	227 The addition of this PPS catcher state machine may increase the complexity of
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	228 our logic beyond the capacity of the iCE40HX1K FPGA on the Icestick board. If
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	229 we run into this problem, we'll have to look for a board with a bigger FPGA -
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	230 but we'll try to fit into the Icestick first.

FreeCalypso > hg > fc-sim-sniff

annotate doc/Sniffer-FPGA-design @ 25:c03a882cc49e