annotate doc/Sniffer-FPGA-design @ 20:f6579cef76e1

doc: on later thought, drop the DUS term in favor of ME/ID
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 21 Aug 2023 20:14:26 +0000
parents 41e6026e5d1a
children c03a882cc49e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
1 The first FPGA logic function in the SIMtrace-ice project has been implemented
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
2 and is now waiting to be tested: it is the basic sniffer FPGA in the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
3 fpga/sniffer-basic directory. It is an FPGA image for Lattice Icestick, an
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
4 inexpensive off-the-shelf iCE40 FPGA board, and it implements the function of
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
5 passive sniffing: receiving level-shifted SIM RST, CLK and I/O signals from the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
6 74LVC4T3144 buffer and capturing all exchanges that happen on the SIM interface
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
7 between a GSM ME or other interface device (ME/ID for short) and a SIM.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
8
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
9 This FPGA gateware function is currently waiting to be tested: some custom
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
10 hardware needs to be assembled before the FPGA can be tested. The PCB fab order
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
11 for our mv-sniffer adapter board has just been placed; we will need to receive
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
12 the PCB, get it populated, and also populate the missing pin headers on the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
13 Icestick board before we can test our FPGA.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
14
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
15 The two principal components of the Icestick board are an iCE40HX1K FPGA and an
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
16 FT2232H-based USB host interface. Our sniffer logic function in the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
17 operates principally as a byte forwarder from the ISO 7816-3 sniffer block to
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
18 the FT2232H UART: every time the bus sniffer block captures a character (in ISO
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
19 7816-3 terminology) being passed on the SIM electrical interface in either
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
20 direction (the two directions of transmission are indistinguishable to a tap
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
21 sniffer that does not actively participate in the protocol), the FPGA will
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
22 forward this character to the connected host computer (by way of FT2232H UART)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
23 for further processing in software. The UART data line going from the FPGA to
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
24 the FT2232H is the sole functional output from this FPGA, beyond debug outputs
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
25 being added during logic development and troubleshooting. The other UART data
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
26 line going the opposite direction (output from FT2232H) remains unused in this
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
27 application, i.e., the host software application will only read/receive from the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
28 ttyUSBx FPGA device and won't send anything to it. All modem control lines on
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
29 this UART interface likewise remain unused.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
30
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
31 Serial interface format
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
32 =======================
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
33
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
34 For every ISO 7816-3 character captured by the sniffer, two back-to-back UART
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
35 bytes will be transferred from the FPGA to the host computer; more generally,
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
36 the FPGA will only transmit pairs of back-to-back bytes on this UART and no
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
37 singletons or other arrangements - thus the host receiver can always recover
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
38 synchronization by dropping any partially received two-byte message (the first
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
39 byte of an expected pair) during prolonged pauses. The FPGA will transmit the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
40 two back-to-back UART bytes as a single shift-out of 20 bits, conveying two
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
41 bytes in 8N1 framing.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
42
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
43 Why are we turning every captured ISO 7816-3 character into a pair of bytes on
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
44 our internal UART interface, why not simply forward it as a single byte? The
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
45 reason is that we need to pass some additional bits beyond the 8 that comprise
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
46 the ISO 7816-3 character payload; the additional bits which we need to pass are
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
47 as follows:
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
48
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
49 - the received parity bit;
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
50 - a flag indicating whether or not an error signal (ISO 7816-3 section 7.3)
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
51 was seen;
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
52 - additional flag bits communicating SIM RST assertion and negation events,
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
53 as distinct from ISO 7816-3 characters;
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
54 - an additional flag indicating an action of the integrated PPS catcher state
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
55 machine, to be described later in this document.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
56
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
57 Assertion or negation of SIM RST is the only other possible event (besides ISO
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
58 7816-3 character capture, with or without attendant PPS catcher state machine
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
59 action) that can cause the FPGA to send a byte-pair UART message to the host
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
60 computer. One bit in the 16-bit message will distinguish between characters
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
61 and RST events, another bit will indicate the state of RST at the time of the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
62 event (new RST for transitions, 1 for characters), and all other bits are
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
63 meaningful only for characters.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
64
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
65 Detailed serial interface format
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
66 --------------------------------
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
67
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
68 Treating the two transmitted bytes as a single 16-bit word, with the least
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
69 significant 8 bits transmitted first (matching the transmission order of bits
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
70 within a byte), the 16 bits of this word are assigned as follows:
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
71
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
72 Bit 15: set to 0 if this message signals ISO 7816-3 character reception or 1 if
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
73 it signals a change of state in the RST line.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
74
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
75 Bit 14: new state of RST in the case of RST state change messages; should always
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
76 be 1 in character Rx messages.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
77
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
78 Bits [13:11]: currently unused and set to 0.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
79
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
80 The remaining bits are valid only in character Rx messages:
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
81
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
82 Bit 10: set to 1 if the error signal of ISO 7816-3 section 7.3 was detected,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
83 0 otherwise.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
84
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
85 Bit 9: sampled line value at the midpoint of the start bit, should be 0 in a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
86 properly working system.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
87
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
88 Bit 8: received parity bit;
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
89
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
90 Bits [7:0]: payload bits of the received character.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
91
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
92 UART baud rate
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
93 ==============
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
94
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
95 The baud rate on the UART interface between the FPGA and the FT2232H converter
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
96 is 3000000 bps. This high (and very non-RS232-standard) UART baud rate was
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
97 chosen for the following reasons:
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
98
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
99 * Our UART interface is totally private, going nowhere but the on-board FT2232H,
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
100 thus it doesn't matter if the baud rate is standard-ish or totally
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
101 non-standard.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
102
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
103 * No cables of any kind are used, instead the UART interface is confined to
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
104 short PCB traces running between the FPGA and the FTDI chip on the same board
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
105 - hence high baud rates are not a problem.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
106
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
107 * Our UART baud rate needs to be high enough to provide good margin, despite
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
108 our 2x expansion, at the highest possible effective bps rate on the SIM
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
109 interface, meaning the highest possible SIM CLK frequency and the most
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
110 aggressive F/D ratio. The combination of SIM CLK at 5 MHz, F=512 and D=64
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
111 corresponds to 625000 bps effective on the SIM interface; running our UART at
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
112 3 Mbps provides sufficient margin.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
113
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
114 Clocking design
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
115 ===============
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
116
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
117 The FPGA on the Icestick board receives a 12 MHz clock input. Our original
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
118 plan was to use the FPGA's on-chip PLL to multiply this clock by 4, producing a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
119 48 MHz system clock - however, this plan has been shelved for now, and our
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
120 current sniffer-basic design uses the 12 MHz clock directly as its system clock.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
121
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
122 The 3 inputs to the FPGA coming from the SIM electrical sniffer (buffered and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
123 level-shifted SIM RST, CLK and I/O lines) pass through two cascaded DFFs,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
124 bringing them into our internal clock domain. The delay added by these cascaded
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
125 DFFs is not a concern: we are a passive sniffer without any output back to the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
126 SIM interface, and all 3 signal inputs will be subject to the same delay.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
127
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
128 As stated in the previous section, the baud rate on the UART interface between
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
129 the FPGA and the FT2232H converter is 3000000 bps. The UART output block in
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
130 the FPGA uses a simple /4 divider from CLK12 (board-level 12 MHz clock input)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
131 to time its output bits; the original intent was to use a /16 divider from
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
132 48 MHz SYSCLK.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
133
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
134 ISO 7816-3 sniffer block
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
135 ========================
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
136
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
137 Our ISO 7816-3 receiver will trigger on the falling edge of the I/O line. Once
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
138 it detects a high-to-low transition on the SYSCLK-synchronized SIM_IO input, it
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
139 will start counting SIM CLK cycles - we are arbitrarily choosing low-to-high
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
140 transition of SYSCLK-synchronized SIM_CLK input as the trigger point. (This
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
141 choice is arbitrary because per the spec there is no defined phase relation
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
142 between SIM CLK and SIM I/O transitions.) Our ISO 7816-3 receiver will need to
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
143 know how many SIM CLK cycles constitute one etu - or more precisely, our
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
144 sniffing receiver needs to know how many SIM CLK cycles constitute 0.5 etu,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
145 1 etu and 1.5 etu, in order to locate various needed sampling points relative
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
146 to the instant at which SIM_IO was initially sampled low.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
147
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
148 The initial version of our sniffer gateware (the version in fpga/sniffer-basic)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
149 omits the PPS catcher block, hence the just-described etu durations are
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
150 currently fixed to F/D=372 default values.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
151
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
152 Direct and inverse coding conventions
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
153 =====================================
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
154
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
155 Only the card and not the interface device (ISO 7816-3 terminology) determines
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
156 which coding convention is used, direct or inverse. So far we (FreeCalypso)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
157 have not yet encountered a real-life SIM that uses the inverse convention, only
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
158 the direct convention kind. In the sniffer function of SIMtrace-ice, we are
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
159 going to keep our FPGA gateware simple in this regard and punt all inverse
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
160 convention handling to the software application on the host computer: the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
161 passes the 9 received bits (8 data bits and 1 parity bit) to the 16-bit UART
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
162 message as-is, without inverting or reordering them.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
163
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
164 Integrated PPS catcher
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
165 ======================
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
166
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
167 The logic described so far and implemented in the sniffer-basic version will be
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
168 sufficient to capture all exchanges on the SIM interface between ME/ID and a SIM
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
169 *if* the etu-defining F/D ratio is never switched from the basic default of 372.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
170 However, given that most SIM cards of interest to us (our own FCSIM1, as well as
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
171 SIMs issued by various commercial operators) support Fi=512 Di=8 or higher, and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
172 given that even very classic implementations of GSM ME (including our dear
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
173 Calypso) support this F=512 D=8 speed enhancement mode endorsed by GSM 11.11
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
174 spec, many real-life ME/ID-to-SIM sessions (which we would like to sniff and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
175 trace) will include a PPS exchange switching to a smaller number of SIM CLK
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
176 cycles per etu.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
177
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
178 The main difficulty with capturing SIM interface sessions that use speed
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
179 enhancement is as follows: in order for the session capture to be complete,
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
180 without any lost bits, the sniffing receiver's knowledge of how many SIM CLK
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
181 cycles constitute an etu needs to change to the new value at exactly the
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
182 correct moment in time, which is the moment immediately after the last byte
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
183 (PCK) of the SIM's PPS response passes across the wire. If we were to rely on
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
184 host software to decode all byte exchanges up to this point (ATR from the SIM,
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
185 PPS request from ME/ID, then PPS response) and command the FPGA (UART in the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
186 other direction, or a modem control line) to switch the etu counters (the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
187 0.5 etu, 1 etu and 1.5 etu counters mentioned above), we stand very little
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
188 chance of getting this command to the FPGA in time, before ME/ID starts
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
189 transmitting its next command to the SIM using the new etu definition.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
190
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
191 The Mother's proposed solution is to embed a PPS catcher state machine in the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
192 sniffer FPGA. This state machine will be set to its initial state upon the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
193 session-opening low-to-high transition on the RST line, and it will look at
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
194 every ISO 7816-3 character received by the sniffer. The machine will need to
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
195 step through the following states between this starting point and the final
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
196 action of changing the half-etu count register:
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
197
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
198 * As the ATR bytes are transferred, the state machine will need to understand
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
199 enough of ATR format to know which byte constitutes the end of ATR. A fatal
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
200 error in ATR real-time parsing (if the first byte is anything other than
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
201 8'h3B) will put the machine into its inactive state for the remainder of the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
202 session until next reset.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
203
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
204 * If the byte following ATR is 8'hFF, the machine will proceed into PPS request
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
205 real-time parsing state. If this byte equals any other value, go to the
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
206 inactive state for the remainder of the session.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
207
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
208 * In the PPS request real-time parsing series of states, the state machine will
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
209 need to catch the PPS0 byte and based on this byte, figure out how many bytes
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
210 it needs to skip.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
211
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
212 * Following the PPS request, the machine will need to real-time-parse the PPS
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
213 response. Any invalid conditions will take it to the inactive state; however,
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
214 if the PPS exchange is valid, the machine will need to capture the PPS1 byte
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
215 and then step through states until the final PCK byte of the PPS response.
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
216
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
217 * Upon receiving that last PCK byte after all prior bytes following the expected
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
218 protocol, effect the etu counter change. Either way, the inactive state is
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
219 entered at this point, and the state machine will take no further action for
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
220 the remainder of the session.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
221
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
222 This state machine is of course going to be very complicated, as evident from
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
223 the functional requirements listed above. The first version of SIMtrace-ice
17
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
224 sniffer FPGA omits this block altogether, and we will get the rest of the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
225 system working for ME/ID-to-SIM sessions that stick with F/D=372 - a good test
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
226 configuration would be to use a FreeCalypso GSM ME, with SIM speed enhancement
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
227 disabled via AT@SPENH=0. Then we shall embark on implementing this proposed
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation
Mychaela Falconia <falcon@freecalypso.org>
parents: 4
diff changeset
228 PPS catcher state machine.
4
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
229
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
230 The addition of this PPS catcher state machine may increase the complexity of
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
231 our logic beyond the capacity of the iCE40HX1K FPGA on the Icestick board. If
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
232 we run into this problem, we'll have to look for a board with a bigger FPGA -
b275c69c1b80 doc: describe proposed FPGA design
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
233 but we'll try to fit into the Icestick first.