Crypto Dev Shield for "ZMC" Zilog Z80 system
May seem like just some nostalgic 1980s retro system, but in fact it is: 1.) A versatile platform for learning assembly programming on the lowest level and even more important, 2.) A good platform for development of ultra-secure crypto systems!
This is another sequel in our highly-secure communication systems series! I suggest you to first watch our interview here:
https://www.elektormagazine.com/news/secure-communications-an-interview-with-luka-matic
where the most of the problems of today's secure systems design engineering are explained. Please pay special attention around 40:38 when we talk about methods of using "retro" technology to increase security. There we refer to one particular Zilog Z-80 system:
http://www.sunrise-ev.com/z80.htm
which is very simple and especially convenient for implementation for even more secure systems than those that we previously implemented using Atmel AVR and Arduino.
Since I grew up with Sinclair ZX Spectrum, and got well acquainted with Zilog Z80, first I decided to buy the ZMC main board PCB along with FP PCB (front panel-LED 7-seg display and keyboard) on the aforementioned web site. After assembling the PCBs and first power-up and testing, I quickly got truly impressed!
It is really amazing what Lee Hart managed to squeeze into only several kB of UV EPROM, leaving 88% of CPU time and cca. 70% of EPROM and RAM for further development!:
-machine code monitor, capable of monitoring and single-stepping of both RAM and ROM (with timer-interrupt triggered single-stepper)
-software bitbanged keyboard scanner, 7-char-7-segment LED + 7 extra LEDs display driver and duplex 9600 UART port (to work with the front panel on the photo attached)
-SRAM bootloader - load your assembly or BASIC code through UART and start the program!
-a simple 16-bit integer BASIC interpreter, capable of accessing IO ports, peeking and poking through the memory, and calling assembly-code subroutines
-there is also another PCB add- on made by Lee Hart, with up to 512kB of bank-switchable RAM, one more hardware UART and SD card interface as well !
So this is a miniature, Arduino-size system, with 32kB UV EPROM and 32kB SRAM, to fully exploit all the capabilities of Z80, connect it to all sort of periphery devices and utilize all the advantages and flexibility of Von Neumann's compared to Harvard's architecture.
----------------------------------------------------------------------------------------------------------------------------------
In order to use this system for any cryptography- related stuff, I decided to design another "shield" for this system. I wrote the assembly code for all the CTC, UART, I2C and 1-wire bus comms routines and tested them all. These are all the features:
-Z80 CTC (4-channel counter-timer) - precise hardware timing is necessary for good encrypted communications. I used UB857D, its East German clone, also produced in millions and still easily available because I didn't have any original CTC handy. Assigned the IO addresses to 0x00, 0x01, 0x02 and 0x03 to make it compatible with the rest of the Altoid PCBs.
-74HC138 (3-to-8 decoder), for extra IO channels , one more 8-bit input port (74HC245) and one more 8-bit output port (74HC273 latch) - also used to bitbang I2C port, 1-wire port and one more UART port on my board, and anything else . IO channel 0x04 for 74HC245 (input) and 74HC273 (output), and IO channel 0x06 for reseting the watchdog timer.
-DS1307 RTC on I2C port, with CR1220 battery that can keep the clock running for several years
-AT24C serial I2C EEPROM - useful for many things, like quick dumping and restoring SRAM contents
-DS18B20 one-wire bus thermometer - can't do secure cryptography without one :)
- 74HC74- watchdog timer, RC analog, adjustable with a 1meg trimmer in a span of cca. 0.5-7 seconds. Can activate NMI interrupt, or RESET, configurable by jumpers. WDT is reset by writing to IO 0x06.
-another 74HC74 -featuring a code-injection protection circuit (!):
Having all the address, data, IO and control signals easy to access, all the firmware in UV EPROM, all the units physically separated, old and reliable hardware tested for more than 30 years, this system is more secure than any modern highly-integrated MCU or FPGA... except for one thing. Because of its von Neumman's architecture it is more susceptible to any kind of buffer-overflow attacks (code-injection, stack-smashing, runaway code, remote reset , illegal opcode...). Executing a code from SRAM may be useful for testing during development, but for any secure crypto application the fully tested version of the program must be stored exclusively to UV EPROM, while SRAM can be used to store only data, not program. So , a simple circuit built around this IC detects any attempt to execute a code from SRAM, and reacts immediately.
Updates vom Autor