Recent searches
Search options
I need to design some absolute batshit contraption of a CPU
how about a 4-way SMT core where each thread is hardwired to a distinct ISA. just make ARM + RISC-V + PPC + SPARC instruction decoders and have them duke it out for execution units.
… hm, I don’t think it qualifies as SMT at this point
@mwk heterogeneous multithreading?
@millihertz @mwk Fun fact: it's only two cores, but the rp2350 can do that with ARM and risc-v. The bootrom itself doesn't support it, but it's just a matter of prodding the hardware architecture-select register directly and then issuing a watchdog reset of the core that should switch.
@becomethewaifu @millihertz see, this is the problem with shitposts: you try to come up with something batshit insane enough that it’d obviously never be attempted, and then you invariably get one-upped by an actual vendor 20 years in the past or something
@mwk @millihertz @becomethewaifu i mean have you heard about my truly cursed idea for running antikernel on a zynq?
I've been too busy to actually attempt implementing it but i think it would work
@mwk @millihertz @becomethewaifu the basic idea is, you run a tiny trusted loader stub that creates a page table with maps for a subset of the RAM and one axi interface to PL, sets the interrupt vector table to an unmapped address, disables interrupts, and drops to userspace.
Now you're stuck running your application in a "padded cell" with no access to the outside world except a single mailbox channel via that axi interface to the PL (most notably, no access to other hard peripherals or the DRP).
And it's locked in userspace with no way to ever get back into kernel mode (since there's no interrupts and even if you did manage to trigger one you'd just hard fault with a bad vector table)
So great, you have an isolated application security domain, but how do you do threading?
@mwk @millihertz @becomethewaifu this is where we take advantage of the fact that the the PL has an axi port that allows fabric to talk to hard IP on the PS side.
and I *think* (if this doesn't work, it's 100% definitely doable over EMIO JTAG but that would make it even more cursed) you can access CoreSight APB registers on the PS side from PL this way.
So you make an RTL context switcher module that periodically halts the A9, serializes its registers out to block RAM, loads a new context, loads a new page table, flushes caches etc as needed, then resumes execution.
Boom, hardware threading with no kernel mode software.
@mwk @millihertz @becomethewaifu This is the closest you can get (to my knowledge) to a true antikernel system with zero privileged code (i.e. the initial setup is done by an rtl state machine) with currently extant silicon, unless you use a softcore CPU which is sloooow
@azonenberg @mwk @millihertz @becomethewaifu you could run the initial setup as instructions shifted into the ARM core in debug mode using an FSM :p
@whitequark @mwk @millihertz @becomethewaifu yeah but it doesnt matter if the instructions come from the FSM or spi flash or something, you still end up having to run some binary on the core at some point to provision it I think (unless you can coresight the entire setup i suppose? but that would just be nightmarishly painful i suspect lol)
@azonenberg @mwk @millihertz @becomethewaifu would it? all you need is a sequence of memory writes and then to top it off a few register writes (which you are already doing for context switches)
i'd do it
@whitequark @mwk @millihertz @becomethewaifu lol
well the big problem is that AFAIK (unless you have an external MCU driving FPGA JTAG, which then becomes your root of trust) zynq cannot boot in PL-first mode. you need a FSBL on the PS to come up and load the FPGA before you can do anything in said FPGA.
This is one of the reasons i'm excited to play with the efinix parts, titanium appears to natively support an FPGA-first flow where you can have a true RTL root of trust