Add fpga udev rules

Co-authored-by: Harry Callahan <[email protected]>

pkgs/default.nix

@@ -8,6 +8,7 @@
 }:
 {
   ncurses5-fhs = pkgs.callPackage ./ncurses5-fhs.nix {};
+  fpga-udev-rules = pkgs.callPackage ./fpga-udev-rules.nix {};
 
   # OpenTitan packages
   verilator_ot = import ./verilator {inherit pkgs;};

pkgs/fpga-udev-rules.nix

@@ -0,0 +1,65 @@
+# Copyright lowRISC contributors.
+#
+# SPDX-License-Identifier: MIT
+{writeTextFile}:
+writeTextFile {
+  name = "62-fpga.rules";
+  destination = "/etc/udev/rules.d/62-fpga.rules";
+  text = ''
+    # Identify FPGAs and assign them ID_FPGA env. The env will be consumed in 70-fpga-uaccess.rules.
+    #
+    # This list is taken from the OpenTitan documentation
+    # * https://opentitan.org/book/doc/getting_started/install_vivado/index.html?highlight=udev#device-permissions-udev-rules
+    # and Xilinx UG973.
+    # * https://docs.amd.com/r/en-US/ug973-vivado-release-notes-install-license/Installing-Cable-Drivers
+    # * https://digilent.com/reference/programmable-logic/guides/install-cable-drivers
+    #
+    # The original rules set mode to 666 makes it globally writable, and this is not secure. Ubuntu uses a plugdev group,
+    # which is considered a bad practice by Arch Linux and systemd developers.
+    # See https://wiki.archlinux.org/title/Udev and https://bugzilla.redhat.com/show_bug.cgi?id=815093.
+    #
+    # The modern approach is to first, identify which type a device is, and then assign it to a specific group (e.g.
+    # disk, cdrom, dialout) or set the "uaccess" tag. "uaccess" tag allows all users with seats allocated (i.e. have physical
+    # access) to access the device with dynamic ACL. This is both zero-configuration and more secure.
+    #
+    # This file starts with 62- because all systemd device identification groups use 60- as priority, and we want rules
+    # here to take priority, but this must be smaller than 73-seat-late.rules.
+
+    # 90-lowrisc.rules
+
+    # NewAE Technology Inc. ChipWhisperer boards e.g. CW310, CW305, CW-Lite, CW-Husky
+    SUBSYSTEM=="usb|tty", ATTRS{idVendor}=="2b3e", ATTRS{idProduct}=="ace[0-9]|c[3-6][0-9][0-9]", ENV{ID_FPGA}="1"
+
+    # Digilent rule removed because it's covered by Xilinx rules.
+
+    # Future Technology Devices International, Ltd FT232 Serial (UART) IC
+    SUBSYSTEM=="usb|tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ENV{ID_FPGA}="1"
+
+    # 52-xilinx-digilent-usb.rules
+
+    ATTRS{idVendor}=="1443", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="0403", ATTRS{manufacturer}=="Digilent", ENV{ID_FPGA}="1"
+
+    # 52-xilinx-ftdi-usb.rules
+
+    ATTRS{idVendor}=="0403", ATTRS{manufacturer}=="Xilinx", ENV{ID_FPGA}="1"
+
+    # 52-xilinx-pcusb.rules
+
+    # These rules are changed from `ATTR` to `ATTRS`, see https://support.xilinx.com/s/question/0D52E000074LyuDSAS/bug-udev-rules-badly-written
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0008", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0007", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0009", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="000d", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="000f", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0013", ENV{ID_FPGA}="1"
+    ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0015", ENV{ID_FPGA}="1"
+
+    # We do not set group here becuase `plugdev` group is non-standard, and as mentioned above, discouraged.
+    # For FPGA machines that need user to SSH into them to use, one can add another rule like:
+    # ```
+    # ACTION="add|change", ENV{ID_FPGA}=="1", GROUP="plugdev", MODE="0660"
+    # ```
+    ACTION=="add|change", ENV{ID_FPGA}=="1", TAG+="uaccess"
+  '';
+}