diff --git a/pkgs/default.nix b/pkgs/default.nix index 8e55a37..e85c7a3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -8,6 +8,7 @@ }: { ncurses5-fhs = pkgs.callPackage ./ncurses5-fhs.nix {}; + fpga-udev-rules = pkgs.callPackage ./fpga-udev-rules.nix {}; # OpenTitan packages verilator_ot = import ./verilator {inherit pkgs;}; diff --git a/pkgs/fpga-udev-rules.nix b/pkgs/fpga-udev-rules.nix new file mode 100644 index 0000000..140e6ef --- /dev/null +++ b/pkgs/fpga-udev-rules.nix @@ -0,0 +1,65 @@ +# Copyright lowRISC contributors. +# +# SPDX-License-Identifier: MIT +{writeTextFile}: +writeTextFile { + name = "62-fpga.rules"; + destination = "/etc/udev/rules.d/62-fpga.rules"; + text = '' + # Identify FPGAs and assign them ID_FPGA env. The env will be consumed in 70-fpga-uaccess.rules. + # + # This list is taken from the OpenTitan documentation + # * https://opentitan.org/book/doc/getting_started/install_vivado/index.html?highlight=udev#device-permissions-udev-rules + # and Xilinx UG973. + # * https://docs.amd.com/r/en-US/ug973-vivado-release-notes-install-license/Installing-Cable-Drivers + # * https://digilent.com/reference/programmable-logic/guides/install-cable-drivers + # + # The original rules set mode to 666 makes it globally writable, and this is not secure. Ubuntu uses a plugdev group, + # which is considered a bad practice by Arch Linux and systemd developers. + # See https://wiki.archlinux.org/title/Udev and https://bugzilla.redhat.com/show_bug.cgi?id=815093. + # + # The modern approach is to first, identify which type a device is, and then assign it to a specific group (e.g. + # disk, cdrom, dialout) or set the "uaccess" tag. "uaccess" tag allows all users with seats allocated (i.e. have physical + # access) to access the device with dynamic ACL. This is both zero-configuration and more secure. + # + # This file starts with 62- because all systemd device identification groups use 60- as priority, and we want rules + # here to take priority, but this must be smaller than 73-seat-late.rules. + + # 90-lowrisc.rules + + # NewAE Technology Inc. ChipWhisperer boards e.g. CW310, CW305, CW-Lite, CW-Husky + SUBSYSTEM=="usb|tty", ATTRS{idVendor}=="2b3e", ATTRS{idProduct}=="ace[0-9]|c[3-6][0-9][0-9]", ENV{ID_FPGA}="1" + + # Digilent rule removed because it's covered by Xilinx rules. + + # Future Technology Devices International, Ltd FT232 Serial (UART) IC + SUBSYSTEM=="usb|tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ENV{ID_FPGA}="1" + + # 52-xilinx-digilent-usb.rules + + ATTRS{idVendor}=="1443", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="0403", ATTRS{manufacturer}=="Digilent", ENV{ID_FPGA}="1" + + # 52-xilinx-ftdi-usb.rules + + ATTRS{idVendor}=="0403", ATTRS{manufacturer}=="Xilinx", ENV{ID_FPGA}="1" + + # 52-xilinx-pcusb.rules + + # These rules are changed from `ATTR` to `ATTRS`, see https://support.xilinx.com/s/question/0D52E000074LyuDSAS/bug-udev-rules-badly-written + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0008", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0007", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0009", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="000d", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="000f", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0013", ENV{ID_FPGA}="1" + ATTRS{idVendor}=="03fd", ATTRS{idProduct}=="0015", ENV{ID_FPGA}="1" + + # We do not set group here becuase `plugdev` group is non-standard, and as mentioned above, discouraged. + # For FPGA machines that need user to SSH into them to use, one can add another rule like: + # ``` + # ACTION="add|change", ENV{ID_FPGA}=="1", GROUP="plugdev", MODE="0660" + # ``` + ACTION=="add|change", ENV{ID_FPGA}=="1", TAG+="uaccess" + ''; +}