Difference between revisions of "Novena EVT to DVT changes"
(→ECO10: Input cap bleed) |
(→ECO12: Add user switch on bottom side) |
||
Line 179: | Line 179: | ||
|} | |} | ||
+ | == ECO13: Prevent attack by making DDC_SCL unidirectional == | ||
+ | HDMI DDC and PMIC share the same I2C bus. This means that a hostile HDMI device could commandeer the I2C bus and attempt to reprogram the PMIC with values that can potentially cause permanent damage to the board. Prevent this by turning the DDC device into a slave only. This is accomplished by changing the level shifter on the bus into a unidirectional buffer. This prevents the trivial attack scenario on the board, where any I2C capable device could be wired into an HDMI plug and used to destroy a Novena. | ||
+ | |||
+ | However, it may be possible for a device on the DDC to monitor the SCL/SDA lines and attempt to modify bits going into the PMIC by overriding the SDA line's value using a very strong driver. | ||
− | |||
* DDC_SCL changed to driver-only to prevent DoS attack on device via HDMI port | * DDC_SCL changed to driver-only to prevent DoS attack on device via HDMI port |
Revision as of 15:23, 19 March 2013
Contents
- 1 Novena EVT to DVT changes
- 1.1 ECO1: Inrush current limit
- 1.2 ECO2: FPGA boot fuse interference
- 1.3 ECO3: Gbit Ethernet Reset
- 1.4 ECO4: PCIe power on
- 1.5 ECO5: Improve magnetics termination
- 1.6 ECO6: Gbit reflcock SI
- 1.7 ECO7: HDMI HPD polarity
- 1.8 ECO8: Audio chip sucks (power)
- 1.9 ECO9: Reset pulse too short
- 1.10 ECO10: Input cap bleed
- 1.11 ECO11: Split audio record/playback clocks
- 1.12 ECO12: Add user switch on bottom side
- 1.13 ECO13: Prevent attack by making DDC_SCL unidirectional
Novena EVT to DVT changes
This is a list of all the changes applied to the board from EVT1A to DVT1 release. If it's not on this list, it didn't happen.
Each change has the format of issue summary/resolution, and specific change
ECO1: Inrush current limit
The RC constant governing the turn-on/turn-off rates of the FET power switches needs tuning. In EVT, most switches are turning on too quickly for them to be effective. Resolution is to increase capacitance and resistance.
EVT | DVT | Notes |
---|---|---|
R38N 330, 1% / REC1005N | R38N 10k, 1% / RESC1005N | P3.3V_DELAYED |
C30N 0.1uF, 6.3V, X5R / CAPC0603N_B | C30N 1.0uF, 25V, 20% X5R / CAPC1608N | P3.3V_DELAYED |
R29N 330, 1% / REC1005N | R29N 10k, 1% / RESC1005N | P5.0V_DELAYED |
C27N 0.1uF, 6.3V, X5R / CAPC0603N_B | C27N 1.0uF, 25V, 20% X5R / CAPC1608N | P5.0V_DELAYED |
R11H 330, 1% / REC1005N | R11H 10k, 1% / RESC1005N | SATA_PWRON |
C10H 0.1uF, 6.3V, X5R / CAPC0603N_B | C10H 1.0uF, 25V, 20% X5R / CAPC1608N | SATA_PWRON |
C10X 0.1uF, 6.3V, X5R / CAPC0603N_B | C10X 1.0uF, 25V, 20% X5R / CAPC1608N | PCIE_PWRON |
R15L 1k, 1% / REC1005N | R15L 10k, 1% / RESC1005N | LCD_VCC_SW |
C14L 0.1uF, 6.3V, X5R / CAPC0603N_B | C14L 1.0uF, 25V, 20% X5R / CAPC1608N | LCD_VCC_SW |
C19L 0.1uF, 25V, X5R / CAPC1005N | C19L 1.0uF, 25V, 20% X5R / CAPC1608N | LCD_BL_VDD |
ECO2: FPGA boot fuse interference
FPGA's internal pull-ups on boot will yank boot fuses to the CPU, causing wrong boot source to be selected.
EVT | DVT | Notes |
---|---|---|
R12F 4.7k, 1% / REC1005N | R12F 4.7k, 1% (DNP) / RESC1005N | depop pull-down |
R13F 4.7k, 1% (DNP) / REC1005N | R13F 4.7k, 1% / RESC1005N | populate pull-up |
ECO3: Gbit Ethernet Reset
Default circuit recommended by reference design is bogus. Get rid of it.
EVT | DVT | Notes |
---|---|---|
C32G 10uF, 10V, X5R, 20% | removed | |
D11G BAT54T1G | removed | |
D12G BAT54T1G | removed | |
R20G 10k, 1% | R20G 10k, 1% (DNP) | also changed to pull to ground by default |
ECO4: PCIe power on
Wire PCI express power on line (gate of Q10X) to ball R1 / pad name GPIO_17 / "GPIO7[12] aka 6 * 32 + 12 = GPIO 204". Software change required
ECO5: Improve magnetics termination
The magnetics in the PHY are not terminated properly, causing ISSI.
EVT | DVT | Notes |
---|---|---|
R14G 0 ohm | R14G 0 ohm (DNP) | also move EN1G_3.3VA line to other side of decaps on CT |
ECO6: Gbit reflcock SI
Drive strength of U10G is not strong enough to overcome series terminator. Replace with shunt.
EVT | DVT | Notes |
---|---|---|
R21G 49.9, 1% RESC1005N | R21G 0 ohm RESC1005N | Double-check routing, consider RC shunt terminator |
ECO7: HDMI HPD polarity
HDMI HPD polarity is not software programmable, so need to buffer (not invert) incoming signal.
EVT | DVT | Notes |
---|---|---|
R28L 0 ohm | R28L 0 ohm (DNP) | |
R27L 0 ohm (DNP) | R27L 0 ohm | |
Q17L 2N7002W (DNP) | Q17L 2N7002W | |
R29L 10k, 1% (DNP) | R29L 10k, 1% |
ECO8: Audio chip sucks (power)
During power down, audio chip totally leaks power through the I2C bus. Need to really strengthen the pull-down to fully reset the chip and fight the pull-ups on I2C.
EVT | DVT | Notes |
---|---|---|
R21A 100, 1% | R21A 20 ohms, 1%,0402 | 10 ohm on EVT1A, but should be effective at 20 ohms. 10 ohms would be a new component, if lower value is needed go to 8.06 1% (from R10N) |
ECO9: Reset pulse too short
The PFUZE PMIC reset cycle is too short, approx 2 ms after VGEN6 (last supply) rises. Since there are other supplies slaved off of VGEN5/6 enables stabilizing, reset pulse needs to be lengthened. Use a standard reset monitor on the +5V line, which ensures a minimum 100ms total reset pulse width from 5V stable; provides plenty of margin for system to stabilize (~50ms or so).
EVT | DVT | Notes |
---|---|---|
(none) | U14N APX803-44-SAG-7 or RT9818CXXGVL 4.2V-4.38V setpoint | multiple parts can serve this role |
(none) | C33N 0.1uF, 25V, X5R |
ECO10: Input cap bleed
If there is an error condition on U11N, the chip goes into shut down. The leakage in protect mode is sufficiently small that it takes several seconds for the input caps to bleed down to a point where the error condition is cleared. This can lead to a bad user experience. For fixed installations, a 2.2k resistor is installed to bleed current on the input. This wastes about 65mW of power, but the capacitors now discharge in under a second. For battery/mobile installations, the resistor should *not* be installed, and instead the battery board should either guarantee sufficient time for a power cycle or there should be a switched pull-down on the battery board side to clear the error condition.
EVT | DVT | Notes |
---|---|---|
(none) | R31N 2.2k, 1% |
ECO11: Split audio record/playback clocks
The audio codec requires independent clocks for record and playback (in part to allow for dissimilar sample rates during full duplex operation).
- ALRCK is connected to what is currently LCD_BL_ON
- LCD_BL_ON is connected to what is currently KEY_ROW4
- User switch is no longer bridging GPIOs, it's now a button shorting a pull-up to ground
EVT | DVT | Notes |
---|---|---|
(none) | R15S 10k, 1% | software change required -- key col4 is normally pulled up, and goes low when user switch is hit |
(none) | C15S 0.1uF, 6.3V, X5R |
ECO12: Add user switch on bottom side
Add a user switch (mirror image) on bottom side of PCB to be compatible with new ID
EVT | DVT | Notes |
---|---|---|
(none) | SW11S TS-1187A, Chi Fung |
ECO13: Prevent attack by making DDC_SCL unidirectional
HDMI DDC and PMIC share the same I2C bus. This means that a hostile HDMI device could commandeer the I2C bus and attempt to reprogram the PMIC with values that can potentially cause permanent damage to the board. Prevent this by turning the DDC device into a slave only. This is accomplished by changing the level shifter on the bus into a unidirectional buffer. This prevents the trivial attack scenario on the board, where any I2C capable device could be wired into an HDMI plug and used to destroy a Novena.
However, it may be possible for a device on the DDC to monitor the SCL/SDA lines and attempt to modify bits going into the PMIC by overriding the SDA line's value using a very strong driver.
- DDC_SCL changed to driver-only to prevent DoS attack on device via HDMI port