Wishbone FLASH Interface for Parallel FLASH

Dear Howard M. Harte,

I am a graduate student working on hardware security area. I'm analyzing some open source designs to investigate possible security threats. During that process, I found a minor issue and would like to suggest a patch for it.

The output port flash_dat_o contains data toward the flash memory. The module always forwards data from input wb_dat_i toward that output port. However, I think we should forward the data only if valid flash_write enable signal is on. Or, some attackers might exploit this interface to send data from other hardware modules via flash write data channel when the flash_dat_o output port is not used by the flash memory.

Here is my suggestion: (Line 109 of wb_flash.v)

assign flash_dat_o = (wb_sel_i == 4'b0001 ? wb_dat_i7:0 : wb_sel_i == 4'b0010 ? wb_dat_i15:8 : wb_sel_i == 4'b0100 ? wb_dat_i23:16 : wb_dat_i31:24);

assign flash_dat_o = (flash_we == 1)? (wb_sel_i == 4'b0001 ? wb_dat_i7:0 : wb_sel_i == 4'b0010 ? wb_dat_i15:8 : wb_sel_i == 4'b0100 ? wb_dat_i23:16 : wb_dat_i31:24) : 0;

I believe this does not harm the functionality and make your design more secure than before. It would be great if you consider this suggestion.

Thank you, Hyoukjun Kwon