Hi, we have been using CW-husky kit to measure instruction level current/power consumption. We tried to figure out exactly which clock cycle the power measurement samples corresponds to the first instruction, after trigger_high() kicks in.
Attached is the .lst file. Can you tell us how many clock cycles are used for trigger_high() in the stack, before capturing the power samples for the first instruction? If the capture starts after the or to set the GPIO pin, then I can only account for 6 cycles. If the or itself is included, that’s 8 cycles. How many cycles shall we exclude so that we can align the measurements with the instructions?
How can I upload the .lst file to this post?
Thank you very much!
Christine
This kind of question comes up every once in a while; I think it’s usually misguided, which is why I wrote this: Which target instruction does this power sample correspond to? — ChipWhisperer Documentation
If you still want to do this you need to also consider the latency in the capture system. The A/D chip itself (ADS4128) has 10 clock cycles of latency (we use its low-latency mode). There is also latency in the FPGA, which will depend on scope.trigger.module. If this is set to “basic” then that’s 4 cycles.
Analysis of an .lst file in this context is beyond our support.
Thanks for the link to your writeup.
We really like the CW platforms and the capture tool, which is very useful. It makes sense that for AES or ECC types of Power SC attacks or leakage, we do not need the instruction-level granularity. But we consider that the CW platform could do more in addition to the SC attacks. In fact, we are looking into the micro-architectural level impacts on power leakage. That is the reason why I raised this topic.
We have a number of capture files for the iCE FPGA target board with the neoRV soft core. In the end of your writeup, can you elaborate more on “unless you have access to your target microprocessor’s gate-level netlist”? what methods could be used if we know the netlist?
Thanks!
If you have the netlist, then you can run a simulation where you’ll be able to see exactly the time delta between when your target instruction is executed and when the trigger line is raised.