From 06d2255577757320745deb45752b655658a88f30 Mon Sep 17 00:00:00 2001 From: Chris Frantz Date: Mon, 28 Oct 2024 12:19:12 -0700 Subject: [PATCH] [signing] Publish signing ceremony 2024-10-25 Signed-off-by: Chris Frantz --- signing/logs/2024-10-25.md | 295 +++++++++++++++++++++++++++++++++++++ 1 file changed, 295 insertions(+) create mode 100644 signing/logs/2024-10-25.md diff --git a/signing/logs/2024-10-25.md b/signing/logs/2024-10-25.md new file mode 100644 index 0000000000000..e4848e5d7b95f --- /dev/null +++ b/signing/logs/2024-10-25.md @@ -0,0 +1,295 @@ +# Signing Ceremony 2024-10-25 + +- Purpose: + - Create new a ROM\_EXT release with ownership transfer and a validatable DICE chain. + - Correct the `protect_when_active` defect in ROM_EXT 0.5. +- Participants: cfrantz (leader), moidx(witness), ttrippel (witness). + +## Ceremony Prolog + +Before the ceremony, we double checked build reproducibility. +At opentitan commit ebb466707eda33c46157c477d3598f87844272e2 on branch +`earlgrey_es_sival`, we ran: + +``` +bazel build --stamp \ + --//sw/device/silicon_creator/rom_ext:secver_write=false \ + //sw/device/silicon_creator/rom_ext/proda:digests \ + //sw/device/silicon_creator/rom_ext/prodc:digests \ + //sw/device/silicon_creator/rom_ext/sival:digests + +sha256sum \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar +e3d3ac9f3dd3ca3d5514f6580adede5cfe10432c3ea9a90668b8f5109cb40e22 bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar +1ede4cbfd47b40c23632b820e33fe86e4ab59c1656d4ada8d98a608fcb3de9f6 bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar +c7ba82eb6004b0e6fc713004f606ea382aec71f0168c3957a53ea7d9a420e39d bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar +``` + +Having established that the binaries are reproducible, we copied the digests and +`hsmtool` to a staging subdirectory. +``` +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar ~/signing/proda.tar +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar ~/signing/prodc.tar +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar ~/signing/sival.tar +cp bazel-out/k8-fastbuild/bin/sw/host/hsmtool/hsmtool ~/signing +``` + +## Entrust HSM driver + +No driver updates were required during this ceremony. + +## Ceremony + +### Setup & Authenticate to the HSM + +``` +$ export HSMTOOL_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so +$ cd ~/signing + +$ /opt/nfast/bin/preload -c earlgrey_a0 /bin/bash + +2024-05-23 16:39:11: [1825312]: INFO: Preload running with: -c earlgrey_a0 /bin/bash +2024-05-23 16:39:12: [1825312]: INFO: Created a (new) connection to Hardserver +2024-05-23 16:39:12: [1825312]: INFO: Modules newly usable: [1]. +2024-05-23 16:39:12: [1825312]: INFO: Found a change in the system: an update pass is needed. +2024-05-23 16:39:12: [1825312]: INFO: Loading cardset: earlgrey_a0 in modules: [1] + +Loading `earlgrey_a0': + Module 1 slot 0: empty + Module 1 slot 2: empty + Module 1 slot 3: empty + Module 1 slot 4: empty + Module 1 slot 0: `earlgrey_a0' #6 + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0: `earlgrey_a0' #6: already read + Module 1 slot 0: empty + Module 1 slot 0: `earlgrey_a0' #7 + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0: `earlgrey_a0' #7: already read + Module 1 slot 0: empty + Module 1 slot 0: `earlgrey_a0' #8 + Module 1 slot 0:- passphrase supplied - reading card +Card reading complete. + +2024-05-23 16:43:16: [1825312]: INFO: Loading cardset: Cardset: earlgrey_a0 (1c7c...) in module: 1 +2024-05-23 16:43:16: [1825312]: INFO: Stored Cardset: earlgrey_a0 (1c7c...) in module #1 +2024-05-23 16:43:16: [1825312]: INFO: Maintaining the cardset earlgrey_a0 protected key(s)=['pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb']. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: Loading complete. Executing subprocess /bin/bash + +$ ./hsmtool token list +{ + "tokens": [ + { + "label": "loadshared accelerator", + "manufacturer_id": "nCipher Corp. Ltd", + "model": "", + "serial_number": "" + }, + { + "label": "earlgrey_a0", + "manufacturer_id": "nCipher Corp. Ltd", + "model": "", + "serial_number": "1c7c81df30010626" + } + ] +} +``` + +## Signing + +Signing was performed in the staging subdirectory inside the `preload` subshell. + +### ProdA signatures + +``` +$ mkdir proda +$ cd proda +$ tar xvf ../proda.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json + +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +### ProdC signatures + +``` +$ mkdir prodc +$ cd prodc +$ tar xvf ../prodc.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +### SiVal signatures + +``` +$ mkdir sival +$ cd sival +$ tar xvf ../sival.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json + +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +## Ceremony Epilog + +After signing, the signatures were collected so they could be tested prior to +publishing the signatures and binaries. The `preload` session was exited, thus logging out of the HSM. + +``` +$ tar cvf signatures.tar */*.rsa_sig + +proda/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +proda/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +proda/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig + +$ exit +``` + +### Attaching signatures + +The following command was used to attach the signatures to the ROM\_EXT binaries: + +``` +bazel build --stamp --//sw/device/silicon_creator/rom_ext:secver_write=false \ + //sw/device/silicon_creator/rom_ext/prodc:signed \ + //sw/device/silicon_creator/rom_ext/proda:signed \ + //sw/device/silicon_creator/rom_ext/sival:signed +```