[manuf] load assembled image during personalization

This enables loading a combined image containing the personalization firmware in slot a and ROM_EXT in slot b during personalization flow at the 2nd bootstrap. This also updates the ft provisioning library to verify the successful ROM_EXT boot-up. Signed-off-by: Anthony Chen <[email protected]>
lowRISC · Oct 31, 2024 · 86bf027 · 86bf027
1 parent 70b9751
commit 86bf027
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 2 deletions.
diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD
@@ -26,6 +26,10 @@ load(
     "//sw/device/silicon_creator/rom_ext:defs.bzl",
     "ROM_EXT_VERSION",
 )
+load(
+    "//sw/device/silicon_creator/rom/e2e:defs.bzl",
+    "SLOTS",
+)
 
 package(default_visibility = ["//visibility:public"])
 
@@ -340,6 +344,7 @@ bool_flag(
 _FT_PROVISIONING_CMD_ARGS = """
   --elf={sram_ft_individualize}
   --bootstrap={ft_personalize}
+  --second-bootstrap={firmware}
 """ + FT_PROVISIONING_INPUTS + select({
     ":ckms_cert_endorsement_params": CLOUD_KMS_CERT_ENDORSEMENT_PARAMS,
     "//conditions:default": LOCAL_CERT_ENDORSEMENT_PARAMS,
@@ -357,15 +362,19 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft:ft_{}"
         },
         fpga = fpga_params(
             timeout = "long",
+            assemble = "{ft_personalize}@{slot_a} {rom_ext}@{slot_b}",
             binaries =
                 {
                     ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
                     ":ft_personalize_{}".format(sku): "ft_personalize",
+                    "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b": "rom_ext",
                 },
             changes_otp = True,
             data = FT_PERSONALIZE_ENDORSEMENT_KEYS,
             needs_jtag = True,
             otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_locked0_manuf_initialized",
+            slot_a = SLOTS["a"],
+            slot_b = SLOTS["b"],
             tags = [
                 "lc_test_locked0",
                 "manuf",
@@ -374,15 +383,19 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft:ft_{}"
             test_harness = _FT_PROVISIONING_HARNESS.format(sku),
         ),
         silicon = silicon_params(
+            assemble = "{ft_personalize}@{slot_a} {rom_ext}@{slot_b}",
             binaries =
                 {
                     ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
                     ":ft_personalize_{}".format(sku): "ft_personalize",
+                    "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b": "rom_ext",
                 },
             changes_otp = True,
             data = FT_PERSONALIZE_ENDORSEMENT_KEYS,
             interface = "teacup",
             needs_jtag = True,
+            slot_a = SLOTS["a"],
+            slot_b = SLOTS["b"],
             test_cmd = _FT_PROVISIONING_CMD_ARGS,
             test_harness = _FT_PROVISIONING_HARNESS.format(sku),
         ),

diff --git a/sw/device/silicon_creator/rom_ext/sival/BUILD b/sw/device/silicon_creator/rom_ext/sival/BUILD
@@ -42,12 +42,14 @@ opentitan_binary(
     exec_env = [
         "//hw/top_earlgrey:silicon_creator",
         "//hw/top_earlgrey:fpga_cw310",
+        "//hw/top_earlgrey:fpga_cw340",
         "//hw/top_earlgrey:sim_dv_base",
         "//hw/top_earlgrey:sim_verilator_base",
     ],
     linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_a",
     linkopts = LINK_ORDER,
     manifest = ":manifest_sival",
+    spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"},
     deps = [
         "//sw/device/lib/crt",
         "//sw/device/silicon_creator/lib:manifest_def",
@@ -62,12 +64,14 @@ opentitan_binary(
     exec_env = [
         "//hw/top_earlgrey:silicon_creator",
         "//hw/top_earlgrey:fpga_cw310",
+        "//hw/top_earlgrey:fpga_cw340",
         "//hw/top_earlgrey:sim_dv_base",
         "//hw/top_earlgrey:sim_verilator_base",
     ],
     linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_b",
     linkopts = LINK_ORDER,
     manifest = ":manifest_sival",
+    spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"},
     deps = [
         "//sw/device/lib/crt",
         "//sw/device/silicon_creator/lib:manifest_def",

diff --git a/sw/host/provisioning/ft/src/main.rs b/sw/host/provisioning/ft/src/main.rs
@@ -8,7 +8,10 @@ use std::time::Duration;
 use anyhow::{bail, Result};
 use clap::{Args, Parser};
 
-use ft_lib::{run_ft_personalize, run_sram_ft_individualize, test_exit, test_unlock, KeyWrapper};
+use ft_lib::{
+    check_rom_ext_boot_up, run_ft_personalize, run_sram_ft_individualize, test_exit, test_unlock,
+    KeyWrapper,
+};
 use opentitanlib::backend;
 use opentitanlib::console::spi::SpiConsoleDevice;
 use opentitanlib::dif::lc_ctrl::DifLcCtrlState;
@@ -91,6 +94,10 @@ struct Opts {
     #[command(flatten)]
     provisioning_data: ManufFtProvisioningDataInput,
 
+    /// Second image (perso FW + ROM_EXT/Owner FW bundle) to bootstrap.
+    #[arg(long)]
+    second_bootstrap: PathBuf,
+
     /// Console receive timeout.
     #[arg(long, value_parser = humantime::parse_duration, default_value = "600s")]
     timeout: Duration,
@@ -232,9 +239,14 @@ fn main() -> Result<()> {
         opts.provisioning_data.ca_certificate,
         &rma_unlock_token_hash,
         &spi_console_device,
+        opts.second_bootstrap,
     )?;
 
     log::info!("Provisioning Done");
 
+    check_rom_ext_boot_up(&transport, &opts.init, opts.timeout)?;
+
+    log::info!("Successfully boot into ROM_EXT");
+
     Ok(())
 }
diff --git a/sw/host/provisioning/ft_lib/src/lib.rs b/sw/host/provisioning/ft_lib/src/lib.rs
@@ -439,12 +439,14 @@ pub fn run_ft_personalize(
     ca_certificate: PathBuf,
     rma_unlock_token_hash: &ArrayVec<u32, 4>,
     spi_console: &SpiConsoleDevice,
+    second_bootstrap: PathBuf,
 ) -> Result<()> {
     // Bootstrap personalization binary into flash.
     init.bootstrap.init(transport)?;
     // Bootstrap again since the flash scrambling seeds were provisioned in the previous step.
     let _ = UartConsole::wait_for(spi_console, r"Bootstrap requested.", timeout)?;
-    init.bootstrap.init(transport)?;
+    // This time loading personalization binary in flash slot A and ROM_EXT + Owner FW in flash slot B.
+    init.bootstrap.load(transport, &second_bootstrap)?;
     send_rma_unlock_token_hash(rma_unlock_token_hash, timeout, spi_console)?;
     provision_certificates(
         cert_endorsement_key_wrapper,
@@ -458,3 +460,15 @@ pub fn run_ft_personalize(
 
     Ok(())
 }
+
+pub fn check_rom_ext_boot_up(
+    transport: &TransportWrapper,
+    init: &InitializeTest,
+    timeout: Duration,
+) -> Result<()> {
+    transport.reset_target(init.bootstrap.options.reset_delay, true)?;
+    let uart_console = transport.uart("console")?;
+    let _ = UartConsole::wait_for(&*uart_console, r"Starting ROM_EXT.*\r\n", timeout)?;
+
+    Ok(())
+}