diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD index b8c9d6c501149..ac1f20e057472 100644 --- a/sw/device/silicon_creator/manuf/base/BUILD +++ b/sw/device/silicon_creator/manuf/base/BUILD @@ -16,6 +16,7 @@ load( "//sw/device/silicon_creator/manuf/base:provisioning_inputs.bzl", "CLOUD_KMS_CERT_ENDORSEMENT_PARAMS", "CP_PROVISIONING_INPUTS", + "EARLGREY_OTP_CFGS", "EARLGREY_SKUS", "FT_PERSONALIZE_ENDORSEMENT_KEYS", "FT_PROVISIONING_INPUTS", @@ -170,7 +171,7 @@ opentitan_test( [ opentitan_binary( - name = "sram_ft_individualize_{}".format(sku), + name = "sram_ft_individualize_{}".format(cfg), testonly = True, srcs = ["sram_ft_individualize.c"], exec_env = { @@ -202,18 +203,18 @@ opentitan_test( "//sw/device/silicon_creator/manuf/lib:individualize", "//sw/device/silicon_creator/manuf/lib:otp_fields", "//sw/device/silicon_creator/manuf/lib:sram_start", - "//sw/device/silicon_creator/manuf/lib:individualize_sw_cfg_{}".format(sku), + "//sw/device/silicon_creator/manuf/lib:individualize_sw_cfg_{}".format(cfg), ], ) - for sku in EARLGREY_SKUS + for cfg in EARLGREY_OTP_CFGS ] filegroup( name = "sram_ft_individualize_all", testonly = True, srcs = [ - ":sram_ft_individualize_{}".format(sku) - for sku in EARLGREY_SKUS + ":sram_ft_individualize_{}".format(cfg) + for cfg in EARLGREY_OTP_CFGS ], ) @@ -222,61 +223,6 @@ cc_library( hdrs = ["personalize_ext.h"], ) -_DICE_EXTS = [ - { - "suffix": "", - "ext_libs": ["//sw/device/silicon_creator/lib/cert:dice"], - }, - { - "suffix": "_dice_cwt", - "ext_libs": ["//sw/device/silicon_creator/lib/cert:dice_cwt"], - }, -] - -[ - cc_library( - name = "ft_personalize_{}_base{}".format( - sku, - dice["suffix"], - ), - srcs = ["ft_personalize.c"], - deps = [ - ":perso_tlv_data", - ":personalize_ext", - "//sw/device/lib/crypto/drivers:entropy", - "//sw/device/lib/dif:flash_ctrl", - "//sw/device/lib/dif:lc_ctrl", - "//sw/device/lib/dif:otp_ctrl", - "//sw/device/lib/dif:rstmgr", - "//sw/device/lib/runtime:log", - "//sw/device/lib/testing:lc_ctrl_testutils", - "//sw/device/lib/testing:rstmgr_testutils", - "//sw/device/lib/testing/json:provisioning_data", - "//sw/device/lib/testing/test_framework:check", - "//sw/device/lib/testing/test_framework:ottf_main", - "//sw/device/lib/testing/test_framework:status", - "//sw/device/lib/testing/test_framework:ujson_ottf", - "//sw/device/silicon_creator/lib:attestation", - "//sw/device/silicon_creator/lib:otbn_boot_services", - "//sw/device/silicon_creator/lib/base:util", - "//sw/device/silicon_creator/lib/cert", - "//sw/device/silicon_creator/lib/cert:cdi_0_template_library", - "//sw/device/silicon_creator/lib/cert:cdi_1_template_library", - "//sw/device/silicon_creator/lib/cert:tpm_ek_template_library", - "//sw/device/silicon_creator/lib/cert:uds_template_library", - "//sw/device/silicon_creator/lib/drivers:flash_ctrl", - "//sw/device/silicon_creator/lib/drivers:hmac", - "//sw/device/silicon_creator/lib/drivers:keymgr", - "//sw/device/silicon_creator/lib/drivers:kmac", - "//sw/device/silicon_creator/manuf/lib:flash_info_fields", - "//sw/device/silicon_creator/manuf/lib:individualize_sw_cfg_{}".format(sku), - "//sw/device/silicon_creator/manuf/lib:personalize", - ] + dice["ext_libs"], - ) - for sku in EARLGREY_SKUS - for dice in _DICE_EXTS -] - cc_library( name = "tpm_perso_fw_ext", srcs = ["tpm_personalize_ext.c"], @@ -322,17 +268,6 @@ cc_library( ], ) -_FT_PERSO_EXTS = [ - { - "suffix": "", - "ext_libs": ["@provisioning_exts//:perso_fw_ext"], - }, - { - "suffix": "_tpm_ext", - "ext_libs": [":tpm_perso_fw_ext"], - }, -] - manifest(d = { "name": "manifest_perso", "identifier": hex(CONST.ROM_EXT), @@ -345,10 +280,7 @@ manifest(d = { [ opentitan_binary( - name = "ft_personalize_{}{}".format( - sku, - ext["suffix"] + dice["suffix"], - ), + name = "ft_personalize_{}".format(sku), testonly = True, srcs = ["ft_personalize.c"], ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, @@ -360,27 +292,47 @@ manifest(d = { linker_script = "//sw/device/lib/testing/test_framework:ottf_ld_silicon_creator_slot_a", manifest = ":manifest_perso", spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, - deps = [":ft_personalize_{}_base{}".format( - sku, - dice["suffix"], - )] + ext["ext_libs"], + deps = [ + ":perso_tlv_data", + ":personalize_ext", + "//sw/device/lib/crypto/drivers:entropy", + "//sw/device/lib/dif:flash_ctrl", + "//sw/device/lib/dif:lc_ctrl", + "//sw/device/lib/dif:otp_ctrl", + "//sw/device/lib/dif:rstmgr", + "//sw/device/lib/runtime:log", + "//sw/device/lib/testing:lc_ctrl_testutils", + "//sw/device/lib/testing:rstmgr_testutils", + "//sw/device/lib/testing/json:provisioning_data", + "//sw/device/lib/testing/test_framework:check", + "//sw/device/lib/testing/test_framework:ottf_main", + "//sw/device/lib/testing/test_framework:status", + "//sw/device/lib/testing/test_framework:ujson_ottf", + "//sw/device/silicon_creator/lib:attestation", + "//sw/device/silicon_creator/lib:otbn_boot_services", + "//sw/device/silicon_creator/lib/base:util", + "//sw/device/silicon_creator/lib/cert", + "//sw/device/silicon_creator/lib/cert:cdi_0_template_library", + "//sw/device/silicon_creator/lib/cert:cdi_1_template_library", + "//sw/device/silicon_creator/lib/cert:uds_template_library", + "//sw/device/silicon_creator/lib/drivers:flash_ctrl", + "//sw/device/silicon_creator/lib/drivers:hmac", + "//sw/device/silicon_creator/lib/drivers:keymgr", + "//sw/device/silicon_creator/lib/drivers:kmac", + "//sw/device/silicon_creator/manuf/lib:flash_info_fields", + "//sw/device/silicon_creator/manuf/lib:individualize_sw_cfg_{}".format(config["otp"]), + "//sw/device/silicon_creator/manuf/lib:personalize", + ] + config["dice_libs"] + config["ext_libs"], ) - for sku in EARLGREY_SKUS - for ext in _FT_PERSO_EXTS - for dice in _DICE_EXTS + for sku, config in EARLGREY_SKUS.items() ] filegroup( name = "ft_personalize_all", testonly = True, srcs = [ - ":ft_personalize_{}{}".format( - sku, - ext["suffix"] + dice["suffix"], - ) - for sku in EARLGREY_SKUS - for ext in _FT_PERSO_EXTS - for dice in _DICE_EXTS + ":ft_personalize_{}".format(sku) + for sku in EARLGREY_SKUS.keys() ], ) @@ -406,10 +358,7 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft" [ opentitan_test( - name = "ft_provision_{}{}".format( - sku, - ext["suffix"] + dice["suffix"], - ), + name = "ft_provision_{}".format(sku), exec_env = { "//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys": None, "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None, @@ -419,11 +368,8 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft" timeout = "long", binaries = { - ":sram_ft_individualize_{}".format(sku): "sram_ft_individualize", - ":ft_personalize_{}{}".format( - sku, - ext["suffix"] + dice["suffix"], - ): "ft_personalize", + ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize", + ":ft_personalize_{}".format(sku): "ft_personalize", }, changes_otp = True, data = FT_PERSONALIZE_ENDORSEMENT_KEYS, @@ -439,11 +385,8 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft" silicon = silicon_params( binaries = { - ":sram_ft_individualize_{}".format(sku): "sram_ft_individualize", - ":ft_personalize_{}{}".format( - sku, - ext["suffix"] + dice["suffix"], - ): "ft_personalize", + ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize", + ":ft_personalize_{}".format(sku): "ft_personalize", }, changes_otp = True, data = FT_PERSONALIZE_ENDORSEMENT_KEYS, @@ -453,7 +396,23 @@ _FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft" test_harness = _FT_PROVISIONING_HARNESS, ), ) - for sku in EARLGREY_SKUS - for ext in _FT_PERSO_EXTS - for dice in _DICE_EXTS + for sku, config in EARLGREY_SKUS.items() ] + +test_suite( + name = "ft_provision_cw310", + tags = ["manual"], + tests = [ + ":ft_provision_{}_fpga_hyper310_rom_with_fake_keys".format(sku) + for sku in EARLGREY_SKUS.keys() + ], +) + +test_suite( + name = "ft_provision_cw340", + tags = ["manual"], + tests = [ + ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku) + for sku in EARLGREY_SKUS.keys() + ], +) diff --git a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl index 6d1b9abe96841..c33589d1382bc 100644 --- a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl +++ b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl @@ -2,11 +2,42 @@ # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 -EARLGREY_SKUS = [ +EARLGREY_OTP_CFGS = [ "sival", "prodc", ] +EARLGREY_SKUS = { + # OTP Config: SIVAL; DICE Certs: X.509; Additional Certs: None + "sival": { + "otp": "sival", + "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"], + "ext_libs": ["@provisioning_exts//:perso_fw_ext"], + }, + # OTP Config: SIVAL; DICE Certs: CWT; Additional Certs: None + # TODO(#24281): uncomment when DICE CWT cert flows are fully supported + # "sival_dice_cwt": { + # "otp": "sival", + # "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice_cwt"], + # "ext_libs": ["@provisioning_exts//:perso_fw_ext"], + # }, + # OTP Config: SIVAL; DICE Certs: X.509; Additional Certs: TPM EK + "sival_tpm": { + "otp": "sival", + "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"], + "ext_libs": [ + "//sw/device/silicon_creator/lib/cert:tpm_ek_template_library", + "//sw/device/silicon_creator/manuf/base:tpm_perso_fw_ext", + ], + }, + # OTP Config: PRODC; DICE Certs: X.509; Additional Certs: None + "prodc": { + "otp": "prodc", + "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"], + "ext_libs": ["@provisioning_exts//:perso_fw_ext"], + }, +} + _DEVICE_ID_AND_TEST_TOKENS = """ --device-id="0x11111111_22222222_33333333_44444444_55555555_66666666_77777777_88888888" --test-unlock-token="0x11111111_11111111_11111111_11111111" diff --git a/sw/device/silicon_creator/manuf/lib/BUILD b/sw/device/silicon_creator/manuf/lib/BUILD index 4e7250ef71daf..b536d94996f7c 100644 --- a/sw/device/silicon_creator/manuf/lib/BUILD +++ b/sw/device/silicon_creator/manuf/lib/BUILD @@ -11,7 +11,7 @@ load( ) load( "//sw/device/silicon_creator/manuf/base:provisioning_inputs.bzl", - "EARLGREY_SKUS", + "EARLGREY_OTP_CFGS", ) package(default_visibility = ["//visibility:public"]) @@ -187,16 +187,16 @@ cc_library( ) # As more SKUs are created with different OTP configurations, libraries can be -# added by updating EARLGREY_SKUS accordingly. +# added by updating EARLGREY_OTP_CFGS accordingly. [ cc_library( - name = "individualize_sw_cfg_{}".format(sku), + name = "individualize_sw_cfg_{}".format(cfg), deps = [ ":individualize_sw_cfg", - "//hw/ip/otp_ctrl/data/earlgrey_skus/{}:otp_consts".format(sku), + "//hw/ip/otp_ctrl/data/earlgrey_skus/{}:otp_consts".format(cfg), ], ) - for sku in EARLGREY_SKUS + for cfg in EARLGREY_OTP_CFGS ] opentitan_test(