[dice] hack to parse uds_cwt

Signed-off-by: Tommy Chiu <[email protected]>

sw/device/silicon_creator/manuf/base/ft_personalize.c

@@ -615,6 +615,22 @@ static status_t personalize_endorse_certificates(ujson_t *uj) {
     next_cert += block.obj_size;
     free_room -= block.obj_size;
   }
+  // "perso_blob_from_host" doesn't contain the 'kPersoObjectTypeCwtCert'
+  // objects since it's not encorsed by the host, which leads to some data
+  // missing under current design.
+  // Add a hack to force parse the "perso_blob_to_host" if the uds_cwt_offset is
+  // set by the perso_extension.
+  if (uds_cwt_offset != 0) {
+    TRY(perso_tlv_set_cert_block(
+        perso_blob_to_host.body + uds_cwt_offset,
+        sizeof(perso_blob_to_host.body) - uds_cwt_offset, &block));
+    if (block.obj_size > free_room)
+      return RESOURCE_EXHAUSTED();
+
+    memcpy(next_cert, block.wrapped_cert_p, block.obj_size);
+    LOG_INFO("Copied %s certificate", block.name);
+    free_room -= block.obj_size;
+  }
 
   // Now the rest of endorsed certificates received from the host, if any.
   while (perso_blob_from_host.num_objs)

sw/device/silicon_creator/manuf/base/personalize_ext.h

@@ -10,6 +10,7 @@
 #include "sw/device/lib/testing/json/provisioning_data.h"
 #include "sw/device/silicon_creator/lib/cert/cert.h"
 
+extern size_t uds_cwt_offset;
 /**
  * Parameters passed to personalization extension function invoked before data
  * is sent to the host for endorsement. Not all parameters are necessarily used

sw/device/silicon_creator/manuf/base/tpm_personalize_ext.c

@@ -33,6 +33,8 @@ static cert_key_id_pair_t tpm_key_ids = {.endorsement = &tpm_endorsement_key_id,
                                          .cert = &tpm_pubkey_id};
 static ecdsa_p256_public_key_t curr_pubkey = {.x = {0}, .y = {0}};
 
+size_t uds_cwt_offset = 0;
+
 /**
  * Initializes all DIF handles used in this program.
  */