diff --git a/signing/logs/2024-10-23.md b/signing/logs/2024-10-23.md new file mode 100644 index 0000000000000..3a49d912a2a0b --- /dev/null +++ b/signing/logs/2024-10-23.md @@ -0,0 +1,294 @@ +# Signing Ceremony 2024-10-23 + +- Purpose: + - Create new a ROM\_EXT release with ownership transfer and a validatable DICE chain. +- Participants: cfrantz (leader), ttrippel (witness). + +## Ceremony Prolog + +Before the ceremony, we double checked build reproducibility. +At opentitan commit 6677e8f102e3d250f671bdde9dec1086469bc9e4 on branch +`earlgrey_es_sival`, we ran: + +``` +bazel build --stamp \ + --//sw/device/silicon_creator/rom_ext:secver_write=false \ + //sw/device/silicon_creator/rom_ext/proda:digests \ + //sw/device/silicon_creator/rom_ext/prodc:digests \ + //sw/device/silicon_creator/rom_ext/sival:digests + +sha256sum \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar \ + bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar +f8c9100c359f970b216d71b75765f65808d493d93b009de72e2ea79d2eb85756 bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar +c8aa2231da1542c16178280caff832d86b788aca799b9e7aae445748c86d51b8 bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar +575aabbdc5ecce8e3ae58fb31ba4e73e4900fabd7d6a4eb803868dc1bb99a9ae bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar +``` + +Having established that the binaries are reproducible, we copied the digests and +`hsmtool` to a staging subdirectory. +``` +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar ~/signing/proda.tar +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar ~/signing/prodc.tar +cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar ~/signing/sival.tar +cp bazel-out/k8-fastbuild/bin/sw/host/hsmtool/hsmtool ~/signing +``` + +## Entrust HSM driver + +A driver re-compile was required because of a Linux kernel update. + +## Ceremony + +### Setup & Authenticate to the HSM + +``` +$ export HSMTOOL_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so +$ cd ~/signing + +$ /opt/nfast/bin/preload -c earlgrey_a0 /bin/bash + +2024-05-23 16:39:11: [1825312]: INFO: Preload running with: -c earlgrey_a0 /bin/bash +2024-05-23 16:39:12: [1825312]: INFO: Created a (new) connection to Hardserver +2024-05-23 16:39:12: [1825312]: INFO: Modules newly usable: [1]. +2024-05-23 16:39:12: [1825312]: INFO: Found a change in the system: an update pass is needed. +2024-05-23 16:39:12: [1825312]: INFO: Loading cardset: earlgrey_a0 in modules: [1] + +Loading `earlgrey_a0': + Module 1 slot 0: empty + Module 1 slot 2: empty + Module 1 slot 3: empty + Module 1 slot 4: empty + Module 1 slot 0: `earlgrey_a0' #6 + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0: `earlgrey_a0' #6: already read + Module 1 slot 0: empty + Module 1 slot 0: `earlgrey_a0' #7 + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0:- passphrase supplied - reading card + Module 1 slot 0: `earlgrey_a0' #7: already read + Module 1 slot 0: empty + Module 1 slot 0: `earlgrey_a0' #8 + Module 1 slot 0:- passphrase supplied - reading card +Card reading complete. + +2024-05-23 16:43:16: [1825312]: INFO: Loading cardset: Cardset: earlgrey_a0 (1c7c...) in module: 1 +2024-05-23 16:43:16: [1825312]: INFO: Stored Cardset: earlgrey_a0 (1c7c...) in module #1 +2024-05-23 16:43:16: [1825312]: INFO: Maintaining the cardset earlgrey_a0 protected key(s)=['pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb']. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1 is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb is loaded in module(s): [1]. +2024-05-23 16:43:16: [1825312]: INFO: Loading complete. Executing subprocess /bin/bash + +$ ./hsmtool token list +{ + "tokens": [ + { + "label": "loadshared accelerator", + "manufacturer_id": "nCipher Corp. Ltd", + "model": "", + "serial_number": "" + }, + { + "label": "earlgrey_a0", + "manufacturer_id": "nCipher Corp. Ltd", + "model": "", + "serial_number": "1c7c81df30010626" + } + ] +} +``` + +## Signing + +Signing was performed in the staging subdirectory inside the `preload` subshell. + +### ProdA signatures + +``` +$ mkdir proda +$ cd proda +$ tar xvf ../proda.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json + +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +### ProdC signatures + +``` +$ mkdir prodc +$ cd prodc +$ tar xvf ../prodc.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +### SiVal signatures + +``` +$ mkdir sival +$ cd sival +$ tar xvf ../sival.tar +$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json + +[ + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + }, + { + "command": "rsa-sign", + "result": { + "success": true + } + } +] +``` + +## Ceremony Epilog + +After signing, the signatures were collected so they could be tested prior to +publishing the signatures and binaries. The `preload` session was exited, thus logging out of the HSM. + +``` +$ tar cvf signatures.tar */*.rsa_sig + +proda/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +proda/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +proda/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +proda/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +prodc/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +prodc/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig +sival/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig +sival/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig + +$ exit +``` + +### Attaching signatures + +The following command was used to attach the signatures to the ROM\_EXT binaries: + +``` +bazel build --stamp --//sw/device/silicon_creator/rom_ext:secver_write=false \ + //sw/device/silicon_creator/rom_ext/prodc:signed \ + //sw/device/silicon_creator/rom_ext/proda:signed \ + //sw/device/silicon_creator/rom_ext/sival:signed +```