Skip to content

Commit

Permalink
[manuf] Delay IMMUTABLE_ROM_EXT_EN provisioning to end of perso
Browse files Browse the repository at this point in the history
This separates the provisioning of the IMMUTABLE_ROM_EXT_EN OTP field
from the rest of the CREATOR_SW_CFG partition. This is necessary because
the personalization firmware doesn't include an immutable ROM_EXT
section. Enabling immutable ROM_EXT earlier would prevent the
personalization from being executed.

Signed-off-by: Anthony Chen <[email protected]>
  • Loading branch information
anthonychen1251 committed Oct 21, 2024
1 parent 681d0a9 commit d44c7ea
Show file tree
Hide file tree
Showing 7 changed files with 81 additions and 0 deletions.
16 changes: 16 additions & 0 deletions hw/ip/otp_ctrl/data/earlgrey_skus/prodc/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ load(
"otp_image",
"otp_image_consts",
"otp_json",
"otp_json_immutable_rom_ext",
"otp_partition",
"otp_per_class_bytes",
"otp_per_class_ints",
Expand Down Expand Up @@ -202,6 +203,20 @@ otp_json(
],
)

otp_json_immutable_rom_ext(
name = "otp_json_immutable_rom_ext",
partitions = [
otp_partition(
name = "CREATOR_SW_CFG",
items = {
"CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN": otp_hex(CONST.HARDENED_FALSE),
},
),
],
rom_ext = "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b",
visibility = ["//visibility:private"],
)

# Create an overlay for the alert_handler digest.
otp_alert_digest(
name = "alert_digest_cfg",
Expand Down Expand Up @@ -294,6 +309,7 @@ MANUF_SW_INITIALIZED = [
":alert_digest_cfg",
":otp_json_creator_sw_cfg",
":otp_json_owner_sw_cfg",
":otp_json_immutable_rom_ext",
]

# The `MANUF_INDIVIDUALIZED` OTP profile configures the HW_CFG0/1, CREATOR_SW and
Expand Down
16 changes: 16 additions & 0 deletions hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ load(
"otp_image",
"otp_image_consts",
"otp_json",
"otp_json_immutable_rom_ext",
"otp_partition",
"otp_per_class_bytes",
"otp_per_class_ints",
Expand Down Expand Up @@ -201,6 +202,20 @@ otp_json(
],
)

otp_json_immutable_rom_ext(
name = "otp_json_immutable_rom_ext",
partitions = [
otp_partition(
name = "CREATOR_SW_CFG",
items = {
"CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN": otp_hex(CONST.HARDENED_FALSE),
},
),
],
rom_ext = "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b",
visibility = ["//visibility:private"],
)

# Create an overlay for the alert_handler digest.
otp_alert_digest(
name = "alert_digest_cfg",
Expand Down Expand Up @@ -307,6 +322,7 @@ MANUF_SW_INITIALIZED = [
":alert_digest_cfg",
":otp_json_creator_sw_cfg",
":otp_json_owner_sw_cfg",
":otp_json_immutable_rom_ext",
]

# The `MANUF_INDIVIDUALIZED` OTP profile configures the HW_CFG0/1, CREATOR_SW and
Expand Down
1 change: 1 addition & 0 deletions hw/ip/otp_ctrl/data/otp_ctrl_img.c.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ ${fileheader}

base_declaration = f"const {type_str} {ToConstLabelValue(item['name'])}"
if item['name'] not in [
'CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN',
'CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG',
'CREATOR_SW_CFG_MANUF_STATE',
'OWNER_SW_CFG_ROM_BOOTSTRAP_DIS',
Expand Down
1 change: 1 addition & 0 deletions sw/device/silicon_creator/manuf/base/ft_personalize.c
Original file line number Diff line number Diff line change
Expand Up @@ -685,6 +685,7 @@ static status_t finalize_otp_partitions(void) {
// Complete the provisioning of OTP CreatorSwCfg partition.
if (!status_ok(manuf_individualize_device_creator_sw_cfg_check(&otp_ctrl))) {
TRY(manuf_individualize_device_creator_manuf_state_cfg(&otp_ctrl));
TRY(manuf_individualize_device_immutable_rom_ext_en_cfg(&otp_ctrl));
TRY(manuf_individualize_device_creator_sw_cfg_lock(&otp_ctrl));
}
TRY(check_otp_measurement(&otp_creator_sw_cfg_measurement,
Expand Down
29 changes: 29 additions & 0 deletions sw/device/silicon_creator/manuf/lib/individualize_sw_cfg.c
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ static status_t otp_img_write(const dif_otp_ctrl_t *otp,
// state, so once the manufacturing state is provisioned, the
// personalization firmware can't be re-entrant.
//
// We skip the provisioning of the immutable ROM_EXT enablement
// configuration as it must be provisioned only at the end of the
// personalization flow. The personalization firmware doesn't include an
// immutable ROM_EXT section. Enabling this feature with personalization
// firmware would result in ROM self-shutdown due to an invalid immutable
// ROM extension hash.
//
// We also skip the provisioning of the ROM bootstrap disablement
// configuration. This should only be disabled after all bootstrap
// operations in the personalization flow have been completed.
Expand All @@ -73,6 +80,8 @@ static status_t otp_img_write(const dif_otp_ctrl_t *otp,
if (kv[i].offset ==
OTP_CTRL_PARAM_CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG_OFFSET ||
kv[i].offset == OTP_CTRL_PARAM_CREATOR_SW_CFG_MANUF_STATE_OFFSET ||
kv[i].offset ==
OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET ||
kv[i].offset == OTP_CTRL_PARAM_OWNER_SW_CFG_ROM_BOOTSTRAP_DIS_OFFSET ||
(kv[i].offset >= kValidAstCfgOtpAddrLow &&
kv[i].offset < kInvalidAstCfgOtpAddrHigh)) {
Expand Down Expand Up @@ -122,6 +131,10 @@ static status_t otp_img_expected_value_read(dif_otp_ctrl_partition_t partition,
memcpy(buffer + relative_addr, &kCreatorSwCfgManufStateValue,
sizeof(uint32_t));
break;
case OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET:
memcpy(buffer + relative_addr, &kCreatorSwCfgImmutableRomExtEnValue,
sizeof(uint32_t));
break;
default:
return INTERNAL();
}
Expand Down Expand Up @@ -272,6 +285,19 @@ status_t manuf_individualize_device_creator_manuf_state_cfg(
return OK_STATUS();
}

status_t manuf_individualize_device_immutable_rom_ext_en_cfg(
const dif_otp_ctrl_t *otp_ctrl) {
uint32_t offset;
TRY(dif_otp_ctrl_relative_address(
kDifOtpCtrlPartitionCreatorSwCfg,
OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET, &offset));
TRY(otp_ctrl_testutils_dai_write32(otp_ctrl, kDifOtpCtrlPartitionCreatorSwCfg,
offset,
&kCreatorSwCfgImmutableRomExtEnValue,
/*len=*/1));
return OK_STATUS();
}

status_t manuf_individualize_device_creator_sw_cfg_lock(
const dif_otp_ctrl_t *otp_ctrl) {
TRY(lock_otp_partition(otp_ctrl, kDifOtpCtrlPartitionCreatorSwCfg));
Expand Down Expand Up @@ -316,6 +342,9 @@ status_t manuf_individualize_device_partition_expected_read(
case kDifOtpCtrlPartitionCreatorSwCfg:
TRY(otp_img_expected_value_read(
partition, OTP_CTRL_PARAM_CREATOR_SW_CFG_MANUF_STATE_OFFSET, buffer));
TRY(otp_img_expected_value_read(
partition, OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET,
buffer));
break;
default:
return INTERNAL();
Expand Down
16 changes: 16 additions & 0 deletions sw/device/silicon_creator/manuf/lib/individualize_sw_cfg.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ extern const size_t kOtpKvCreatorSwCfgSize;
extern const otp_kv_t kOtpKvCreatorSwCfg[];
extern const uint32_t kCreatorSwCfgFlashDataDefaultCfgValue;
extern const uint32_t kCreatorSwCfgManufStateValue;
extern const uint32_t kCreatorSwCfgImmutableRomExtEnValue;

/**
* OTP Owner Software Configuration Partition.
Expand Down Expand Up @@ -85,6 +86,21 @@ OT_WARN_UNUSED_RESULT
status_t manuf_individualize_device_creator_manuf_state_cfg(
const dif_otp_ctrl_t *otp_ctrl);

/**
* Configures the IMMUTABLE_ROM_EXT_EN field in the CREATOR_SW_CFG OTP
* partition.
*
* This must be called before `manuf_individualize_device_creator_sw_cfg_lock()`
* is called. The operation will fail if there are any pre-programmed words not
* equal to the expected test values.
*
* @param otp_ctrl OTP controller instance.
* @return OK_STATUS if the IMMUTABLE_ROM_EXT_EN field was provisioned.
*/
OT_WARN_UNUSED_RESULT
status_t manuf_individualize_device_immutable_rom_ext_en_cfg(
const dif_otp_ctrl_t *otp_ctrl);

/**
* Checks the FLASH_DATA_DEFAULT_CFG field in the CREATOR_SW_CFG OTP
* partition.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,8 @@ bool test_main(void) {
manuf_individualize_device_flash_data_default_cfg(&otp_ctrl));
CHECK_STATUS_OK(
manuf_individualize_device_creator_manuf_state_cfg(&otp_ctrl));
CHECK_STATUS_OK(
manuf_individualize_device_immutable_rom_ext_en_cfg(&otp_ctrl));
CHECK_STATUS_OK(manuf_individualize_device_creator_sw_cfg_lock(&otp_ctrl));
CHECK_STATUS_OK(check_otp_ast_cfg());
LOG_INFO("Provisioned and locked CREATOR_SW_CFG OTP partition.");
Expand Down

0 comments on commit d44c7ea

Please sign in to comment.