From df5848b4d6aa3d07866ff67866143effec1f8b3d Mon Sep 17 00:00:00 2001
From: Tim Trippel <ttrippel@google.com>
Date: Tue, 3 Dec 2024 15:22:21 -0800
Subject: [PATCH] [provisioning] enable SIVAL cert endorsement with Nitrokeys

The DICE CA key is stored on a Nitrokey, which can be used in a benchtop
provisioning flow to endorse DICE certificates.

Signed-off-by: Tim Trippel <ttrippel@google.com>
---
 sw/device/silicon_creator/manuf/base/BUILD    | 22 ++++++++++++++++++-
 .../manuf/base/provisioning_inputs.bzl        |  5 +++--
 .../silicon_creator/manuf/keys/sival/BUILD    | 15 +++++++++++++
 .../manuf/keys/sival/README.md                | 17 ++++++++++++++
 .../manuf/keys/sival/ca_config.json           | 14 ++++++++++++
 .../manuf/keys/sival/dice_ca.pem              | 13 +++++++++++
 .../orchestrator/configs/skus/emulation.hjson |  2 --
 .../orchestrator/configs/skus/sival.hjson     | 21 +++++++++---------
 8 files changed, 93 insertions(+), 16 deletions(-)
 create mode 100644 sw/device/silicon_creator/manuf/keys/sival/BUILD
 create mode 100644 sw/device/silicon_creator/manuf/keys/sival/README.md
 create mode 100644 sw/device/silicon_creator/manuf/keys/sival/ca_config.json
 create mode 100644 sw/device/silicon_creator/manuf/keys/sival/dice_ca.pem

diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD
index 30519b9eafcd97..2e5d4411d97a0a 100644
--- a/sw/device/silicon_creator/manuf/base/BUILD
+++ b/sw/device/silicon_creator/manuf/base/BUILD
@@ -415,7 +415,7 @@ filegroup(
             tags = [
                 "lc_test_locked0",
                 "manuf",
-            ],
+            ] + ["manual"] if config.get("offline", False) else [],
             test_cmd = _FT_PROVISIONING_CMD_ARGS,
             test_harness = _FT_PROVISIONING_HARNESS.format(sku),
         ),
@@ -449,6 +449,16 @@ filegroup(
 test_suite(
     name = "ft_provision_cw310",
     tags = ["manual"],
+    tests = [
+        ":ft_provision_{}_fpga_hyper310_rom_with_fake_keys".format(sku)
+        for sku, config in EARLGREY_SKUS.items()
+        if not config.get("offline", False)
+    ],
+)
+
+test_suite(
+    name = "ft_provision_including_offline_cw310",
+    tags = ["manual"],
     tests = [
         ":ft_provision_{}_fpga_hyper310_rom_with_fake_keys".format(sku)
         for sku in EARLGREY_SKUS.keys()
@@ -458,6 +468,16 @@ test_suite(
 test_suite(
     name = "ft_provision_cw340",
     tags = ["manual"],
+    tests = [
+        ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
+        for sku, config in EARLGREY_SKUS.items()
+        if not config.get("offline", False)
+    ],
+)
+
+test_suite(
+    name = "ft_provision_including_offline_cw340",
+    tags = ["manual"],
     tests = [
         ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
         for sku in EARLGREY_SKUS.keys()
diff --git a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl
index 42844289d5c235..4fe918958f4f31 100644
--- a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl
+++ b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl
@@ -67,8 +67,8 @@ EARLGREY_SKUS = {
     },
     "sival": {
         "otp": "sival",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
-        "ca_data": ["//sw/device/silicon_creator/manuf/keys/fake:ca_data"],
+        "ca_config": "//sw/device/silicon_creator/manuf/keys/sival:ca_config.json",
+        "ca_data": ["//sw/device/silicon_creator/manuf/keys/sival:ca_data"],
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
         "device_ext_libs": ["@provisioning_exts//:default_perso_fw_ext"],
@@ -80,6 +80,7 @@ EARLGREY_SKUS = {
         "ecdsa_key": {"//hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys:keyset": "sv00-earlgrey-a1-root-ecdsa-prod-0"},
         "perso_bin": "//sw/device/silicon_creator/manuf/base/binaries:ft_personalize_sival",
         "orchestrator_cfg": "//sw/host/provisioning/orchestrator/configs/skus:emulation.hjson",
+        "offline": True,
     },
 } | EXT_EARLGREY_SKUS
 
diff --git a/sw/device/silicon_creator/manuf/keys/sival/BUILD b/sw/device/silicon_creator/manuf/keys/sival/BUILD
new file mode 100644
index 00000000000000..76d28cef0325d1
--- /dev/null
+++ b/sw/device/silicon_creator/manuf/keys/sival/BUILD
@@ -0,0 +1,15 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+package(default_visibility = ["//visibility:public"])
+
+exports_files(glob(["**"]))
+
+filegroup(
+    name = "ca_data",
+    srcs = [
+        ":ca_config.json",
+        ":dice_ca.pem",
+    ],
+)
diff --git a/sw/device/silicon_creator/manuf/keys/sival/README.md b/sw/device/silicon_creator/manuf/keys/sival/README.md
new file mode 100644
index 00000000000000..5fe361621a22de
--- /dev/null
+++ b/sw/device/silicon_creator/manuf/keys/sival/README.md
@@ -0,0 +1,17 @@
+# CA Endorsement Keys
+
+Certificate Authority endorsement keys are are used to endorse the following
+certificate chains during personalization:
+1. DICE attestation certificate chains, and
+2. SKU specific certificate chains.
+
+The real (private) keys used for the SIVAL SKU are stored on offline HSMs. The
+matching public keys and certificates are checked into the repository.
+
+To use the private keys to endorse the certificates in benchtop provisioning
+flow, one must set the `PKCS11_MODULE_PATH` envar to point to the PKCS#11 shared
+library for the hardware token they are using. For example, if the private keys
+are stored on a Nitrokey, you would set the envar as follows:
+```sh
+export PKCS11_MODULE_PATH=/opt/nitrokey/lib/libsc-hsm-pkcs11.so
+```
diff --git a/sw/device/silicon_creator/manuf/keys/sival/ca_config.json b/sw/device/silicon_creator/manuf/keys/sival/ca_config.json
new file mode 100644
index 00000000000000..c2d7c9e4c456ad
--- /dev/null
+++ b/sw/device/silicon_creator/manuf/keys/sival/ca_config.json
@@ -0,0 +1,14 @@
+{
+  "dice": {
+    "certificate": "sv00-earlgrey-a1-ca-dice-0",
+    "key_id": "0x5398A4F090F2A95C3D52FC98DEB9F2F9AF042F6E",
+    "key_type": "Token",
+    "key": "sv00-earlgrey-a1-ca-dice-0"
+  },
+  "ext": {
+    "certificate": "sv00-earlgrey-a1-ca-dice-0",
+    "key_id": "0x5398A4F090F2A95C3D52FC98DEB9F2F9AF042F6E",
+    "key_type": "Token",
+    "key": "sv00-earlgrey-a1-ca-dice-0"
+  }
+}
diff --git a/sw/device/silicon_creator/manuf/keys/sival/dice_ca.pem b/sw/device/silicon_creator/manuf/keys/sival/dice_ca.pem
new file mode 100644
index 00000000000000..bead3f586d8800
--- /dev/null
+++ b/sw/device/silicon_creator/manuf/keys/sival/dice_ca.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCTCCAa+gAwIBAgIUfAUcL0N+fldtTdHg9BxeFFnfcVgwCgYIKoZIzj0EAwIw
+WTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAcMB1Nh
+bkpvc2UxDzANBgNVBAoMBkdvb2dsZTESMBAGA1UEAwwJb3BlbnRpdGFuMCAXDTI0
+MTExNTAwMDA1OVoYDzIwNTIwNDAxMDAwMDU5WjBZMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHU2FuSm9zZTEPMA0GA1UECgwGR29v
+Z2xlMRIwEAYDVQQDDAlvcGVudGl0YW4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AATu4HkgAzRXPJAhMw9E/qXZzoQ+Kx3awtKAPk29herxqr7d/bEYWVjKBpMg9QzT
+jQHQBswmU/H3GTr5FCjfas2fo1MwUTAdBgNVHQ4EFgQUU5ik8JDyqVw9UvyY3rny
++a8EL24wHwYDVR0jBBgwFoAUU5ik8JDyqVw9UvyY3rny+a8EL24wDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAxEt33H247CtAoe6RGGf3yBOxf9Yj
+RWnePCJXdMIWIEACIHY1ZFYTLVZ9nzLPsU8Kl6DzmSU5h3Ykyf9qoAy7q7nF
+-----END CERTIFICATE-----
diff --git a/sw/host/provisioning/orchestrator/configs/skus/emulation.hjson b/sw/host/provisioning/orchestrator/configs/skus/emulation.hjson
index e2a387f4436d7d..5b583bc5e1a995 100644
--- a/sw/host/provisioning/orchestrator/configs/skus/emulation.hjson
+++ b/sw/host/provisioning/orchestrator/configs/skus/emulation.hjson
@@ -2,8 +2,6 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-# OpenTitan SIVAL SKU configuration.
-
 {
   name: "emulation",
   product: "earlgrey_a1",
diff --git a/sw/host/provisioning/orchestrator/configs/skus/sival.hjson b/sw/host/provisioning/orchestrator/configs/skus/sival.hjson
index dd9a2aa3377bb2..a3773bc8eea031 100644
--- a/sw/host/provisioning/orchestrator/configs/skus/sival.hjson
+++ b/sw/host/provisioning/orchestrator/configs/skus/sival.hjson
@@ -2,26 +2,25 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-# OpenTitan SIVAL SKU configuration.
-
 {
   name: "sival",
   product: "earlgrey_a1",
   si_creator: "nuvoton",
   package: "npcr10",
   target_lc_state: "prod",
-  # TODO: update with real CA and RMA token keys.
   dice_ca: {
-    certificate: "sw/device/silicon_creator/manuf/keys/fake/dice_ca.pem",
-    key: "sw/device/silicon_creator/manuf/keys/fake/sk.pkcs8.der",
-    key_type: "Raw",
-    key_id: "0xfe584ae7_53790cfd_8601a312_fb32d3c1_b822d112"
+    certificate: "sv00-earlgrey-a1-ca-dice-0",
+    key: "sv00-earlgrey-a1-ca-dice-0",
+    key_type: "Token",
+    key_id: "0x0"
   }
+  // There are no certs provisioned in the extension portion of the firmware, so
+  // we use the same CA as the DICE CA.
   ext_ca: {
-    certificate: "sw/device/silicon_creator/manuf/keys/fake/ext_ca.pem",
-    key: "sw/device/silicon_creator/manuf/keys/fake/sk.pkcs8.der",
-    key_type: "Raw",
-    key_id: "0xfe584ae7_53790cfd_8601a312_fb32d3c1_b822d112"
+    certificate: "sv00-earlgrey-a1-ca-dice-0",
+    key: "sv00-earlgrey-a1-ca-dice-0",
+    key_type: "Token",
+    key_id: "0x0"
   }
   token_encrypt_key: "sw/device/silicon_creator/manuf/keys/fake/rma_unlock_enc_rsa3072.pub.der"
 }