Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[manuf] Finalize {Creator,Owner}SwCfg at end of perso flow #24783

Merged
merged 2 commits into from
Oct 21, 2024
Merged

[manuf] Finalize {Creator,Owner}SwCfg at end of perso flow #24783

merged 2 commits into from
Oct 21, 2024

Conversation

anthonychen1251
Copy link
Member

@anthonychen1251 anthonychen1251 commented Oct 14, 2024
edited
Loading

This PR has two commits that:

  1. Move the calculation of OTP measurement from dice_uds_tbs_cert_build to ft_personalize

  2. Modify the perso flow to complete the provisioning of the CreatorSwCfg and OwnerSwCfg OTP partitions at the end of the process.

    • Sets the expected values for fields in the OTP that are not provisioned until the final stages of personalization.
    • Compare the OTP measurement used during certificate generation with the value stored in the OTP.

This PR addresses #24610 partially.

@anthonychen1251
[manuf] Calculate OTP measurements in ft_personalize
dbd0a4a 
This calculates the measurement of the OTP partitions in
`ft_personalize` and pass them to `dice_uds_tbs_cert_build()`.
This change is necessary because the CreatorSwCfg and OwnerSwCfg might
not be fully provisioned to the OTP when building the UDS certification.
By calculating the final measurements in `ft_personalize`, we can get
the values of unprovisioned field from the OTP image to ensure the
correct values are used in the certificate generation process.

Signed-off-by: Anthony Chen <[email protected]>
@anthonychen1251 anthonychen1251 requested a review from a team as a code owner October 14, 2024 15:50
@anthonychen1251 anthonychen1251 requested review from pamaury and timothytrippel and removed request for a team October 14, 2024 15:50
@anthonychen1251 anthonychen1251 mentioned this pull request Oct 15, 2024
Merged
@anthonychen1251 anthonychen1251 force-pushed the adjust-sw-cfg-provision-flow branch from b5f7fa4 to 96cff1c Compare October 16, 2024 15:41
@timothytrippel timothytrippel self-requested a review October 18, 2024 05:45
@anthonychen1251 anthonychen1251 force-pushed the adjust-sw-cfg-provision-flow branch from 96cff1c to 7f994b6 Compare October 18, 2024 10:11
@anthonychen1251
[manuf] Finalize {Creator,Owner}SwCfg at end of perso flow
1404534 
This modifies the perso flow to complete the provisioning of the
CreatorSwCfg and OwnerSwCfg OTP partitions at the end of the process.
This ensures that the perso firmware can be reentrant in case of
unexpected resets during personalization.

Previously, these partitions were provisioned earlier in the flow.
However, since we are going to bind the perso firmware with
`CREATOR_SW_CFG_MANUF_STATE`, we need to ensure that this field is
provisioned as late as possible.

Since CreatorSwCfg and OwnerSwCfg partitions are now not fully
provisioned in the OTP during the UDS certificate generation process,
overwrite the fields that are not provisioned until the end of
personalization process with the values from the OTP image. At the end
of perso flow, compare the OTP measurement used during certificate
generation with the digest stored in the OTP. Ensure that the UDS
certificate was generated using the correct OTP values.

Signed-off-by: Anthony Chen <[email protected]>
@anthonychen1251 anthonychen1251 force-pushed the adjust-sw-cfg-provision-flow branch from 7f994b6 to 1404534 Compare October 18, 2024 10:13
@anthonychen1251
Copy link
Member Author

anthonychen1251 commented Oct 18, 2024
edited
Loading

The failed test runs usbdev_iso_test_fpga_cw310_sival_rom_ext and usbdev_stream_test_fpga_cw310_sival_rom_ext in the most recent CI pipeline should be unrelated to this PR.
https://dev.azure.com/lowrisc/opentitan/_build/results?buildId=160324&view=logs&j=6d7ef521-d3a1-575b-de1b-a7342dcf1a8e&t=5fbf7d75-9dee-5f42-7084-95893df8eb52

@timothytrippel timothytrippel self-requested a review October 19, 2024 07:09
timothytrippel
timothytrippel approved these changes Oct 19, 2024
View reviewed changes
Copy link
Contributor

@timothytrippel timothytrippel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @anthonychen1251 , LGTM!

@anthonychen1251 anthonychen1251 mentioned this pull request Oct 21, 2024
Merged
@timothytrippel timothytrippel merged commit 9c11c07 into lowRISC:master Oct 21, 2024
42 checks passed
@timothytrippel timothytrippel added the CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 label Oct 25, 2024
@github-actions GitHub Actions
Copy link

Backport failed for earlgrey_1.0.0, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin earlgrey_1.0.0
git worktree add -d .worktree/backport-24783-to-earlgrey_1.0.0 origin/earlgrey_1.0.0
cd .worktree/backport-24783-to-earlgrey_1.0.0
git switch --create backport-24783-to-earlgrey_1.0.0
git cherry-pick -x dbd0a4a1a8cadb88d6800552b4908e27409030e3 1404534e9ca1949acc6bd443c824af22f40377f2

@github-actions github-actions bot added the Manually CherryPick This PR should be manually cherry picked. label Oct 25, 2024
@timothytrippel timothytrippel added CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 and removed Manually CherryPick This PR should be manually cherry picked. CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 labels Oct 25, 2024
@github-actions GitHub Actions
Copy link

Backport failed for earlgrey_1.0.0, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin earlgrey_1.0.0
git worktree add -d .worktree/backport-24783-to-earlgrey_1.0.0 origin/earlgrey_1.0.0
cd .worktree/backport-24783-to-earlgrey_1.0.0
git switch --create backport-24783-to-earlgrey_1.0.0
git cherry-pick -x dbd0a4a1a8cadb88d6800552b4908e27409030e3 1404534e9ca1949acc6bd443c824af22f40377f2

@github-actions github-actions bot added the Manually CherryPick This PR should be manually cherry picked. label Oct 26, 2024
@timothytrippel timothytrippel added CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 and removed Manually CherryPick This PR should be manually cherry picked. CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 labels Oct 26, 2024
@github-actions GitHub Actions
Copy link

Successfully created backport PR for earlgrey_1.0.0:

@github-actions github-actions bot mentioned this pull request Oct 28, 2024
Merged
@anthonychen1251 anthonychen1251 mentioned this pull request Sep 24, 2024
Open
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timothytrippel timothytrippel timothytrippel approved these changes

@pamaury pamaury Awaiting requested review from pamaury pamaury is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

Assignees
No one assigned
Labels
CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anthonychen1251 @timothytrippel