Cherry-pick to earlgrey_1.0.0: [manuf] Finalize {Creator,Owner}SwCfg at end of perso flow #24917
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
This calculates the measurement of the OTP partitions in `ft_personalize` and pass them to `dice_uds_tbs_cert_build()`. This change is necessary because the CreatorSwCfg and OwnerSwCfg might not be fully provisioned to the OTP when building the UDS certification. By calculating the final measurements in `ft_personalize`, we can get the values of unprovisioned field from the OTP image to ensure the correct values are used in the certificate generation process. Signed-off-by: Anthony Chen <[email protected]> (cherry picked from commit dbd0a4a)
This modifies the perso flow to complete the provisioning of the CreatorSwCfg and OwnerSwCfg OTP partitions at the end of the process. This ensures that the perso firmware can be reentrant in case of unexpected resets during personalization. Previously, these partitions were provisioned earlier in the flow. However, since we are going to bind the perso firmware with `CREATOR_SW_CFG_MANUF_STATE`, we need to ensure that this field is provisioned as late as possible. Since CreatorSwCfg and OwnerSwCfg partitions are now not fully provisioned in the OTP during the UDS certificate generation process, overwrite the fields that are not provisioned until the end of personalization process with the values from the OTP image. At the end of perso flow, compare the OTP measurement used during certificate generation with the digest stored in the OTP. Ensure that the UDS certificate was generated using the correct OTP values. Signed-off-by: Anthony Chen <[email protected]> (cherry picked from commit 1404534)
github-actions
bot
requested review from
jadephilipoom
and removed request for
a team
timothytrippel
requested review from
moidx and
timothytrippel
and removed request for
jadephilipoom
timothytrippel
approved these changes
Oct 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automatic cherry-pick of #24783 to branch
earlgrey_1.0.0.