Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick to earlgrey_1.0.0: [manuf,otp] provision secure boot keys during individualization #24940

Merged
merged 3 commits into from
Oct 30, 2024
Merged

Cherry-pick to earlgrey_1.0.0: [manuf,otp] provision secure boot keys during individualization #24940

merged 3 commits into from
Oct 30, 2024

Conversation

github-actions[bot]
Copy link

This is an automatic cherry-pick of #24900 to branch earlgrey_1.0.0.

@timothytrippel @github-actions
[manuf] add util support for hashing ROT_CREATOR_AUTH* partitions
ce74886 
These partitions must be hashed for locking purposes.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 72eafb3)
@timothytrippel @github-actions
[manuf,otp] provision secure boot keys during individualization
00d9e95 
This updates the FT individualization provisioning stage to provision
the first stage secure boot keys into the ROT_CREATOR_AUTH* partitions.

Doing so required updating the OTP C file constants generation to allow
generating a C file that contains the secure boot key constants that are
to be provisioned into OTP during individualization.

Additionally, this fixes a bug in the generation of the perso firmware
that was always using the sival SKU OTP SW_CFG constants for the fields
that cannot be provisioned during individualization. Now, a separate
personalization binary is generated for each SKU.

This fixes #21554.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit cece1e2)
@timothytrippel @github-actions
[manuf] simplify FT binary generation by SKU
9af7635 
Different individualization and personalization binaries are generated
based on a SKU. A SKU can be defined as a combination of the following:
1. OTP constants
2. DICE certificate format used
2. personalization extension

This wraps these configuration settings in a dict that consolidates all
SKU configuration data in one place, and generates one perso binary per
SKU. Before, perso binaries that may not have been used by a SKU were
being generated.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 597bf98)
@github-actions github-actions bot requested review from cfrantz and a team as code owners October 30, 2024 04:41
@github-actions github-actions bot requested review from moidx and removed request for a team October 30, 2024 04:41
@github-actions github-actions bot mentioned this pull request Oct 30, 2024
Merged
@timothytrippel timothytrippel requested review from timothytrippel and removed request for a team October 30, 2024 04:42
@timothytrippel
Copy link
Contributor

Test failure is due to a dest that was disabled in #24935. Merging.

@timothytrippel timothytrippel merged commit 4cdfb5d into earlgrey_1.0.0 Oct 30, 2024
25 of 27 checks passed
@timothytrippel timothytrippel deleted the backport-24900-to-earlgrey_1.0.0 branch October 30, 2024 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timothytrippel timothytrippel timothytrippel approved these changes

@cfrantz cfrantz Awaiting requested review from cfrantz cfrantz is a code owner

@moidx moidx Awaiting requested review from moidx moidx is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@timothytrippel