[imm_rom_ext] Mint CDI_0 certs in immutable rom ext #25294
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sasdf
force-pushed
the
mgIf971654a
branch
2 times, most recently
from
f955147 to
52ef31c
Compare
sasdf
requested review from
jadephilipoom,
cfrantz and
timothytrippel
and removed request for
a team and
jadephilipoom
sasdf
force-pushed
the
mgIf971654a
branch
4 times, most recently
from
4f88ed4 to
797333a
Compare
timothytrippel
approved these changes
Dec 16, 2024
sw/device/silicon_creator/imm_rom_ext/e2e/boot_message/boot_test.c
Outdated
Show resolved
Hide resolved
| #endif // __cplusplus | ||
|
|
||
| /** | ||
| * Return the pointer to rom_ext manifest on the active flash bank. |
There was a problem hiding this comment.
maybe you could drop a comment here why this function is different than https://cs.opensource.google/opentitan/opentitan/+/master:sw/device/silicon_creator/lib/manifest_def.c;l=39?q=manifest_def_get&ss=opentitan%2Fopentitan (therefore, why is is needed in addition to the current solution for getting the manifest of the currently executing slot)?
cfrantz
reviewed
Dec 16, 2024
sasdf
force-pushed
the
mgIf971654a
branch
2 times, most recently
from
c97c3c6 to
f1ba81e
Compare
Since CDI_0 attests the integrity of rom_ext, this PR moves the UDS & CDI_0 stage to the immutable rom_ext part, which will be executed before mutable rom_ext, to establish root trust in hardware. SKU owners can choose whether the immutability should be enforced using the `CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN` OTP field. Change-Id: If971654a27ea32eaf74d20d385e48801d28e1da5 Signed-off-by: Yi-Hsuan Deng <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since CDI_0 attests the integrity of rom_ext, this PR moves the UDS & CDI_0 stage to the immutable rom_ext part, which will be executed before mutable rom_ext, to establish root trust in hardware.
SKU owners can choose whether the immutability should be enforced using the
CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_ENOTP field when the feature is ready.This PR also changes the ROM address translation e2e test from the
*_rom_with_fake_keysexec env to*_rom_extenv, since the key manager is not functional without secret2.To avoid ROM_EXT affecting ROM test results, we also modified the ROM_EXT boot message pattern to catch the immutable message, which will be printed first.