-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self Signed FMC Alias Csr #1863
base: main
Are you sure you want to change the base?
Conversation
rusty1968
commented
Dec 19, 2024
- FMC modfied to generate a self signed FMC Alias CSR test upon cold boot.
- Persistent driver modified to add persistent memory for the FMC Alias CSR
- Runtime modified to expose an API to retrieve it.
- Test case created to verify the self signed FMC Alias CSR.
- Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.
api/src/mailbox.rs
Outdated
@@ -1010,6 +1016,41 @@ impl Default for GetIdevCsrResp { | |||
} | |||
} | |||
|
|||
// GET_IDEVID_CSR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Minor copy paste error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected. Thank you.
drivers/src/persistent.rs
Outdated
#[cfg(feature = "fmc")] | ||
reserved11: [u8; memory_layout::FMC_ALIAS_CSR_SIZE as usize - size_of::<FmcAliasCsr>()], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When the fmc
is not enabled, a slice of memory_layout::FMC_ALIAS_CSR_SIZE
should still be reserved so PersistentData
is the same size / shape between image types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected. Thanks.
error/src/lib.rs
Outdated
@@ -450,6 +450,9 @@ impl CaliptraError { | |||
pub const RUNTIME_AUTH_MANIFEST_IMAGE_METADATA_LIST_DUPLICATE_FIRMWARE_ID: CaliptraError = | |||
CaliptraError::new_const(0x000E0053); | |||
|
|||
pub const RUNTIME_GET_FMC_CSR_UNPROVISIONED: CaliptraError = | |||
CaliptraError::new_const(0x000E0053); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
0x000E0053
=> 0x000E0054
so RUNTIME_GET_FMC_CSR_UNPROVISIONED
has a unique error code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected, Thanks.
/// # Arguments | ||
/// | ||
/// * `env` - FMC Environment | ||
/// * `priv_key` - Key slot to retrieve the private key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like pub_key
is missing from the doc comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was. Thanks.
fmc/src/flow/fmc_alias_csr.rs
Outdated
/// * `hand_off` - HandOff | ||
/// | ||
/// # Returns | ||
/// | ||
/// * `DiceInput` - DICE Layer Input |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like the doc string doesn't match the function signature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It did not. Thanks.
let csr_persistent_mem = &drivers.persistent_data.get().fmc_alias_csr; | ||
|
||
match csr_persistent_mem.get_csr_len() { | ||
FmcAliasCsr::UNPROVISIONED_CSR => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the 0
case matter? E.g. for FMC images that did not support this feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does. Thanks.
runtime/src/get_fmc_alias_csr.rs
Outdated
|
||
pub struct GetFmcAliasCsrCmd; | ||
impl GetFmcAliasCsrCmd { | ||
// #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Commented code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
runtime/src/get_fmc_alias_csr.rs
Outdated
// A valid `IDevIDCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max | ||
// size of the buffer in `GetIdevCsrResp` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Copy and paste mismatch
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
@@ -38,9 +38,9 @@ pub use fuse::{FuseLogEntry, FuseLogEntryId}; | |||
pub use pcr::{PcrLogEntry, PcrLogEntryId, RT_FW_CURRENT_PCR, RT_FW_JOURNEY_PCR}; | |||
|
|||
pub const FMC_ORG: u32 = 0x40000000; | |||
pub const FMC_SIZE: u32 = 20 * 1024; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the size-history CI job, we're still only using ~18KiB in FMC. Do we need to change the size here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had to increase it. If I keep it the same it won't fit:
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 312 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 961 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 964 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 976 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 988 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 988 bytes
drivers/src/memory_layout.rs
Outdated
@@ -74,7 +75,8 @@ pub const DPE_SIZE: u32 = 5 * 1024; | |||
pub const PCR_RESET_COUNTER_SIZE: u32 = 1024; | |||
pub const AUTH_MAN_IMAGE_METADATA_MAX_SIZE: u32 = 7 * 1024; | |||
pub const IDEVID_CSR_SIZE: u32 = 1024; | |||
pub const DATA_SIZE: u32 = 27 * 1024; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: now that #1722 is merged, should be able to just add to the PersistentData driver and leave memory layout as-is
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree. Thanks for pointing this out.
@@ -164,6 +231,12 @@ pub struct PersistentData { | |||
|
|||
pub idevid_csr: IdevIdCsr, | |||
reserved10: [u8; memory_layout::IDEVID_CSR_SIZE as usize - size_of::<IdevIdCsr>()], | |||
|
|||
#[cfg(feature = "fmc")] | |||
pub fmc_alias_csr: FmcAliasCsr, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this also need to be accessible in RT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. The feature is now renamed to fmc-alias-csr.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need a new feature for this? Can you simply use the runtime feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feature was removed.
\____\__,_|_|_| .__/ \__|_| \__,_| |_| \_\|_| | ||
|_| | ||
"#; | ||
const BANNER: &str = r#"Caliptra RT"#; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
optional: might be good to put size optimizations in a separate PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we keep this change optional, so we can merge this PR?
ea58405
to
d021950
Compare
95aab5e
to
bfc72aa
Compare
pub const RUNTIME_ORG: u32 = FMC_ORG + FMC_SIZE; | ||
pub const RUNTIME_SIZE: u32 = 97 * 1024; | ||
pub const RUNTIME_SIZE: u32 = 96 * 1024; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this decreasing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FMC size increased.
drivers/src/persistent.rs
Outdated
persistent_data_offset += IDEVID_CSR_SIZE; | ||
assert_eq!( | ||
addr_of!((*P).reserved_memory) as u32, | ||
addr_of!((*P).fmc_alias_csr) as u32, | ||
memory_layout::PERSISTENT_DATA_ORG + persistent_data_offset | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please re-add the check for reserved_memory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
drivers/Cargo.toml
Outdated
@@ -37,6 +37,7 @@ verilator = ["caliptra-hw-model/verilator"] | |||
no-cfi = [] | |||
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-registers/hw-1.0"] | |||
fips-test-hooks = [] | |||
fmc-alias-csr = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is there a need for a separate feature for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed
fmc/src/flow/fmc_alias_csr.rs
Outdated
Ok(output) | ||
} | ||
|
||
fn write_csr_to_peristent_storage(env: &mut FmcEnv, csr: &FmcAliasCsr) -> CaliptraResult<()> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function can never fail so no point in keeping the return type as CaliptraResult.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree. Same applies to https://github.com/chipsalliance/caliptra-sw/blob/main/rom/dev/src/flow/cold_reset/idev_id.rs#L294 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but don't change the ROM code with this change. We can change it in 2.0.
@@ -100,18 +99,15 @@ impl RtAliasLayer { | |||
#[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] | |||
#[inline(never)] | |||
pub fn run(env: &mut FmcEnv) -> CaliptraResult<()> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any particular reason for removing these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Saving space.
x509/src/fmc_alias_csr.rs
Outdated
|
||
Abstract: | ||
|
||
Initial Device ID Certificate Signing Request related code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover copied comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
x509/src/fmc_alias_csr.rs
Outdated
|
||
File Name: | ||
|
||
idevid_csr.rs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover copied comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see the feedback.
bfc72aa
to
373fbac
Compare
- FMC modfied to generate a self signed FMC Alias CSR test upon cold boot. - Persistent driver modified to add persistent memory for the FMC Alias CSR - Runtime modified to expose an API to retrieve it. - Test case created to verify the self signed FMC Alias CSR. - Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.
da1a4a0
to
9c4c1eb
Compare
@@ -0,0 +1,33 @@ | |||
Certificate Request: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this need to be updated for any change in FMC?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a defined way to update them? The smoke test has similar test data that can be updated by uncommenting some lines in the test and running it. For some reason I am having trouble finding where these files are actually read in and used in the testing though.
} | ||
|
||
#[test] | ||
fn test_missing_csr() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm missing how this is related to the FMC alias CSR. Was this a copy-paste that didn't get updated?