Skip to content

Commit

Permalink
Code review feedback.
Browse files Browse the repository at this point in the history
  • Loading branch information
rusty1968 committed Jan 6, 2025
1 parent 277c9ac commit bfc72aa
Show file tree
Hide file tree
Showing 16 changed files with 48 additions and 28 deletions.
8 changes: 4 additions & 4 deletions builder/src/firmware.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ pub const ROM_WITH_FIPS_TEST_HOOKS: FwId = FwId {
pub const FMC_WITH_UART: FwId = FwId {
crate_name: "caliptra-fmc",
bin_name: "caliptra-fmc",
features: &["emu"],
features: &["emu", "fmc-alias-csr"],
};

pub const FMC_FAKE_WITH_UART: FwId = FwId {
Expand All @@ -54,13 +54,13 @@ pub const FMC_FAKE_WITH_UART: FwId = FwId {
pub const APP: FwId = FwId {
crate_name: "caliptra-runtime",
bin_name: "caliptra-runtime",
features: &["fips_self_test"],
features: &["fips_self_test", "fmc-alias-csr"],
};

pub const APP_WITH_UART: FwId = FwId {
crate_name: "caliptra-runtime",
bin_name: "caliptra-runtime",
features: &["emu", "fips_self_test"],
features: &["emu", "fips_self_test", "fmc-alias-csr"],
};

pub const APP_WITH_UART_FIPS_TEST_HOOKS: FwId = FwId {
Expand All @@ -72,7 +72,7 @@ pub const APP_WITH_UART_FIPS_TEST_HOOKS: FwId = FwId {
pub const APP_WITH_UART_FPGA: FwId = FwId {
crate_name: "caliptra-runtime",
bin_name: "caliptra-runtime",
features: &["emu", "fips_self_test", "fpga_realtime"],
features: &["emu", "fips_self_test", "fmc-alias-csr", "fpga_realtime"],
};

pub mod caliptra_builder_tests {
Expand Down
4 changes: 2 additions & 2 deletions common/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,9 @@ pub use fuse::{FuseLogEntry, FuseLogEntryId};
pub use pcr::{PcrLogEntry, PcrLogEntryId, RT_FW_CURRENT_PCR, RT_FW_JOURNEY_PCR};

pub const FMC_ORG: u32 = 0x40000000;
pub const FMC_SIZE: u32 = 22 * 1024 - 512;
pub const FMC_SIZE: u32 = 21 * 1024;
pub const RUNTIME_ORG: u32 = FMC_ORG + FMC_SIZE;
pub const RUNTIME_SIZE: u32 = 95 * 1024 + 512;
pub const RUNTIME_SIZE: u32 = 96 * 1024;

pub use memory_layout::{DATA_ORG, PERSISTENT_DATA_ORG};
pub use wdt::{restart_wdt, start_wdt, stop_wdt, WdtTimeout};
2 changes: 1 addition & 1 deletion drivers/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ verilator = ["caliptra-hw-model/verilator"]
no-cfi = []
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-registers/hw-1.0"]
fips-test-hooks = []
fmc_alias_csr = []
fmc-alias-csr = []

[dev-dependencies]
caliptra-api.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion drivers/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ pub use okref::okmutref;
pub use okref::okref;
pub use pcr_bank::{PcrBank, PcrId};
pub use pcr_reset::PcrResetCounter;
#[cfg(feature = "fmc")]
#[cfg(feature = "fmc-alias-csr")]
pub use persistent::fmc_alias_csr::FmcAliasCsr;
#[cfg(feature = "runtime")]
pub use persistent::AuthManifestImageMetadataList;
Expand Down
10 changes: 5 additions & 5 deletions drivers/src/persistent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ use crate::{
FirmwareHandoffTable,
};

#[cfg(feature = "fmc")]
#[cfg(feature = "fmc-alias-csr")]
use crate::FmcAliasCsr;

#[cfg(feature = "runtime")]
Expand Down Expand Up @@ -74,7 +74,7 @@ pub struct IdevIdCsr {
csr: [u8; MAX_CSR_SIZE],
}

#[cfg(feature = "fmc")]
#[cfg(feature = "fmc-alias-csr")]
pub mod fmc_alias_csr {
use super::*;

Expand Down Expand Up @@ -262,13 +262,13 @@ pub struct PersistentData {
pub idevid_csr: IdevIdCsr,
reserved10: [u8; IDEVID_CSR_SIZE as usize - size_of::<IdevIdCsr>()],

#[cfg(feature = "fmc")]
#[cfg(feature = "fmc-alias-csr")]
pub fmc_alias_csr: FmcAliasCsr,

#[cfg(feature = "fmc")]
#[cfg(feature = "fmc-alias-csr")]
reserved11: [u8; FMC_ALIAS_CSR_SIZE as usize - size_of::<FmcAliasCsr>()],

#[cfg(not(feature = "fmc"))]
#[cfg(not(feature = "fmc-alias-csr"))]
pub fmc_alias_csr: [u8; FMC_ALIAS_CSR_SIZE as usize],

// Reserved memory for future objects.
Expand Down
3 changes: 3 additions & 0 deletions error/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,9 @@ impl CaliptraError {
pub const RUNTIME_GET_FMC_CSR_UNPROVISIONED: CaliptraError =
CaliptraError::new_const(0x000E0054);

pub const RUNTIME_GET_FMC_CSR_UNSUPPORTED_FMC: CaliptraError =
CaliptraError::new_const(0x000E0055);

/// FMC Errors
pub const FMC_GLOBAL_NMI: CaliptraError = CaliptraError::new_const(0x000F0001);
pub const FMC_GLOBAL_EXCEPTION: CaliptraError = CaliptraError::new_const(0x000F0002);
Expand Down
2 changes: 1 addition & 1 deletion fmc/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,4 @@ itrng = ["caliptra-hw-model/itrng"]
verilator = ["caliptra-hw-model/verilator"]
fake-fmc = []
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-cpu/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0"]
fmc_alias_csr = ["caliptra-drivers/fmc_alias_csr"]
fmc-alias-csr = ["caliptra-drivers/fmc-alias-csr"]
2 changes: 1 addition & 1 deletion fmc/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ cargo build \
--target riscv32imc-unknown-none-elf \
--profile=firmware \
--no-default-features \
--features=fmc_alias_csr \
--features=fmc-alias-csr \
--bin=caliptra-fmc
4 changes: 4 additions & 0 deletions fmc/src/flow/crypto.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ Abstract:
use caliptra_x509::Ecdsa384Signature;

use crate::fmc_env::FmcEnv;
#[cfg(feature = "fmc-alias-csr")]
use caliptra_drivers::okmutref;
#[cfg(feature = "fmc-alias-csr")]
use zeroize::Zeroize;

use caliptra_cfi_derive::cfi_impl_fn;
Expand Down Expand Up @@ -218,12 +220,14 @@ impl Crypto {
///
/// * `env` - FMC Environment
/// * `priv_key` - Key slot to retrieve the private key
/// * `pub_key` - Public key to verify with
/// * `data` - Input data to hash
///
/// # Returns
///
/// * `Ecc384Signature` - Signature
#[inline(always)]
#[cfg(feature = "fmc-alias-csr")]
pub fn ecdsa384_sign_and_verify(
env: &mut FmcEnv,
priv_key: KeyId,
Expand Down
3 changes: 2 additions & 1 deletion fmc/src/flow/fmc_alias_csr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ use crate::flow::crypto::Ecdsa384SignatureAdapter;
use zeroize::Zeroize;

use caliptra_drivers::okmutref;

use caliptra_drivers::FmcAliasCsr;

use caliptra_x509::FmcAliasCsrTbs;
Expand All @@ -25,7 +26,7 @@ use caliptra_x509::Ecdsa384CsrBuilder;
///
/// # Arguments
///
/// * `hand_off` - HandOff
/// * `env` - FMC Environment
///
/// # Returns
///
Expand Down
20 changes: 13 additions & 7 deletions fmc/src/flow/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,13 @@ Abstract:

mod crypto;
pub mod dice;
#[cfg(feature = "fmc-alias-csr")]
mod fmc_alias_csr;
mod pcr;
mod rt_alias;
mod tci;
mod x509;

use caliptra_drivers::ResetReason;

use crate::flow::rt_alias::RtAliasLayer;

use crate::fmc_env::FmcEnv;
Expand All @@ -33,11 +32,18 @@ use caliptra_drivers::CaliptraResult;
///
/// * `env` - FMC Environment
pub fn run(env: &mut FmcEnv) -> CaliptraResult<()> {
let reset_reason = env.soc_ifc.reset_reason();

if reset_reason == ResetReason::ColdReset {
// Generate the FMC Alias Certificate Signing Request (CSR)
fmc_alias_csr::generate_csr(env)?;
#[cfg(feature = "fmc-alias-csr")]
{
use caliptra_cfi_lib::cfi_assert_eq;
use caliptra_drivers::ResetReason;

let reset_reason = env.soc_ifc.reset_reason();

if reset_reason == ResetReason::ColdReset {
cfi_assert_eq(env.soc_ifc.reset_reason(), ResetReason::ColdReset);
// Generate the FMC Alias Certificate Signing Request (CSR)
fmc_alias_csr::generate_csr(env)?;
}
}

RtAliasLayer::run(env)
Expand Down
5 changes: 3 additions & 2 deletions runtime/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ caliptra-cfi-lib-git = { workspace = true, default-features = false, features =
caliptra-cfi-derive-git.workspace = true
caliptra_common = { workspace = true, default-features = false, features = ["runtime"] }
caliptra-cpu.workspace = true
caliptra-drivers = { workspace = true, features = ["fmc", "runtime"] }
caliptra-drivers = { workspace = true, features = ["fmc-alias-csr", "runtime"] }
caliptra-error = { workspace = true, default-features = false }
caliptra-image-types = { workspace = true, default-features = false }
caliptra-auth-man-types = { workspace = true, default-features = false }
Expand Down Expand Up @@ -64,4 +64,5 @@ fips_self_test=[]
no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"]
fpga_realtime = ["caliptra-drivers/fpga_realtime"]
"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
fips-test-hooks = ["caliptra-drivers/fips-test-hooks"]
fmc-alias-csr = ["caliptra-drivers/fmc-alias-csr"]
1 change: 1 addition & 0 deletions runtime/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,5 @@ cargo build \
--target riscv32imc-unknown-none-elf \
--profile=firmware \
--no-default-features \
--features=fmc-alias-csr \
--bin=caliptra-runtime
5 changes: 3 additions & 2 deletions runtime/src/get_fmc_alias_csr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ use zerocopy::{FromBytes, IntoBytes};

pub struct GetFmcAliasCsrCmd;
impl GetFmcAliasCsrCmd {
// #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
#[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
#[inline(never)]
pub(crate) fn execute(drivers: &mut Drivers, cmd_args: &[u8]) -> CaliptraResult<MailboxResp> {
let csr_persistent_mem = &drivers.persistent_data.get().fmc_alias_csr;

match csr_persistent_mem.get_csr_len() {
FmcAliasCsr::UNPROVISIONED_CSR => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED),
0 => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNSUPPORTED_FMC),
len => {
let mut resp = GetFmcAliasCsrResp {
data_size: len,
Expand All @@ -39,7 +40,7 @@ impl GetFmcAliasCsrCmd {
// csr is guranteed to be the same size as `len`, and therefore
// `resp.data_size` by the `FmcAliasCsr::get` API.
//
// A valid `IDevIDCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max
// A valid `FmcAliasCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max
// size of the buffer in `GetIdevCsrResp`
resp.data[..resp.data_size as usize].copy_from_slice(csr);

Expand Down
3 changes: 3 additions & 0 deletions runtime/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ mod dpe_crypto;
mod dpe_platform;
mod drivers;
pub mod fips;
#[cfg(feature = "fmc-alias-csr")]
mod get_fmc_alias_csr;
mod get_idev_csr;
pub mod handoff;
Expand Down Expand Up @@ -59,6 +60,7 @@ pub use fips::FipsShutdownCmd;
pub use fips::{fips_self_test_cmd, fips_self_test_cmd::SelfTestStatus};
pub use populate_idev::PopulateIDevIdCertCmd;

#[cfg(feature = "fmc-alias-csr")]
pub use get_fmc_alias_csr::GetFmcAliasCsrCmd;
pub use get_idev_csr::GetIdevCsrCmd;
pub use info::{FwInfoCmd, IDevIdInfoCmd};
Expand Down Expand Up @@ -227,6 +229,7 @@ fn handle_command(drivers: &mut Drivers) -> CaliptraResult<MboxStatusE> {
CommandId::SET_AUTH_MANIFEST => SetAuthManifestCmd::execute(drivers, cmd_bytes),
CommandId::AUTHORIZE_AND_STASH => AuthorizeAndStashCmd::execute(drivers, cmd_bytes),
CommandId::GET_IDEV_CSR => GetIdevCsrCmd::execute(drivers, cmd_bytes),
#[cfg(feature = "fmc-alias-csr")]
CommandId::GET_FMC_ALIAS_CSR => GetFmcAliasCsrCmd::execute(drivers, cmd_bytes),
_ => Err(CaliptraError::RUNTIME_UNIMPLEMENTED_COMMAND),
}?;
Expand Down
2 changes: 1 addition & 1 deletion test/tests/caliptra_integration_tests/jtag_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ fn gdb_test() {
.unwrap();

hw.step();
hw.step_until_output_contains("[rt] Runtime listening for mailbox commands...\n")
hw.step_until_output_contains("[rt] listening for commands...\n")
.unwrap();

#[cfg(feature = "fpga_realtime")]
Expand Down

0 comments on commit bfc72aa

Please sign in to comment.