Self Signed FMC Alias Csr #1863
Conversation
rusty1968
commented
Dec 19, 2024
rusty1968
commented
- FMC modfied to generate a self signed FMC Alias CSR test upon cold boot.
- Persistent driver modified to add persistent memory for the FMC Alias CSR
- Runtime modified to expose an API to retrieve it.
- Test case created to verify the self signed FMC Alias CSR.
- Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.
rusty1968
requested review from
jhand2,
fdamato,
bluegate010,
mhatrevi,
swenson,
vsonims,
FerralCoder,
ajisaxena,
jlmahowa-amd,
korran and
JohnTraverAmd
as code owners
api/src/mailbox.rs
Outdated
| @@ -1010,6 +1016,41 @@ impl Default for GetIdevCsrResp { | |||
| } | |||
| } | |||
|
|
|||
| // GET_IDEVID_CSR | |||
There was a problem hiding this comment.
nit: Minor copy paste error
There was a problem hiding this comment.
Corrected. Thank you.
drivers/src/persistent.rs
Outdated
| #[cfg(feature = "fmc")] | ||
| reserved11: [u8; memory_layout::FMC_ALIAS_CSR_SIZE as usize - size_of::<FmcAliasCsr>()], |
There was a problem hiding this comment.
When the fmc is not enabled, a slice of memory_layout::FMC_ALIAS_CSR_SIZE should still be reserved so PersistentData is the same size / shape between image types.
There was a problem hiding this comment.
Corrected. Thanks.
error/src/lib.rs
Outdated
| @@ -450,6 +450,9 @@ impl CaliptraError { | |||
| pub const RUNTIME_AUTH_MANIFEST_IMAGE_METADATA_LIST_DUPLICATE_FIRMWARE_ID: CaliptraError = | |||
| CaliptraError::new_const(0x000E0053); | |||
|
|
|||
| pub const RUNTIME_GET_FMC_CSR_UNPROVISIONED: CaliptraError = | |||
| CaliptraError::new_const(0x000E0053); | |||
There was a problem hiding this comment.
0x000E0053 => 0x000E0054 so RUNTIME_GET_FMC_CSR_UNPROVISIONED has a unique error code.
There was a problem hiding this comment.
Corrected, Thanks.
| /// # Arguments | ||
| /// | ||
| /// * `env` - FMC Environment | ||
| /// * `priv_key` - Key slot to retrieve the private key |
There was a problem hiding this comment.
Looks like pub_key is missing from the doc comment.
fmc/src/flow/fmc_alias_csr.rs
Outdated
| /// * `hand_off` - HandOff | ||
| /// | ||
| /// # Returns | ||
| /// | ||
| /// * `DiceInput` - DICE Layer Input |
There was a problem hiding this comment.
Looks like the doc string doesn't match the function signature.
There was a problem hiding this comment.
It did not. Thanks.
| let csr_persistent_mem = &drivers.persistent_data.get().fmc_alias_csr; | ||
|
|
||
| match csr_persistent_mem.get_csr_len() { | ||
| FmcAliasCsr::UNPROVISIONED_CSR => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED), |
There was a problem hiding this comment.
Does the 0 case matter? E.g. for FMC images that did not support this feature?
runtime/src/get_fmc_alias_csr.rs
Outdated
|
|
||
| pub struct GetFmcAliasCsrCmd; | ||
| impl GetFmcAliasCsrCmd { | ||
| // #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] |
runtime/src/get_fmc_alias_csr.rs
Outdated
| // A valid `IDevIDCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max | ||
| // size of the buffer in `GetIdevCsrResp` |
There was a problem hiding this comment.
nit: Copy and paste mismatch
| @@ -38,9 +38,9 @@ pub use fuse::{FuseLogEntry, FuseLogEntryId}; | |||
| pub use pcr::{PcrLogEntry, PcrLogEntryId, RT_FW_CURRENT_PCR, RT_FW_JOURNEY_PCR}; | |||
|
|
|||
| pub const FMC_ORG: u32 = 0x40000000; | |||
| pub const FMC_SIZE: u32 = 20 * 1024; | |||
There was a problem hiding this comment.
According to the size-history CI job, we're still only using ~18KiB in FMC. Do we need to change the size here?
There was a problem hiding this comment.
I had to increase it. If I keep it the same it won't fit:
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 312 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 961 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 964 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 976 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 988 bytes
rust-lld: error: section '.rodata' will not fit in region 'ICCM': overflowed by 988 bytes
drivers/src/memory_layout.rs
Outdated
| @@ -74,7 +75,8 @@ pub const DPE_SIZE: u32 = 5 * 1024; | |||
| pub const PCR_RESET_COUNTER_SIZE: u32 = 1024; | |||
| pub const AUTH_MAN_IMAGE_METADATA_MAX_SIZE: u32 = 7 * 1024; | |||
| pub const IDEVID_CSR_SIZE: u32 = 1024; | |||
| pub const DATA_SIZE: u32 = 27 * 1024; | |||
There was a problem hiding this comment.
nit: now that #1722 is merged, should be able to just add to the PersistentData driver and leave memory layout as-is
There was a problem hiding this comment.
Agree. Thanks for pointing this out.
| @@ -164,6 +231,12 @@ pub struct PersistentData { | |||
|
|
|||
| pub idevid_csr: IdevIdCsr, | |||
| reserved10: [u8; memory_layout::IDEVID_CSR_SIZE as usize - size_of::<IdevIdCsr>()], | |||
|
|
|||
| #[cfg(feature = "fmc")] | |||
| pub fmc_alias_csr: FmcAliasCsr, | |||
There was a problem hiding this comment.
Doesn't this also need to be accessible in RT?
There was a problem hiding this comment.
Correct. The feature is now renamed to fmc-alias-csr.
There was a problem hiding this comment.
Why do we need a new feature for this? Can you simply use the runtime feature?
| \____\__,_|_|_| .__/ \__|_| \__,_| |_| \_\|_| | ||
| |_| | ||
| "#; | ||
| const BANNER: &str = r#"Caliptra RT"#; |
There was a problem hiding this comment.
optional: might be good to put size optimizations in a separate PR
rusty1968
force-pushed
the
fmc-csr-feature
branch
4 times, most recently
from
ea58405 to
d021950
Compare
rusty1968
force-pushed
the
fmc-csr-feature
branch
6 times, most recently
from
2edab39 to
95aab5e
Compare
- FMC modfied to generate a self signed FMC Alias CSR test upon cold boot. - Persistent driver modified to add persistent memory for the FMC Alias CSR - Runtime modified to expose an API to retrieve it. - Test case created to verify the self signed FMC Alias CSR. - Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.
rusty1968
force-pushed
the
fmc-csr-feature
branch
from
95aab5e to
bfc72aa
Compare
| pub const RUNTIME_ORG: u32 = FMC_ORG + FMC_SIZE; | ||
| pub const RUNTIME_SIZE: u32 = 97 * 1024; | ||
| pub const RUNTIME_SIZE: u32 = 96 * 1024; |
drivers/src/persistent.rs
Outdated
| persistent_data_offset += IDEVID_CSR_SIZE; | ||
| assert_eq!( | ||
| addr_of!((*P).reserved_memory) as u32, | ||
| addr_of!((*P).fmc_alias_csr) as u32, | ||
| memory_layout::PERSISTENT_DATA_ORG + persistent_data_offset | ||
| ); |
There was a problem hiding this comment.
Please re-add the check for reserved_memory.
drivers/Cargo.toml
Outdated
| @@ -37,6 +37,7 @@ verilator = ["caliptra-hw-model/verilator"] | |||
| no-cfi = [] | |||
| "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-registers/hw-1.0"] | |||
| fips-test-hooks = [] | |||
| fmc-alias-csr = [] | |||
There was a problem hiding this comment.
Why is there a need for a separate feature for this?
fmc/src/flow/fmc_alias_csr.rs
Outdated
| Ok(output) | ||
| } | ||
|
|
||
| fn write_csr_to_peristent_storage(env: &mut FmcEnv, csr: &FmcAliasCsr) -> CaliptraResult<()> { |
There was a problem hiding this comment.
This function can never fail so no point in keeping the return type as CaliptraResult.
There was a problem hiding this comment.
Agree. Same applies to https://github.com/chipsalliance/caliptra-sw/blob/main/rom/dev/src/flow/cold_reset/idev_id.rs#L294 ?
| @@ -100,18 +99,15 @@ impl RtAliasLayer { | |||
| #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] | |||
| #[inline(never)] | |||
| pub fn run(env: &mut FmcEnv) -> CaliptraResult<()> { | |||
There was a problem hiding this comment.
Any particular reason for removing these?
x509/src/fmc_alias_csr.rs
Outdated
|
|
||
| Abstract: | ||
|
|
||
| Initial Device ID Certificate Signing Request related code. |
x509/src/fmc_alias_csr.rs
Outdated
|
|
||
| File Name: | ||
|
|
||
| idevid_csr.rs |
rusty1968
force-pushed
the
fmc-csr-feature
branch
from
bfc72aa to
373fbac
Compare
