diff --git a/.gitmodules b/.gitmodules index 55c387cb7b..3f0bd70983 100644 --- a/.gitmodules +++ b/.gitmodules @@ -12,6 +12,3 @@ [submodule "hw/latest/i3c-core-rtl"] path = hw/latest/i3c-core-rtl url = https://github.com/chipsalliance/i3c-core.git -[submodule "hw/latest/adams-bridge"] - path = hw/latest/adams-bridge - url = https://github.com/chipsalliance/adams-bridge.git diff --git a/api/src/soc_mgr.rs b/api/src/soc_mgr.rs index 2693aab6ac..29cf550bba 100644 --- a/api/src/soc_mgr.rs +++ b/api/src/soc_mgr.rs @@ -33,13 +33,13 @@ pub const NUM_PAUSERS: usize = 5; /// impl SocManager for RealSocManager { /// /// Address of the mailbox, remapped for the SoC. /// const SOC_MBOX_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_MBOX_ADDR); -/// +/// /// /// Address of the SoC interface, remapped for the SoC. /// const SOC_IFC_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_IFC_ADDR); -/// +/// /// /// Address of the SoC TRNG interface, remapped for the SoC. /// const SOC_IFC_TRNG_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_IFC_TRNG_ADDR); -/// +/// /// /// Address of the SHA-512 accelerator, remapped for the SoC. /// const SOC_SHA512_ACC_ADDR: u32 = caliptra_address_remap(CPTRA_SOC_SHA512_ACC_ADDR); /// @@ -86,7 +86,7 @@ pub trait SocManager { for (idx, apb_pauser) in apb_pausers.iter().enumerate() { if self .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(idx) .read() .lock() @@ -95,11 +95,11 @@ pub trait SocManager { } self.soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(idx) .write(|_| *apb_pauser); self.soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(idx) .write(|w| w.lock(true)); } @@ -126,11 +126,18 @@ pub trait SocManager { self.soc_ifc() .fuse_key_manifest_pk_hash() .write(&fuses.key_manifest_pk_hash); + self.soc_ifc().fuse_key_manifest_pk_hash_mask().write(&[ + fuses.key_manifest_pk_hash_mask.into(), + 0, + 0, + 0, + 0, + 0, + 0, + 0, + ]); self.soc_ifc() - .fuse_key_manifest_pk_hash_mask() - .write(|w| w.mask(fuses.key_manifest_pk_hash_mask.into())); - self.soc_ifc() - .fuse_owner_pk_hash() + .cptra_owner_pk_hash() .write(&fuses.owner_pk_hash); self.soc_ifc() .fuse_fmc_key_manifest_svn() @@ -145,12 +152,6 @@ pub trait SocManager { self.soc_ifc() .fuse_idevid_manuf_hsm_id() .write(&fuses.idevid_manuf_hsm_id); - self.soc_ifc() - .fuse_life_cycle() - .write(|w| w.life_cycle(fuses.life_cycle.into())); - self.soc_ifc() - .fuse_lms_verify() - .write(|w| w.lms_verify(fuses.lms_verify)); self.soc_ifc() .fuse_lms_revocation() .write(|_| fuses.fuse_lms_revocation); diff --git a/api/types/src/lib.rs b/api/types/src/lib.rs index 37f4f05d71..7d6fb712df 100644 --- a/api/types/src/lib.rs +++ b/api/types/src/lib.rs @@ -6,9 +6,9 @@ // * The constant should be easily recognizable in waveforms and debug logs // * Every word must be different to ensure that a "stuck word" bug is noticed. // * Each byte in a word must be unique to ensure an endianness bug is noticed. -pub const DEFAULT_UDS_SEED: [u32; 12] = [ +pub const DEFAULT_UDS_SEED: [u32; 16] = [ 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f, 0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f, - 0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f, + 0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f, 0x30313233, 0x34353637, 0x38393a3b, 0x3c3d3e3f, ]; pub const DEFAULT_FIELD_ENTROPY: [u32; 8] = [ @@ -154,7 +154,7 @@ impl TryFrom for U4 { #[derive(Clone, Debug)] pub struct Fuses { - pub uds_seed: [u32; 12], + pub uds_seed: [u32; 16], pub field_entropy: [u32; 8], pub key_manifest_pk_hash: [u32; 12], pub key_manifest_pk_hash_mask: U4, @@ -165,8 +165,8 @@ pub struct Fuses { pub idevid_cert_attr: [u32; 24], pub idevid_manuf_hsm_id: [u32; 4], pub life_cycle: DeviceLifecycle, - pub lms_verify: bool, pub fuse_lms_revocation: u32, + pub fuse_mldsa_revocation: u32, pub soc_stepping_id: u16, } impl Default for Fuses { @@ -183,8 +183,8 @@ impl Default for Fuses { idevid_cert_attr: Default::default(), idevid_manuf_hsm_id: Default::default(), life_cycle: Default::default(), - lms_verify: Default::default(), fuse_lms_revocation: Default::default(), + fuse_mldsa_revocation: Default::default(), soc_stepping_id: Default::default(), } } diff --git a/drivers/src/fuse_bank.rs b/drivers/src/fuse_bank.rs index f12455319d..44f7ae8642 100644 --- a/drivers/src/fuse_bank.rs +++ b/drivers/src/fuse_bank.rs @@ -215,7 +215,7 @@ impl FuseBank<'_> { pub fn vendor_ecc_pub_key_revocation(&self) -> VendorPubKeyRevocation { let soc_ifc_regs = self.soc_ifc.regs(); VendorPubKeyRevocation::from_bits_truncate( - soc_ifc_regs.fuse_key_manifest_pk_hash_mask().read().mask(), + soc_ifc_regs.fuse_key_manifest_pk_hash_mask().read()[0], ) } @@ -232,6 +232,19 @@ impl FuseBank<'_> { soc_ifc_regs.fuse_lms_revocation().read() } + /// Get the mldsa vendor public key revocation mask. + /// + /// # Arguments + /// * None + /// + /// # Returns + /// mldsa vendor public key revocation mask + /// + pub fn vendor_mldsa_pub_key_revocation(&self) -> u32 { + let soc_ifc_regs = self.soc_ifc.regs(); + soc_ifc_regs.fuse_mldsa_revocation().read().into() + } + /// Get the owner public key hash. /// /// # Arguments @@ -242,7 +255,7 @@ impl FuseBank<'_> { /// pub fn owner_pub_key_hash(&self) -> Array4x12 { let soc_ifc_regs = self.soc_ifc.regs(); - Array4x12::read_from_reg(soc_ifc_regs.fuse_owner_pk_hash()) + Array4x12::read_from_reg(soc_ifc_regs.cptra_owner_pk_hash()) } /// Get the rollback disability setting. diff --git a/drivers/src/key_vault.rs b/drivers/src/key_vault.rs index b3b9b2d883..72b7db7635 100644 --- a/drivers/src/key_vault.rs +++ b/drivers/src/key_vault.rs @@ -44,14 +44,6 @@ pub enum KeyId { KeyId21 = 21, KeyId22 = 22, KeyId23 = 23, - KeyId24 = 24, - KeyId25 = 25, - KeyId26 = 26, - KeyId27 = 27, - KeyId28 = 28, - KeyId29 = 29, - KeyId30 = 30, - KeyId31 = 31, } impl TryFrom for KeyId { @@ -82,14 +74,6 @@ impl TryFrom for KeyId { 21 => Ok(Self::KeyId21), 22 => Ok(Self::KeyId22), 23 => Ok(Self::KeyId23), - 24 => Ok(Self::KeyId24), - 25 => Ok(Self::KeyId25), - 26 => Ok(Self::KeyId26), - 27 => Ok(Self::KeyId27), - 28 => Ok(Self::KeyId28), - 29 => Ok(Self::KeyId29), - 30 => Ok(Self::KeyId30), - 31 => Ok(Self::KeyId31), _ => Err(()), } } @@ -127,8 +111,8 @@ bitfield! { /// Flag indicating if the key can be used as HMAC data pub hmac_data, set_hmac_data: 1; - /// Flag indicating if the key can be used as SHA data - pub sha_data, set_sha_data: 2; + /// Flag indicating if the key can be used as MLDSA seed + pub mldsa_seed, set_mldsa_seed: 2; /// Flag indicating if the key can be used aas ECC Private Key pub ecc_private_key, set_ecc_private_key: 3; @@ -150,8 +134,8 @@ impl KeyUsage { self.set_hmac_data(true); *self } - pub fn set_sha_data_en(&mut self) -> KeyUsage { - self.set_sha_data(true); + pub fn set_mldsa_seed_en(&mut self) -> KeyUsage { + self.set_mldsa_seed(true); *self } pub fn set_ecc_private_key_en(&mut self) -> KeyUsage { @@ -181,7 +165,7 @@ impl KeyVault { /// /// Note: The keys that have "use" or "write" lock set will not be erased pub fn erase_all_keys(&mut self) { - const KEY_IDS: [KeyId; 32] = [ + const KEY_IDS: [KeyId; 24] = [ KeyId::KeyId0, KeyId::KeyId1, KeyId::KeyId2, @@ -206,14 +190,6 @@ impl KeyVault { KeyId::KeyId21, KeyId::KeyId22, KeyId::KeyId23, - KeyId::KeyId24, - KeyId::KeyId25, - KeyId::KeyId26, - KeyId::KeyId27, - KeyId::KeyId28, - KeyId::KeyId29, - KeyId::KeyId30, - KeyId::KeyId31, ]; for id in KEY_IDS { diff --git a/drivers/src/kv_access.rs b/drivers/src/kv_access.rs index 66ae4a3ca8..bfd649353a 100644 --- a/drivers/src/kv_access.rs +++ b/drivers/src/kv_access.rs @@ -138,7 +138,7 @@ impl KvAccess { .write_entry(key.id.into()) .hmac_key_dest_valid(key.usage.hmac_key()) .hmac_block_dest_valid(key.usage.hmac_data()) - .sha_block_dest_valid(key.usage.sha_data()) + .mldsa_seed_dest_valid(key.usage.mldsa_seed()) .ecc_pkey_dest_valid(key.usage.ecc_private_key()) .ecc_seed_dest_valid(key.usage.ecc_key_gen_seed()) }); diff --git a/drivers/src/mailbox.rs b/drivers/src/mailbox.rs index 53a6df2e54..d1a4224cf2 100644 --- a/drivers/src/mailbox.rs +++ b/drivers/src/mailbox.rs @@ -270,7 +270,7 @@ impl<'a> MailboxRecvPeek<'a> { /// Returns the value stored in the user register pub fn id(&self) -> u32 { let mbox = self.mbox.regs(); - mbox.id().read() + mbox.user().read() } /// Returns the value stored in the data length register. This is the total diff --git a/drivers/src/soc_ifc.rs b/drivers/src/soc_ifc.rs index 872a1722a4..a6a022b402 100644 --- a/drivers/src/soc_ifc.rs +++ b/drivers/src/soc_ifc.rs @@ -77,12 +77,12 @@ impl SocIfc { pub fn mbox_valid_pauser(&self) -> [u32; 5] { let soc_ifc_regs = self.soc_ifc.regs(); - soc_ifc_regs.cptra_mbox_valid_axi_id().read() + soc_ifc_regs.cptra_mbox_valid_axi_user().read() } pub fn mbox_pauser_lock(&self) -> [bool; 5] { let soc_ifc_regs = self.soc_ifc.regs(); - let pauser_lock = soc_ifc_regs.cptra_mbox_axi_id_lock(); + let pauser_lock = soc_ifc_regs.cptra_mbox_axi_user_lock(); [ pauser_lock.at(0).read().lock(), pauser_lock.at(1).read().lock(), @@ -119,14 +119,16 @@ impl SocIfc { .write(|w| w.idevid_csr_ready(true)); } - /// Set ready for firmware + /// Set ready for Mailbox operations /// /// # Arguments /// /// * None - pub fn flow_status_set_ready_for_firmware(&mut self) { + pub fn flow_status_set_ready_for_mb_processing(&mut self) { let soc_ifc = self.soc_ifc.regs_mut(); - soc_ifc.cptra_flow_status().write(|w| w.ready_for_fw(true)); + soc_ifc + .cptra_flow_status() + .write(|w| w.ready_for_mb_processing(true)); } /// Get 'ready for firmware' status @@ -134,9 +136,9 @@ impl SocIfc { /// # Arguments /// /// * None - pub fn flow_status_ready_for_firmware(&mut self) -> bool { + pub fn flow_status_ready_for_mb_processing(&mut self) -> bool { let soc_ifc = self.soc_ifc.regs_mut(); - soc_ifc.cptra_flow_status().read().ready_for_fw() + soc_ifc.cptra_flow_status().read().ready_for_mb_processing() } pub fn fuse_bank(&self) -> FuseBank { diff --git a/drivers/test-fw/src/bin/keyvault_tests.rs b/drivers/test-fw/src/bin/keyvault_tests.rs index 21ed5a2ec3..d63c4f257d 100644 --- a/drivers/test-fw/src/bin/keyvault_tests.rs +++ b/drivers/test-fw/src/bin/keyvault_tests.rs @@ -20,7 +20,7 @@ use caliptra_registers::kv::KvReg; use caliptra_test_harness::test_suite; #[cfg(not(feature = "fpga_realtime"))] -const KEY_IDS: [KeyId; 32] = [ +const KEY_IDS: [KeyId; 24] = [ KeyId::KeyId0, KeyId::KeyId1, KeyId::KeyId2, @@ -45,14 +45,6 @@ const KEY_IDS: [KeyId; 32] = [ KeyId::KeyId21, KeyId::KeyId22, KeyId::KeyId23, - KeyId::KeyId24, - KeyId::KeyId25, - KeyId::KeyId26, - KeyId::KeyId27, - KeyId::KeyId28, - KeyId::KeyId29, - KeyId::KeyId30, - KeyId::KeyId31, ]; #[cfg(feature = "fpga_realtime")] diff --git a/drivers/test-fw/src/bin/mldsa87_tests.rs b/drivers/test-fw/src/bin/mldsa87_tests.rs index b11711983e..68d9756970 100644 --- a/drivers/test-fw/src/bin/mldsa87_tests.rs +++ b/drivers/test-fw/src/bin/mldsa87_tests.rs @@ -392,6 +392,8 @@ const MESSAGE: [u8; 64] = [ 186, ]; +const KEY_ID: KeyId = KeyId::KeyId1; + fn test_gen_key_pair() { let mut trng = unsafe { Trng::new( @@ -411,8 +413,8 @@ fn test_gen_key_pair() { let mut hmac = unsafe { Hmac::new(HmacReg::new()) }; let key_out_1 = KeyWriteArgs { - id: KeyId::KeyId0, - usage: KeyUsage::default().set_ecc_key_gen_seed_en(), + id: KEY_ID, + usage: KeyUsage::default().set_mldsa_seed_en(), }; hmac.hmac( @@ -424,7 +426,7 @@ fn test_gen_key_pair() { ) .unwrap(); - let seed = KeyReadArgs::new(KeyId::KeyId0); + let seed = KeyReadArgs::new(KEY_ID); let public_key = ml_dsa87.key_pair(&seed, &mut trng).unwrap(); assert_eq!(public_key, Mldsa87PubKey::from(PUBKEY)); } @@ -443,7 +445,7 @@ fn test_sign() { }; let sign_rnd = Mldsa87SignRnd::default(); // Deterministic signing - let seed = KeyReadArgs::new(KeyId::KeyId0); // Reuse SEED + let seed = KeyReadArgs::new(KEY_ID); // Reuse SEED let signature = ml_dsa87 .sign( diff --git a/drivers/test-fw/src/bin/status_reporter_tests.rs b/drivers/test-fw/src/bin/status_reporter_tests.rs index e18a8a45c1..ee8d297649 100644 --- a/drivers/test-fw/src/bin/status_reporter_tests.rs +++ b/drivers/test-fw/src/bin/status_reporter_tests.rs @@ -40,9 +40,13 @@ fn test_report_idevid_csr_ready() { fn test_report_ready_for_firmware() { let soc_ifc = unsafe { SocIfcReg::new() }; - SocIfc::new(soc_ifc).flow_status_set_ready_for_firmware(); + SocIfc::new(soc_ifc).flow_status_set_ready_for_mb_processing(); let soc_ifc = unsafe { SocIfcReg::new() }; - assert!(soc_ifc.regs().cptra_flow_status().read().ready_for_fw()); + assert!(soc_ifc + .regs() + .cptra_flow_status() + .read() + .ready_for_mb_processing()); } test_suite! { diff --git a/drivers/tests/drivers_integration_tests/main.rs b/drivers/tests/drivers_integration_tests/main.rs index 4ce11e5d20..25b1c21680 100644 --- a/drivers/tests/drivers_integration_tests/main.rs +++ b/drivers/tests/drivers_integration_tests/main.rs @@ -91,13 +91,13 @@ impl DoeTestVectors { }; result.expected_test_results.hmac_uds_as_key_out_pub = ecdsa_keygen(&hmac384( - swap_word_bytes(&result.doe_output.uds).as_bytes(), + swap_word_bytes(&result.doe_output.uds[..12]).as_bytes(), "Hello world!".as_bytes(), )); result.expected_test_results.hmac_uds_as_data_out_pub = ecdsa_keygen(&hmac384( swap_word_bytes(&caliptra_drivers_test_bin::DOE_TEST_HMAC_KEY).as_bytes(), - swap_word_bytes(&result.doe_output.uds).as_bytes(), + swap_word_bytes(&result.doe_output.uds[..12]).as_bytes(), )); result @@ -122,7 +122,8 @@ const DOE_TEST_VECTORS_DEBUG_MODE: DoeTestVectors = DoeTestVectors { // The decrypted UDS as stored in the key vault uds: [ 0x34aa667c, 0x0a52c71f, 0x977a1de2, 0x701ef611, 0x0de19e21, 0x24b49b9d, 0xdf205ff6, - 0xa9c04303, 0x0de19e21, 0x24b49b9d, 0xdf205ff6, 0xa9c04303, + 0xa9c04303, 0x0de19e21, 0x24b49b9d, 0xdf205ff6, 0xa9c04303, 0xde19e21, 0x24b49b9d, + 0xdf205ff6, 0xa9c04303, ], // The decrypted field entropy as stored in the key vault (with padding) @@ -196,7 +197,7 @@ fn test_generate_doe_vectors_when_debug_not_locked() { doe_iv: caliptra_drivers_test_bin::DOE_TEST_IV, - uds_seed: [0xffff_ffff_u32; 12], + uds_seed: [0xffff_ffff_u32; 16], field_entropy_seed: [0xffff_ffff_u32; 8], // In debug mode, this defaults to 0xaaaa_aaaa @@ -232,7 +233,8 @@ const DOE_TEST_VECTORS: DoeTestVectors = DoeTestVectors { doe_output: DoeOutput { uds: [ 0x0b21f10f, 0x6963005e, 0x4884d93f, 0x1f91037a, 0x2d37ffe0, 0x3727b5e8, 0xb78b9608, - 0x7e0e58d2, 0x420ce5ae, 0x4b1f04f8, 0x33b7af81, 0x72156bd8, + 0x7e0e58d2, 0x420ce5ae, 0x4b1f04f8, 0x33b7af81, 0x72156bd8, 0xf55d652c, 0xfbdb1831, + 0x58517e56, 0xfe1eab2f, ], field_entropy: [ 0x3d75d35e, 0xbc44a31e, 0xad27aee5, 0x75cdd170, 0xe51dcaf4, 0x09c096ae, 0xa70ff448, diff --git a/hw-model/c-binding/examples/api/caliptra_api.c b/hw-model/c-binding/examples/api/caliptra_api.c index 45d9c02189..a0eaafdd56 100644 --- a/hw-model/c-binding/examples/api/caliptra_api.c +++ b/hw-model/c-binding/examples/api/caliptra_api.c @@ -22,14 +22,13 @@ int caliptra_init_fuses(struct caliptra_model *model, struct caliptra_fuses *fus caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_UDS_SEED_0, fuses->uds_seed, CALIPTRA_ARRAY_SIZE(fuses->uds_seed)); caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_FIELD_ENTROPY_0, fuses->field_entropy, CALIPTRA_ARRAY_SIZE(fuses->field_entropy)); caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_0, fuses->key_manifest_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->key_manifest_pk_hash)); - caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK, fuses->key_manifest_pk_hash_mask); - caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash)); + caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK_0, fuses->key_manifest_pk_hash_mask); + caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_CPTRA_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash)); caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_FMC_KEY_MANIFEST_SVN, fuses->fmc_key_manifest_svn); caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_FMC_KEY_MANIFEST_SVN, fuses->runtime_svn, CALIPTRA_ARRAY_SIZE(fuses->runtime_svn)); caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_ANTI_ROLLBACK_DISABLE, (uint32_t)fuses->anti_rollback_disable); caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_IDEVID_CERT_ATTR_0, fuses->idevid_cert_attr, CALIPTRA_ARRAY_SIZE(fuses->idevid_cert_attr)); caliptra_fuse_array_write(model, GENERIC_AND_FUSE_REG_FUSE_IDEVID_MANUF_HSM_ID_0, fuses->idevid_manuf_hsm_id, CALIPTRA_ARRAY_SIZE(fuses->idevid_manuf_hsm_id)); - caliptra_fuse_write(model, GENERIC_AND_FUSE_REG_FUSE_LIFE_CYCLE, (uint32_t)fuses->life_cycle); // Write to Caliptra Fuse Done caliptra_model_axi_write_u32(model, CALIPTRA_TOP_REG_GENERIC_AND_FUSE_REG_CPTRA_FUSE_WR_DONE, 1); diff --git a/hw-model/src/lib.rs b/hw-model/src/lib.rs index 8552a83301..ee642945d0 100644 --- a/hw-model/src/lib.rs +++ b/hw-model/src/lib.rs @@ -253,7 +253,7 @@ pub struct BootParams<'a> { pub initial_dbg_manuf_service_reg: u32, pub initial_repcnt_thresh_reg: Option, pub initial_adaptp_thresh_reg: Option, - pub valid_axi_id: Vec, + pub valid_axi_user: Vec, pub wdt_timeout_cycles: u64, } @@ -266,7 +266,7 @@ impl<'a> Default for BootParams<'a> { initial_dbg_manuf_service_reg: Default::default(), initial_repcnt_thresh_reg: Default::default(), initial_adaptp_thresh_reg: Default::default(), - valid_axi_id: vec![0, 1, 2, 3, 4], + valid_axi_user: vec![0, 1, 2, 3, 4], wdt_timeout_cycles: EXPECTED_CALIPTRA_BOOT_TIME_IN_CYCLES, } } @@ -575,7 +575,7 @@ pub trait HwModel: SocManager { } // Set up the PAUSER as valid for the mailbox (using index 0) - self.setup_mailbox_users(boot_params.valid_axi_id.as_slice()) + self.setup_mailbox_users(boot_params.valid_axi_user.as_slice()) .map_err(ModelError::from)?; writeln!(self.output().logger(), "writing to cptra_bootfsm_go")?; @@ -826,7 +826,7 @@ pub trait HwModel: SocManager { fn ecc_error_injection(&mut self, _mode: ErrorInjectionMode) {} - fn set_axi_id(&mut self, axi_id: u32); + fn set_axi_user(&mut self, axi_user: u32); /// Executes a typed request and (if success), returns the typed response. /// The checksum field of the request is calculated, and the checksum of the @@ -867,7 +867,7 @@ pub trait HwModel: SocManager { } // Mailbox lock value should read 1 now - // If not, the reads are likely being blocked by the AXI_ID check or some other issue + // If not, the reads are likely being blocked by the AXI_USER check or some other issue if !(self.soc_mbox().lock().read().lock()) { return Err(ModelError::UnableToReadMailbox); } @@ -1134,15 +1134,15 @@ mod tests { model.soc_ifc().cptra_fuse_wr_done().write(|w| w.done(true)); model.soc_ifc().cptra_bootfsm_go().write(|w| w.go(true)); - // Set up the AXI_ID as valid for the mailbox (using index 0) + // Set up the AXI_USER as valid for the mailbox (using index 0) model .soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(0) .write(|_| 0x1); model .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(0) .write(|w| w.lock(true)); @@ -1178,15 +1178,15 @@ mod tests { model.soc_ifc().cptra_fuse_wr_done().write(|w| w.done(true)); model.soc_ifc().cptra_bootfsm_go().write(|w| w.go(true)); - // Set up the AXI_ID as valid for the mailbox (using index 0) + // Set up the AXI_USER as valid for the mailbox (using index 0) model .soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(0) .write(|_| 0x1); model .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(0) .write(|w| w.lock(true)); @@ -1209,15 +1209,15 @@ mod tests { model.soc_ifc().cptra_fuse_wr_done().write(|w| w.done(true)); model.soc_ifc().cptra_bootfsm_go().write(|w| w.go(true)); - // Set up the AXI_ID as valid for the mailbox (using index 0) + // Set up the AXI_USER as valid for the mailbox (using index 0) model .soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(0) .write(|_| 0x1); model .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(0) .write(|w| w.lock(true)); @@ -1237,10 +1237,10 @@ mod tests { #[test] // Currently only possible on verilator - // SW emulator does not support axi_id + // SW emulator does not support axi_user // For FPGA, test case needs to be reworked to capture SIGBUS from linux environment #[cfg(feature = "verilator")] - fn test_mbox_axi_id() { + fn test_mbox_axi_user() { let mut model = caliptra_hw_model::new_unbooted(InitParams { rom: &gen_image_hi(), ..Default::default() @@ -1250,27 +1250,27 @@ mod tests { model.soc_ifc().cptra_fuse_wr_done().write(|w| w.done(true)); model.soc_ifc().cptra_bootfsm_go().write(|w| w.go(true)); - // Set up the AXI_ID as valid for the mailbox (using index 0) + // Set up the AXI_USER as valid for the mailbox (using index 0) model .soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(0) .write(|_| 0x1); model .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(0) .write(|w| w.lock(true)); - // Set the AXI_ID to something invalid - model.set_axi_id(0x2); + // Set the AXI_USER to something invalid + model.set_axi_user(0x2); assert!(!model.soc_mbox().lock().read().lock()); - // Should continue to read 0 because the reads are being blocked by valid AXI_ID + // Should continue to read 0 because the reads are being blocked by valid AXI_USER assert!(!model.soc_mbox().lock().read().lock()); - // Set the AXI_ID back to valid - model.set_axi_id(0x1); + // Set the AXI_USER back to valid + model.set_axi_user(0x1); // Should read 0 the first time still for lock available assert!(!model.soc_mbox().lock().read().lock()); @@ -1393,12 +1393,12 @@ mod tests { // Set up the PAUSER as valid for the mailbox (using index 0) model .soc_ifc() - .cptra_mbox_valid_axi_id() + .cptra_mbox_valid_axi_user() .at(0) .write(|_| 0x1); model .soc_ifc() - .cptra_mbox_axi_id_lock() + .cptra_mbox_axi_user_lock() .at(0) .write(|w| w.lock(true)); diff --git a/hw-model/src/model_emulated.rs b/hw-model/src/model_emulated.rs index 9b0c32d970..c2515ee735 100644 --- a/hw-model/src/model_emulated.rs +++ b/hw-model/src/model_emulated.rs @@ -282,7 +282,7 @@ impl HwModel for ModelEmulated { } } - fn set_axi_id(&mut self, _axi_id: u32) { + fn set_axi_user(&mut self, _axi_user: u32) { unimplemented!(); } diff --git a/hw-model/src/model_fpga_realtime.rs b/hw-model/src/model_fpga_realtime.rs index 177c95931d..54e3b02df0 100644 --- a/hw-model/src/model_fpga_realtime.rs +++ b/hw-model/src/model_fpga_realtime.rs @@ -421,7 +421,7 @@ impl HwModel for ModelFpgaRealtime { m.set_security_state(params.security_state); // Set initial PAUSER - m.set_axi_id(DEFAULT_AXI_PAUSER); + m.set_axi_user(DEFAULT_AXI_PAUSER); // Set divisor for ITRNG throttling m.set_itrng_divider(ITRNG_DIVISOR); @@ -522,7 +522,7 @@ impl HwModel for ModelFpgaRealtime { // Do nothing; we don't support tracing yet } - fn set_axi_id(&mut self, pauser: u32) { + fn set_axi_user(&mut self, pauser: u32) { unsafe { self.wrapper .offset(FPGA_WRAPPER_PAUSER_OFFSET) diff --git a/hw-model/src/model_verilated.rs b/hw-model/src/model_verilated.rs index 8886bf0168..e09e7c4ec5 100644 --- a/hw-model/src/model_verilated.rs +++ b/hw-model/src/model_verilated.rs @@ -321,8 +321,8 @@ impl HwModel for ModelVerilated { } } - fn ready_for_fw(&self) -> bool { - self.v.output.ready_for_fw_push + fn ready_for_mb_processing(&self) -> bool { + self.v.output.ready_for_mb_processing_push } fn tracing_hint(&mut self, enable: bool) { @@ -364,7 +364,7 @@ impl HwModel for ModelVerilated { } } - fn set_axi_id(&mut self, pauser: u32) { + fn set_axi_user(&mut self, pauser: u32) { self.soc_axi_pauser = pauser; } } diff --git a/hw-model/test-fw/mailbox_responder.rs b/hw-model/test-fw/mailbox_responder.rs index 5a26921fe7..d4ca7122fd 100644 --- a/hw-model/test-fw/mailbox_responder.rs +++ b/hw-model/test-fw/mailbox_responder.rs @@ -29,7 +29,7 @@ extern "C" fn main() { soc_ifc .regs_mut() .cptra_flow_status() - .write(|w| w.ready_for_fw(true)); + .write(|w| w.ready_for_mb_processing(true)); let mut replay_buf_len = 0; let mut replay_buf = [0u32; 2048]; diff --git a/hw-model/test-fw/mailbox_sender.rs b/hw-model/test-fw/mailbox_sender.rs index cee321f6c2..ba264a71ca 100644 --- a/hw-model/test-fw/mailbox_sender.rs +++ b/hw-model/test-fw/mailbox_sender.rs @@ -50,7 +50,9 @@ extern "C" fn main() { let mut mbox = unsafe { MboxCsr::new() }; let mbox = mbox.regs_mut(); - soc_ifc.cptra_flow_status().write(|w| w.ready_for_fw(true)); + soc_ifc + .cptra_flow_status() + .write(|w| w.ready_for_mb_processing(true)); let mut response_iter = RESPONSES.iter().cycle(); loop { diff --git a/hw-model/types/src/lib.rs b/hw-model/types/src/lib.rs index 244aff9be3..b290bb6af0 100644 --- a/hw-model/types/src/lib.rs +++ b/hw-model/types/src/lib.rs @@ -14,9 +14,9 @@ use rand::{ // * The constant should be easily recognizable in waveforms and debug logs // * Every word must be different to ensure that a "stuck word" bug is noticed. // * Each byte in a word must be unique to ensure an endianness bug is noticed. -pub const DEFAULT_UDS_SEED: [u32; 12] = [ +pub const DEFAULT_UDS_SEED: [u32; 16] = [ 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f, 0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f, - 0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f, + 0x20212223, 0x24252627, 0x28292a2b, 0x2c2d2e2f, 0x30313233, 0x34353637, 0x38393a3b, 0x3c3d3e3f, ]; pub const DEFAULT_FIELD_ENTROPY: [u32; 8] = [ @@ -130,7 +130,6 @@ impl std::fmt::Debug for FusesWrapper { &HexSlice(&self.0.idevid_manuf_hsm_id), ) .field("life_cycle", &self.0.life_cycle) - .field("lms_verify", &self.0.lms_verify) .field("fuse_lms_revocation", &self.0.fuse_lms_revocation) .field("soc_stepping_id", &self.0.soc_stepping_id) .finish() diff --git a/hw/latest/adams-bridge b/hw/latest/adams-bridge deleted file mode 160000 index 861a9b9eb3..0000000000 --- a/hw/latest/adams-bridge +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 861a9b9eb3cf1c52094b1b1f4244173eb2b64e40 diff --git a/hw/latest/registers/src/axi_dma.rs b/hw/latest/registers/src/axi_dma.rs index a2ddda3645..e480946a79 100644 --- a/hw/latest/registers/src/axi_dma.rs +++ b/hw/latest/registers/src/axi_dma.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -1719,10 +1719,25 @@ pub mod regs { pub fn axi_dma_fsm_ps(&self) -> super::enums::AxiDmaFsmE { super::enums::AxiDmaFsmE::try_from((self.0 >> 16) & 3).unwrap() } + /// Payload Available. Signal indicates data is available. + /// When the DMA is active and was armed with nonzero block + /// size, this is used by the hardware to automatically + /// trigger AXI transactions of the specified block + /// size, until the total byte count is transferred. + #[inline(always)] + pub fn payload_available(&self) -> bool { + ((self.0 >> 18) & 1) != 0 + } + /// Image Activated. Signal indicates image activation status + /// reported by Recovery Interface (from Caliptra Subsystem). + #[inline(always)] + pub fn image_activated(&self) -> bool { + ((self.0 >> 19) & 1) != 0 + } /// RESERVED. #[inline(always)] pub fn rsvd1(&self) -> u32 { - (self.0 >> 18) & 0x3fff + (self.0 >> 20) & 0xfff } } impl From for Status0ReadVal { diff --git a/hw/latest/registers/src/csrng.rs b/hw/latest/registers/src/csrng.rs index 7342ca5f88..b6f5a5f05a 100644 --- a/hw/latest/registers/src/csrng.rs +++ b/hw/latest/registers/src/csrng.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/doe.rs b/hw/latest/registers/src/doe.rs index 9843f8eaa2..887d9966f1 100644 --- a/hw/latest/registers/src/doe.rs +++ b/hw/latest/registers/src/doe.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/dv.rs b/hw/latest/registers/src/dv.rs index a567bcdd40..e1999ce222 100644 --- a/hw/latest/registers/src/dv.rs +++ b/hw/latest/registers/src/dv.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/ecc.rs b/hw/latest/registers/src/ecc.rs index c3f13f1333..65805bf7ba 100644 --- a/hw/latest/registers/src/ecc.rs +++ b/hw/latest/registers/src/ecc.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/el2_pic_ctrl.rs b/hw/latest/registers/src/el2_pic_ctrl.rs index ad65753e54..0d93abe5d5 100644 --- a/hw/latest/registers/src/el2_pic_ctrl.rs +++ b/hw/latest/registers/src/el2_pic_ctrl.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/entropy_src.rs b/hw/latest/registers/src/entropy_src.rs index cf5944d0fd..669e0289cc 100644 --- a/hw/latest/registers/src/entropy_src.rs +++ b/hw/latest/registers/src/entropy_src.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/hmac.rs b/hw/latest/registers/src/hmac.rs index 6b10f2e931..f54e403d70 100644 --- a/hw/latest/registers/src/hmac.rs +++ b/hw/latest/registers/src/hmac.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -697,10 +697,15 @@ pub mod regs { pub fn mode(self, val: bool) -> Self { Self((self.0 & !(1 << 3)) | (u32::from(val) << 3)) } + /// CSR Mode: Indicates to the HMAC512 core to use the CSR HMAC key + #[inline(always)] + pub fn csr_mode(self, val: bool) -> Self { + Self((self.0 & !(1 << 4)) | (u32::from(val) << 4)) + } /// Reserved #[inline(always)] pub fn reserved(self, val: bool) -> Self { - Self((self.0 & !(1 << 4)) | (u32::from(val) << 4)) + Self((self.0 & !(1 << 5)) | (u32::from(val) << 5)) } } impl From for Hmac512CtrlWriteVal { diff --git a/hw/latest/registers/src/i3ccsr.rs b/hw/latest/registers/src/i3ccsr.rs index 9c643394e6..d70156820c 100644 --- a/hw/latest/registers/src/i3ccsr.rs +++ b/hw/latest/registers/src/i3ccsr.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/kv.rs b/hw/latest/registers/src/kv.rs index fbbd58614b..2aacc599ad 100644 --- a/hw/latest/registers/src/kv.rs +++ b/hw/latest/registers/src/kv.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -77,7 +77,7 @@ impl RegisterBlock { /// /// Read value: [`kv::regs::KvctrlReadVal`]; Write value: [`kv::regs::KvctrlWriteVal`] #[inline(always)] - pub fn key_ctrl(&self) -> ureg::Array<32, ureg::RegRef> { + pub fn key_ctrl(&self) -> ureg::Array<24, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( self.ptr.wrapping_add(0 / core::mem::size_of::()), @@ -91,7 +91,7 @@ impl RegisterBlock { #[inline(always)] pub fn key_entry( &self, - ) -> ureg::Array<32, ureg::Array<12, ureg::RegRef>> { + ) -> ureg::Array<24, ureg::Array<16, ureg::RegRef>> { unsafe { ureg::Array::new_with_mmio( self.ptr.wrapping_add(0x600 / core::mem::size_of::()), @@ -200,7 +200,7 @@ pub mod regs { /// Destination valid bits stored as an array for ease of use in RTL. /// [br]dest_valid[0] = hmac_key_dest_valid /// [br]dest_valid[1] = hmac_block_dest_valid - /// [br]dest_valid[2] = sha_block_dest_valid + /// [br]dest_valid[2] = mldsa_seed_dest_valid /// [br]dest_valid[3] = ecc_pkey_dest_valid /// [br]dest_valid[4] = ecc_seed_dest_valid /// [br]dest_valid[5] = rsvd diff --git a/hw/latest/registers/src/lib.rs b/hw/latest/registers/src/lib.rs index f8866a2830..2f86558b38 100644 --- a/hw/latest/registers/src/lib.rs +++ b/hw/latest/registers/src/lib.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![no_std] #![allow(clippy::erasing_op)] @@ -141,9 +141,9 @@ pub mod regs { pub fn hmac_block_dest_valid(&self) -> bool { ((self.0 >> 7) & 1) != 0 } - /// Reserved field. No SHA key vault interface + /// MLDSA_SEED is a valid destination #[inline(always)] - pub fn sha_block_dest_valid(&self) -> bool { + pub fn mldsa_seed_dest_valid(&self) -> bool { ((self.0 >> 8) & 1) != 0 } /// ECC PKEY is a valid destination @@ -203,9 +203,9 @@ pub mod regs { pub fn hmac_block_dest_valid(self, val: bool) -> Self { Self((self.0 & !(1 << 7)) | (u32::from(val) << 7)) } - /// Reserved field. No SHA key vault interface + /// MLDSA_SEED is a valid destination #[inline(always)] - pub fn sha_block_dest_valid(self, val: bool) -> Self { + pub fn mldsa_seed_dest_valid(self, val: bool) -> Self { Self((self.0 & !(1 << 8)) | (u32::from(val) << 8)) } /// ECC PKEY is a valid destination diff --git a/hw/latest/registers/src/mbox.rs b/hw/latest/registers/src/mbox.rs index 0a670c3dc5..ac76836ef7 100644 --- a/hw/latest/registers/src/mbox.rs +++ b/hw/latest/registers/src/mbox.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -87,13 +87,13 @@ impl RegisterBlock { ) } } - /// Stores the AXI ID that locked the mailbox + /// Stores the AXI USER that locked the mailbox /// [br]Caliptra Access: RO /// [br]SOC Access: RO /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn id(&self) -> ureg::RegRef { + pub fn user(&self) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(4 / core::mem::size_of::()), @@ -118,7 +118,7 @@ impl RegisterBlock { /// Data length for mailbox access in bytes /// [br]Caliptra Access: RW /// [br]SOC Access: RW - /// [br]TAP Access [in debug/manuf mode]: RO + /// [br]TAP Access [in debug/manuf mode]: RW /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] @@ -133,6 +133,7 @@ impl RegisterBlock { /// Data in register, write the next data to mailbox /// [br]Caliptra Access: RW /// [br]SOC Access: RW + /// [br]TAP Access [in debug/manuf mode]: WO /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] @@ -199,6 +200,20 @@ impl RegisterBlock { ) } } + /// Capability for uC to enable TAP logic to respond to mailbox commands. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// + /// Read value: [`mbox::regs::TapModeReadVal`]; Write value: [`mbox::regs::TapModeWriteVal`] + #[inline(always)] + pub fn tap_mode(&self) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x24 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } } pub mod regs { //! Types that represent the values held by registers. @@ -376,6 +391,53 @@ pub mod regs { } } #[derive(Clone, Copy)] + pub struct TapModeReadVal(u32); + impl TapModeReadVal { + /// + #[inline(always)] + pub fn enabled(&self) -> bool { + ((self.0 >> 0) & 1) != 0 + } + /// Construct a WriteVal that can be used to modify the contents of this register value. + #[inline(always)] + pub fn modify(self) -> TapModeWriteVal { + TapModeWriteVal(self.0) + } + } + impl From for TapModeReadVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: TapModeReadVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct TapModeWriteVal(u32); + impl TapModeWriteVal { + /// + #[inline(always)] + pub fn enabled(self, val: bool) -> Self { + Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) + } + } + impl From for TapModeWriteVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: TapModeWriteVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] pub struct UnlockReadVal(u32); impl UnlockReadVal { /// @@ -593,7 +655,7 @@ pub mod enums { pub mod meta { //! Additional metadata needed by ureg. pub type Lock = ureg::ReadOnlyReg32; - pub type Id = ureg::ReadOnlyReg32; + pub type User = ureg::ReadOnlyReg32; pub type Cmd = ureg::ReadWriteReg32<0, u32, u32>; pub type Dlen = ureg::ReadWriteReg32<0, u32, u32>; pub type Datain = ureg::ReadWriteReg32<0, u32, u32>; @@ -613,4 +675,9 @@ pub mod meta { crate::mbox::regs::UnlockReadVal, crate::mbox::regs::UnlockWriteVal, >; + pub type TapMode = ureg::ReadWriteReg32< + 0, + crate::mbox::regs::TapModeReadVal, + crate::mbox::regs::TapModeWriteVal, + >; } diff --git a/hw/latest/registers/src/mbox_sram.rs b/hw/latest/registers/src/mbox_sram.rs index 71571c0ea1..70de58b297 100644 --- a/hw/latest/registers/src/mbox_sram.rs +++ b/hw/latest/registers/src/mbox_sram.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/mldsa.rs b/hw/latest/registers/src/mldsa.rs index 32d0f3ae71..cf14306c9d 100644 --- a/hw/latest/registers/src/mldsa.rs +++ b/hw/latest/registers/src/mldsa.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/pv.rs b/hw/latest/registers/src/pv.rs index 8e72013e4a..03e4b30a13 100644 --- a/hw/latest/registers/src/pv.rs +++ b/hw/latest/registers/src/pv.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/sha256.rs b/hw/latest/registers/src/sha256.rs index c08b9efb19..1b66d53315 100644 --- a/hw/latest/registers/src/sha256.rs +++ b/hw/latest/registers/src/sha256.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/sha512.rs b/hw/latest/registers/src/sha512.rs index 5cb33d0989..3e5dbeeb30 100644 --- a/hw/latest/registers/src/sha512.rs +++ b/hw/latest/registers/src/sha512.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/registers/src/sha512_acc.rs b/hw/latest/registers/src/sha512_acc.rs index f281b172fb..c63838684c 100644 --- a/hw/latest/registers/src/sha512_acc.rs +++ b/hw/latest/registers/src/sha512_acc.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -87,13 +87,13 @@ impl RegisterBlock { ) } } - /// Stores the AXI ID that locked the SHA + /// Stores the AXI USER that locked the SHA /// [br]Caliptra Access: RO /// [br]SOC Access: RO /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn id(&self) -> ureg::RegRef { + pub fn user(&self) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(4 / core::mem::size_of::()), @@ -1398,7 +1398,7 @@ pub mod meta { crate::sha512_acc::regs::LockReadVal, crate::sha512_acc::regs::LockWriteVal, >; - pub type Id = ureg::ReadOnlyReg32; + pub type User = ureg::ReadOnlyReg32; pub type Mode = ureg::ReadWriteReg32< 0, crate::sha512_acc::regs::ModeReadVal, diff --git a/hw/latest/registers/src/soc_ifc.rs b/hw/latest/registers/src/soc_ifc.rs index 4fc16d4cc8..9bec9d1320 100644 --- a/hw/latest/registers/src/soc_ifc.rs +++ b/hw/latest/registers/src/soc_ifc.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] @@ -287,16 +287,16 @@ impl RegisterBlock { ) } } - /// Valid AXI ID attributes for requests from SoC AXI Interface. Only valid once LOCK is set. + /// Valid AXI USER attributes for requests from SoC AXI Interface. Only valid once LOCK is set. /// [br]Caliptra Access: RW /// [br]SOC Access: RW - /// Read-Only once locked by AXI_ID_LOCK. + /// Read-Only once locked by AXI_USER_LOCK. /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn cptra_mbox_valid_axi_id( + pub fn cptra_mbox_valid_axi_user( &self, - ) -> ureg::Array<5, ureg::RegRef> { + ) -> ureg::Array<5, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( self.ptr.wrapping_add(0x48 / core::mem::size_of::()), @@ -304,18 +304,18 @@ impl RegisterBlock { ) } } - /// Valid AXI_ID attributes for requests from SoC AXI Interface. - /// [br]Each bit corresponds to locking the associated MBOX_VALID_AXI_ID register. - /// [br]Associated MBOX_VALID_AXI_ID register is only valid once locked by this bit. + /// Valid AXI_USER attributes for requests from SoC AXI Interface. + /// [br]Each bit corresponds to locking the associated MBOX_VALID_AXI_USER register. + /// [br]Associated MBOX_VALID_AXI_USER register is only valid once locked by this bit. /// [br]Caliptra Access: RW /// [br]SOC Access: RW /// [br]Read-Only once locked. /// - /// Read value: [`soc_ifc::regs::CptraXxxxAxiIdLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiIdLockWriteVal`] + /// Read value: [`soc_ifc::regs::CptraXxxxAxiUserLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiUserLockWriteVal`] #[inline(always)] - pub fn cptra_mbox_axi_id_lock( + pub fn cptra_mbox_axi_user_lock( &self, - ) -> ureg::Array<5, ureg::RegRef> { + ) -> ureg::Array<5, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( self.ptr.wrapping_add(0x5c / core::mem::size_of::()), @@ -323,16 +323,16 @@ impl RegisterBlock { ) } } - /// Valid AXI ID attributes for TRNG on SoC AXI Interface. Only valid once LOCK is set. + /// Valid AXI USER attributes for TRNG on SoC AXI Interface. Only valid once LOCK is set. /// [br]Caliptra Access: RW /// [br]SOC Access: RW - /// [br]Read-Only once locked by TRNG_AXI_ID_LOCK. + /// [br]Read-Only once locked by TRNG_AXI_USER_LOCK. /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn cptra_trng_valid_axi_id( + pub fn cptra_trng_valid_axi_user( &self, - ) -> ureg::RegRef { + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(0x70 / core::mem::size_of::()), @@ -340,19 +340,19 @@ impl RegisterBlock { ) } } - /// Valid AXI ID attributes for requests from SoC AXI Interface. - /// [br]Each bit corresponds to locking the associated TRNG_VALID_AXI_ID register. - /// [br]Associated TRNG_VALID_AXI_ID register is only valid once locked by this bit. + /// Valid AXI USER attributes for requests from SoC AXI Interface. + /// [br]Each bit corresponds to locking the associated TRNG_VALID_AXI_USER register. + /// [br]Associated TRNG_VALID_AXI_USER register is only valid once locked by this bit. /// [br]Caliptra FW RW access for survivability but cannot unlock once locked /// [br]Caliptra Access: RW /// [br]SOC Access: RW /// [br]Read-Only once locked. /// - /// Read value: [`soc_ifc::regs::CptraXxxxAxiIdLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiIdLockWriteVal`] + /// Read value: [`soc_ifc::regs::CptraXxxxAxiUserLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiUserLockWriteVal`] #[inline(always)] - pub fn cptra_trng_axi_id_lock( + pub fn cptra_trng_axi_user_lock( &self, - ) -> ureg::RegRef { + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(0x74 / core::mem::size_of::()), @@ -652,16 +652,16 @@ impl RegisterBlock { ) } } - /// Valid AXI ID attributes for FUSE on SoC AXI Interface. Only valid once LOCK is set. + /// Valid AXI USER attributes for FUSE on SoC AXI Interface. Only valid once LOCK is set. /// [br]Caliptra Access: RW /// [br]SOC Access: RW - /// [br]Read-Only once locked by FUSE_AXI_ID_LOCK. + /// [br]Read-Only once locked by FUSE_AXI_USER_LOCK. /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn cptra_fuse_valid_axi_id( + pub fn cptra_fuse_valid_axi_user( &self, - ) -> ureg::RegRef { + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(0x108 / core::mem::size_of::()), @@ -669,19 +669,19 @@ impl RegisterBlock { ) } } - /// Valid AXI_ID attributes for requests from SoC AXI Interface. - /// [br]Each bit corresponds to locking the associated FUSE_VALID_AXI_ID register. - /// [br]Associated FUSE_VALID_AXI_ID register is only valid once locked by this bit. + /// Valid AXI_USER attributes for requests from SoC AXI Interface. + /// [br]Each bit corresponds to locking the associated FUSE_VALID_AXI_USER register. + /// [br]Associated FUSE_VALID_AXI_USER register is only valid once locked by this bit. /// [br]Caliptra FW RW access for survivability but cannot unlock once locked /// [br]Caliptra Access: RW /// [br]SOC Access: RW /// [br]Read-Only once locked. /// - /// Read value: [`soc_ifc::regs::CptraXxxxAxiIdLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiIdLockWriteVal`] + /// Read value: [`soc_ifc::regs::CptraXxxxAxiUserLockReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxAxiUserLockWriteVal`] #[inline(always)] - pub fn cptra_fuse_axi_id_lock( + pub fn cptra_fuse_axi_user_lock( &self, - ) -> ureg::RegRef { + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( self.ptr.wrapping_add(0x10c / core::mem::size_of::()), @@ -753,6 +753,88 @@ impl RegisterBlock { ) } } + /// Caliptra HW Capabilities. Initialized with reset values, rewritable by Caliptra firmware. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]Read-only once locked. + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn cptra_hw_capabilities( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x128 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Caliptra FW Capabilities. Initialized with reset values, rewritable by Caliptra firmware. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]Read-only once locked. + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn cptra_fw_capabilities( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x12c / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Lock register to disable further firmware modifications to capabilities registers. + /// [br]Once set, this register may not be cleared until a warm reset. If set, the values in CPTRA_HW_CAPABILITIES and CPTRA_FW_CAPABILITIES may not be modified. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]Read-only once locked. + /// + /// Read value: [`soc_ifc::regs::CptraXxxxxxxkReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxxxxkWriteVal`] + #[inline(always)] + pub fn cptra_cap_lock(&self) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x130 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Owner PK hash lockable register. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn cptra_owner_pk_hash( + &self, + ) -> ureg::Array<12, ureg::RegRef> { + unsafe { + ureg::Array::new_with_mmio( + self.ptr.wrapping_add(0x140 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Owner PK hash register lock. Locks further writes to Owner PK hash register. Reset only by power cycle. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RW1-S + /// + /// Read value: [`soc_ifc::regs::CptraXxxxxxxkReadVal`]; Write value: [`soc_ifc::regs::CptraXxxxxxxkWriteVal`] + #[inline(always)] + pub fn cptra_owner_pk_hash_lock( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x170 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } /// Obfuscated UDS. /// [br]Caliptra Access: - /// [br]SOC Access: WL-S @@ -761,7 +843,7 @@ impl RegisterBlock { #[inline(always)] pub fn fuse_uds_seed( &self, - ) -> ureg::Array<12, ureg::RegRef> { + ) -> ureg::Array<16, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( self.ptr.wrapping_add(0x200 / core::mem::size_of::()), @@ -780,7 +862,7 @@ impl RegisterBlock { ) -> ureg::Array<8, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( - self.ptr.wrapping_add(0x230 / core::mem::size_of::()), + self.ptr.wrapping_add(0x240 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } @@ -796,39 +878,23 @@ impl RegisterBlock { ) -> ureg::Array<12, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( - self.ptr.wrapping_add(0x250 / core::mem::size_of::()), + self.ptr.wrapping_add(0x260 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } } - /// Key Manifest Mask Fuse. - /// [br]Caliptra Access: RO - /// [br]SOC Access: RWL-S - /// - /// Read value: [`soc_ifc::regs::FuseKeyManifestPkHashMaskReadVal`]; Write value: [`soc_ifc::regs::FuseKeyManifestPkHashMaskWriteVal`] - #[inline(always)] - pub fn fuse_key_manifest_pk_hash_mask( - &self, - ) -> ureg::RegRef { - unsafe { - ureg::RegRef::new_with_mmio( - self.ptr.wrapping_add(0x280 / core::mem::size_of::()), - core::borrow::Borrow::borrow(&self.mmio), - ) - } - } - /// Owner PK hash Fuse. + /// Key Manifest Mask Fuse (ECC Revocation). /// [br]Caliptra Access: RO /// [br]SOC Access: RWL-S /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn fuse_owner_pk_hash( + pub fn fuse_key_manifest_pk_hash_mask( &self, - ) -> ureg::Array<12, ureg::RegRef> { + ) -> ureg::Array<8, ureg::RegRef> { unsafe { ureg::Array::new_with_mmio( - self.ptr.wrapping_add(0x284 / core::mem::size_of::()), + self.ptr.wrapping_add(0x290 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } @@ -913,62 +979,381 @@ impl RegisterBlock { ) } } - /// Caliptra Boot Media Integrated mode usage only. SOCs that build with a Boot Media Independent profile don’t have to account for these fuses. + /// One-hot encoded list of revoked Vendor LMS Public Keys (up to 32 keys) /// [br]Caliptra Access: RO /// [br]SOC Access: RWL-S /// - /// Read value: [`soc_ifc::regs::FuseLifeCycleReadVal`]; Write value: [`soc_ifc::regs::FuseLifeCycleWriteVal`] + /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn fuse_life_cycle(&self) -> ureg::RegRef { + pub fn fuse_lms_revocation( + &self, + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( - self.ptr.wrapping_add(0x33c / core::mem::size_of::()), + self.ptr.wrapping_add(0x340 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } } - /// 0 - Verify Caliptra firmware images with ECDSA-only; 1 - Verify Caliptra firmware images with both ECDSA and LMS + /// One-hot encoded list of revoked Vendor MLDSA Public Keys (up to 4 keys) /// [br]Caliptra Access: RO /// [br]SOC Access: RWL-S /// - /// Read value: [`soc_ifc::regs::FuseLmsVerifyReadVal`]; Write value: [`soc_ifc::regs::FuseLmsVerifyWriteVal`] + /// Read value: [`soc_ifc::regs::FuseMldsaRevocationReadVal`]; Write value: [`soc_ifc::regs::FuseMldsaRevocationWriteVal`] #[inline(always)] - pub fn fuse_lms_verify(&self) -> ureg::RegRef { + pub fn fuse_mldsa_revocation( + &self, + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( - self.ptr.wrapping_add(0x340 / core::mem::size_of::()), + self.ptr.wrapping_add(0x344 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } } - /// Bits for revoking LMS public keys in the key manifest + /// SOC stepping ID + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`soc_ifc::regs::FuseSocSteppingIdReadVal`]; Write value: [`soc_ifc::regs::FuseSocSteppingIdWriteVal`] + #[inline(always)] + pub fn fuse_soc_stepping_id( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x348 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Manufacturing debug unlock token /// [br]Caliptra Access: RO /// [br]SOC Access: RWL-S /// /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn fuse_lms_revocation( + pub fn fuse_manuf_dbg_unlock_token( &self, - ) -> ureg::RegRef { + ) -> ureg::Array<4, ureg::RegRef> { + unsafe { + ureg::Array::new_with_mmio( + self.ptr.wrapping_add(0x34c / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem Caliptra Base Address Lower 32 bits (from AXI). + /// [br]Indicates base address of Caliptra register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_caliptra_base_addr_l( + &self, + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( - self.ptr.wrapping_add(0x344 / core::mem::size_of::()), + self.ptr.wrapping_add(0x500 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } } - /// SOC stepping ID + /// Subsystem Caliptra Base Address Upper 32 bits (from AXI). + /// [br]Indicates base address of Caliptra register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. /// [br]Caliptra Access: RO /// [br]SOC Access: RWL-S /// - /// Read value: [`soc_ifc::regs::FuseSocSteppingIdReadVal`]; Write value: [`soc_ifc::regs::FuseSocSteppingIdWriteVal`] + /// Read value: [`u32`]; Write value: [`u32`] #[inline(always)] - pub fn fuse_soc_stepping_id( + pub fn ss_caliptra_base_addr_h( &self, - ) -> ureg::RegRef { + ) -> ureg::RegRef { unsafe { ureg::RegRef::new_with_mmio( - self.ptr.wrapping_add(0x348 / core::mem::size_of::()), + self.ptr.wrapping_add(0x504 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem MCI Base Address Lower 32 bits (from AXI). + /// [br]Indicates base address of MCI register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_mci_base_addr_l(&self) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x508 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem MCI Base Address Upper 32 bits (from AXI). + /// [br]Indicates base address of MCI register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_mci_base_addr_h(&self) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x50c / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem Recovery Interface Base Address Lower 32 bits (from AXI). + /// [br]Indicates base address of OCP Recovery Interface register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_recovery_ifc_base_addr_l( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x510 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem Recovery Interface Base Address Upper 32 bits (from AXI). + /// [br]Indicates base address of OCP Recovery Interface register set from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_recovery_ifc_base_addr_h( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x514 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem Fuse Controller Base Address Lower 32 bits (from AXI). + /// [br]Indicates base address of OTP Fuse Controller from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_otp_fc_base_addr_l( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x518 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem Fuse Controller Base Address Upper 32 bits (from AXI). + /// [br]Indicates base address of OTP Fuse Controller from AXI fabric. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_otp_fc_base_addr_h( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x51c / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem UDS Seed Destination Base Address Lower 32 bits (from AXI). Used as the write address when programming the UDS seed during manufacturing. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_uds_seed_base_addr_l( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x520 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Subsystem UDS Seed Destination Base Address Upper 32 bits (from AXI). Used as the write address when programming the UDS seed during manufacturing. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_uds_seed_base_addr_h( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x524 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Provides an offset in the destination register bank at which a set of Public Key Hashes may be found. The number of hashes available at this offset is indicated by + /// SS_NUM_OF_PROD_DEBUG_UNLOCK_AUTH_PK_HASHES. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_prod_debug_unlock_auth_pk_hash_reg_bank_offset( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x528 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Provides the number of Public Key Hashes that may be found at the offset in the destination register bank, specified in SS_PROD_DEBUG_UNLOCK_AUTH_PK_HASH_REG_BANK_OFFSET. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_num_of_prod_debug_unlock_auth_pk_hashes( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x52c / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Strap from SoC in Subsystem configuration that indicates if this boot cycle will be used for debug. In passive mode this register always reflects a value of 0. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RO + /// [br]TAP Access [in debug/manuf mode]: RW + /// + /// Read value: [`soc_ifc::regs::SsDebugIntentReadVal`]; Write value: [`soc_ifc::regs::SsDebugIntentWriteVal`] + #[inline(always)] + pub fn ss_debug_intent(&self) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x530 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Straps reserved for late-binding features for survivability. + /// [br]Strap that is initialized from Caliptra input port at cptra_pwrgood deassertion. May be overwritten by SoC prior to CPTRA_FUSE_WR_DONE. Locked by CPTRA_FUSE_WR_DONE. + /// [br]Caliptra Access: RO + /// [br]SOC Access: RWL-S + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_strap_generic( + &self, + ) -> ureg::Array<4, ureg::RegRef> { + unsafe { + ureg::Array::new_with_mmio( + self.ptr.wrapping_add(0x5a0 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// JTAG in debug/manuf mode or SOC can write to this register for ROM/FW defined skips or services. + /// [br]This register is used to support Subsystem flows, and is disabled in Caliptra passive mode. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RW + /// [br]TAP Access [in debug/manuf mode]: RW + /// + /// Read value: [`soc_ifc::regs::SsDbgManufServiceRegReqReadVal`]; Write value: [`soc_ifc::regs::SsDbgManufServiceRegReqWriteVal`] + #[inline(always)] + pub fn ss_dbg_manuf_service_reg_req( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x5c0 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// JTAG in debug/manuf mode or SOC can read from this register for ROM/FW defined skips or services. + /// [br]This register is used to support Subsystem flows, and is disabled in Caliptra passive mode. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]TAP Access [in debug/manuf mode]: RO + /// + /// Read value: [`soc_ifc::regs::SsDbgManufServiceRegRspReadVal`]; Write value: [`soc_ifc::regs::SsDbgManufServiceRegRspWriteVal`] + #[inline(always)] + pub fn ss_dbg_manuf_service_reg_rsp( + &self, + ) -> ureg::RegRef { + unsafe { + ureg::RegRef::new_with_mmio( + self.ptr.wrapping_add(0x5c4 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Individual bits indicating debug unlock level to multiple SoC endpoints. Writable only for Caliptra, and only when DEBUG_INTENT is set to 1. + /// [br]This register is used to support Subsystem flows, and is disabled in Caliptra passive mode. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]TAP Access [in debug/manuf mode]: RO + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_soc_dbg_unlock_level( + &self, + ) -> ureg::Array<2, ureg::RegRef> { + unsafe { + ureg::Array::new_with_mmio( + self.ptr.wrapping_add(0x5c8 / core::mem::size_of::()), + core::borrow::Borrow::borrow(&self.mmio), + ) + } + } + /// Each bit may be optionally routed to a unique SoC core that requires a hardware enforced execution enablement. + /// For example, this bit may be used to block execution access to an instruction memory containing firmware updates. + /// Bits 0/1 are reserved. Bit 2 controls the MCU from the Caliptra Subsystem. All other bits are integrator-defined. + /// [br]These bits are only writable for Caliptra firmware. + /// [br]Caliptra Access: RW + /// [br]SOC Access: RO + /// [br]TAP Access [in debug/manuf mode]: RO + /// + /// Read value: [`u32`]; Write value: [`u32`] + #[inline(always)] + pub fn ss_generic_fw_exec_ctrl( + &self, + ) -> ureg::Array<4, ureg::RegRef> { + unsafe { + ureg::Array::new_with_mmio( + self.ptr.wrapping_add(0x5d0 / core::mem::size_of::()), core::borrow::Borrow::borrow(&self.mmio), ) } @@ -2095,9 +2480,9 @@ pub mod regs { pub fn boot_fsm_ps(&self) -> u32 { (self.0 >> 25) & 7 } - /// Indicates Caliptra is ready for Firmware Download + /// Indicates Caliptra is ready for Mailbox operations #[inline(always)] - pub fn ready_for_fw(&self) -> bool { + pub fn ready_for_mb_processing(&self) -> bool { ((self.0 >> 28) & 1) != 0 } /// Indicates Caliptra is ready for RT flows @@ -2147,9 +2532,9 @@ pub mod regs { pub fn idevid_csr_ready(self, val: bool) -> Self { Self((self.0 & !(1 << 24)) | (u32::from(val) << 24)) } - /// Indicates Caliptra is ready for Firmware Download + /// Indicates Caliptra is ready for Mailbox operations #[inline(always)] - pub fn ready_for_fw(self, val: bool) -> Self { + pub fn ready_for_mb_processing(self, val: bool) -> Self { Self((self.0 & !(1 << 28)) | (u32::from(val) << 28)) } /// Indicates Caliptra is ready for RT flows @@ -2232,23 +2617,18 @@ pub mod regs { } /// #[inline(always)] - pub fn qspi_en(&self) -> bool { - ((self.0 >> 1) & 1) != 0 - } - /// - #[inline(always)] - pub fn i3c_en(&self) -> bool { - ((self.0 >> 2) & 1) != 0 + pub fn rsvd_en(&self) -> u32 { + (self.0 >> 1) & 7 } /// #[inline(always)] - pub fn uart_en(&self) -> bool { - ((self.0 >> 3) & 1) != 0 + pub fn lms_acc_en(&self) -> bool { + ((self.0 >> 4) & 1) != 0 } /// #[inline(always)] - pub fn lms_acc_en(&self) -> bool { - ((self.0 >> 4) & 1) != 0 + pub fn active_mode_en(&self) -> bool { + ((self.0 >> 5) & 1) != 0 } } impl From for CptraHwConfigReadVal { @@ -2286,6 +2666,11 @@ pub mod regs { pub fn crypto_err(&self) -> bool { ((self.0 >> 3) & 1) != 0 } + /// + #[inline(always)] + pub fn rsvd(&self) -> u32 { + (self.0 >> 4) & 0xfffffff + } /// Construct a WriteVal that can be used to modify the contents of this register value. #[inline(always)] pub fn modify(self) -> CptraHwErrorFatalWriteVal { @@ -2358,6 +2743,11 @@ pub mod regs { pub fn mbox_ecc_unc(&self) -> bool { ((self.0 >> 2) & 1) != 0 } + /// + #[inline(always)] + pub fn rsvd(&self) -> u32 { + (self.0 >> 3) & 0x1fffffff + } /// Construct a WriteVal that can be used to modify the contents of this register value. #[inline(always)] pub fn modify(self) -> CptraHwErrorNonFatalWriteVal { @@ -2796,8 +3186,55 @@ pub mod regs { } } #[derive(Clone, Copy)] - pub struct CptraXxxxAxiIdLockReadVal(u32); - impl CptraXxxxAxiIdLockReadVal { + pub struct CptraXxxxxxxkReadVal(u32); + impl CptraXxxxxxxkReadVal { + /// + #[inline(always)] + pub fn lock(&self) -> bool { + ((self.0 >> 0) & 1) != 0 + } + /// Construct a WriteVal that can be used to modify the contents of this register value. + #[inline(always)] + pub fn modify(self) -> CptraXxxxxxxkWriteVal { + CptraXxxxxxxkWriteVal(self.0) + } + } + impl From for CptraXxxxxxxkReadVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: CptraXxxxxxxkReadVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct CptraXxxxxxxkWriteVal(u32); + impl CptraXxxxxxxkWriteVal { + /// + #[inline(always)] + pub fn lock(self, val: bool) -> Self { + Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) + } + } + impl From for CptraXxxxxxxkWriteVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: CptraXxxxxxxkWriteVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct CptraXxxxAxiUserLockReadVal(u32); + impl CptraXxxxAxiUserLockReadVal { /// #[inline(always)] pub fn lock(&self) -> bool { @@ -2805,40 +3242,40 @@ pub mod regs { } /// Construct a WriteVal that can be used to modify the contents of this register value. #[inline(always)] - pub fn modify(self) -> CptraXxxxAxiIdLockWriteVal { - CptraXxxxAxiIdLockWriteVal(self.0) + pub fn modify(self) -> CptraXxxxAxiUserLockWriteVal { + CptraXxxxAxiUserLockWriteVal(self.0) } } - impl From for CptraXxxxAxiIdLockReadVal { + impl From for CptraXxxxAxiUserLockReadVal { #[inline(always)] fn from(val: u32) -> Self { Self(val) } } - impl From for u32 { + impl From for u32 { #[inline(always)] - fn from(val: CptraXxxxAxiIdLockReadVal) -> u32 { + fn from(val: CptraXxxxAxiUserLockReadVal) -> u32 { val.0 } } #[derive(Clone, Copy)] - pub struct CptraXxxxAxiIdLockWriteVal(u32); - impl CptraXxxxAxiIdLockWriteVal { + pub struct CptraXxxxAxiUserLockWriteVal(u32); + impl CptraXxxxAxiUserLockWriteVal { /// #[inline(always)] pub fn lock(self, val: bool) -> Self { Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) } } - impl From for CptraXxxxAxiIdLockWriteVal { + impl From for CptraXxxxAxiUserLockWriteVal { #[inline(always)] fn from(val: u32) -> Self { Self(val) } } - impl From for u32 { + impl From for u32 { #[inline(always)] - fn from(val: CptraXxxxAxiIdLockWriteVal) -> u32 { + fn from(val: CptraXxxxAxiUserLockWriteVal) -> u32 { val.0 } } @@ -2957,6 +3394,231 @@ pub mod regs { } } #[derive(Clone, Copy)] + pub struct SsDbgManufServiceRegReqReadVal(u32); + impl SsDbgManufServiceRegReqReadVal { + /// Manufacturing debug unlock request. Only writable when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_req(&self) -> bool { + ((self.0 >> 0) & 1) != 0 + } + /// Production debug unlock request. Only writable when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_req(&self) -> bool { + ((self.0 >> 1) & 1) != 0 + } + /// UDS programming request. + #[inline(always)] + pub fn uds_program_req(&self) -> bool { + ((self.0 >> 2) & 1) != 0 + } + /// RSVD + #[inline(always)] + pub fn rsvd(&self) -> u32 { + (self.0 >> 3) & 0x1fffffff + } + /// Construct a WriteVal that can be used to modify the contents of this register value. + #[inline(always)] + pub fn modify(self) -> SsDbgManufServiceRegReqWriteVal { + SsDbgManufServiceRegReqWriteVal(self.0) + } + } + impl From for SsDbgManufServiceRegReqReadVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: SsDbgManufServiceRegReqReadVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct SsDbgManufServiceRegReqWriteVal(u32); + impl SsDbgManufServiceRegReqWriteVal { + /// Manufacturing debug unlock request. Only writable when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_req(self, val: bool) -> Self { + Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) + } + /// Production debug unlock request. Only writable when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_req(self, val: bool) -> Self { + Self((self.0 & !(1 << 1)) | (u32::from(val) << 1)) + } + /// UDS programming request. + #[inline(always)] + pub fn uds_program_req(self, val: bool) -> Self { + Self((self.0 & !(1 << 2)) | (u32::from(val) << 2)) + } + } + impl From for SsDbgManufServiceRegReqWriteVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: SsDbgManufServiceRegReqWriteVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct SsDbgManufServiceRegRspReadVal(u32); + impl SsDbgManufServiceRegRspReadVal { + /// Manufacturing debug unlock was successful. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. Sticky once set, until warm reset. + #[inline(always)] + pub fn manuf_dbg_unlock_success(&self) -> bool { + ((self.0 >> 0) & 1) != 0 + } + /// Manufacturing debug unlock failed. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_fail(&self) -> bool { + ((self.0 >> 1) & 1) != 0 + } + /// Manufacturing debug unlock is in progress. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_in_progress(&self) -> bool { + ((self.0 >> 2) & 1) != 0 + } + /// Production debug unlock was successful. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. Sticky once set, until warm reset. + #[inline(always)] + pub fn prod_dbg_unlock_success(&self) -> bool { + ((self.0 >> 3) & 1) != 0 + } + /// Production debug unlock failed. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_fail(&self) -> bool { + ((self.0 >> 4) & 1) != 0 + } + /// Production debug unlock is in progress. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_in_progress(&self) -> bool { + ((self.0 >> 5) & 1) != 0 + } + /// UDS Programming was successful. Only writable by Caliptra. Sticky once set, until warm reset. + #[inline(always)] + pub fn uds_program_success(&self) -> bool { + ((self.0 >> 6) & 1) != 0 + } + /// UDS Programming failed. Only writable by Caliptra. + #[inline(always)] + pub fn uds_program_fail(&self) -> bool { + ((self.0 >> 7) & 1) != 0 + } + /// UDS Programming is in progress. Only writable by Caliptra. + #[inline(always)] + pub fn uds_program_in_progress(&self) -> bool { + ((self.0 >> 8) & 1) != 0 + } + /// RSVD + #[inline(always)] + pub fn rsvd(&self) -> u32 { + (self.0 >> 9) & 0x7fffff + } + /// Construct a WriteVal that can be used to modify the contents of this register value. + #[inline(always)] + pub fn modify(self) -> SsDbgManufServiceRegRspWriteVal { + SsDbgManufServiceRegRspWriteVal(self.0) + } + } + impl From for SsDbgManufServiceRegRspReadVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: SsDbgManufServiceRegRspReadVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct SsDbgManufServiceRegRspWriteVal(u32); + impl SsDbgManufServiceRegRspWriteVal { + /// Manufacturing debug unlock was successful. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. Sticky once set, until warm reset. + #[inline(always)] + pub fn manuf_dbg_unlock_success(self, val: bool) -> Self { + Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) + } + /// Manufacturing debug unlock failed. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_fail(self, val: bool) -> Self { + Self((self.0 & !(1 << 1)) | (u32::from(val) << 1)) + } + /// Manufacturing debug unlock is in progress. Only writable by Caliptra, and only when lifecycle state is MANUFACTURING and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn manuf_dbg_unlock_in_progress(self, val: bool) -> Self { + Self((self.0 & !(1 << 2)) | (u32::from(val) << 2)) + } + /// Production debug unlock was successful. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. Sticky once set, until warm reset. + #[inline(always)] + pub fn prod_dbg_unlock_success(self, val: bool) -> Self { + Self((self.0 & !(1 << 3)) | (u32::from(val) << 3)) + } + /// Production debug unlock failed. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_fail(self, val: bool) -> Self { + Self((self.0 & !(1 << 4)) | (u32::from(val) << 4)) + } + /// Production debug unlock is in progress. Only writable by Caliptra, and only when lifecycle state is PRODUCTION and DEBUG_INTENT strap is set to 1. + #[inline(always)] + pub fn prod_dbg_unlock_in_progress(self, val: bool) -> Self { + Self((self.0 & !(1 << 5)) | (u32::from(val) << 5)) + } + /// UDS Programming was successful. Only writable by Caliptra. Sticky once set, until warm reset. + #[inline(always)] + pub fn uds_program_success(self, val: bool) -> Self { + Self((self.0 & !(1 << 6)) | (u32::from(val) << 6)) + } + /// UDS Programming failed. Only writable by Caliptra. + #[inline(always)] + pub fn uds_program_fail(self, val: bool) -> Self { + Self((self.0 & !(1 << 7)) | (u32::from(val) << 7)) + } + /// UDS Programming is in progress. Only writable by Caliptra. + #[inline(always)] + pub fn uds_program_in_progress(self, val: bool) -> Self { + Self((self.0 & !(1 << 8)) | (u32::from(val) << 8)) + } + } + impl From for SsDbgManufServiceRegRspWriteVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: SsDbgManufServiceRegRspWriteVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] + pub struct SsDebugIntentReadVal(u32); + impl SsDebugIntentReadVal { + /// + #[inline(always)] + pub fn debug_intent(&self) -> bool { + ((self.0 >> 0) & 1) != 0 + } + } + impl From for SsDebugIntentReadVal { + #[inline(always)] + fn from(val: u32) -> Self { + Self(val) + } + } + impl From for u32 { + #[inline(always)] + fn from(val: SsDebugIntentReadVal) -> u32 { + val.0 + } + } + #[derive(Clone, Copy)] pub struct ErrorIntrEnTReadVal(u32); impl ErrorIntrEnTReadVal { /// Enable bit for Internal Errors @@ -3355,143 +4017,49 @@ pub mod regs { } } #[derive(Clone, Copy)] - pub struct FuseKeyManifestPkHashMaskReadVal(u32); - impl FuseKeyManifestPkHashMaskReadVal { + pub struct FuseMldsaRevocationReadVal(u32); + impl FuseMldsaRevocationReadVal { /// #[inline(always)] - pub fn mask(&self) -> u32 { + pub fn mldsa_revocation(&self) -> u32 { (self.0 >> 0) & 0xf } /// Construct a WriteVal that can be used to modify the contents of this register value. #[inline(always)] - pub fn modify(self) -> FuseKeyManifestPkHashMaskWriteVal { - FuseKeyManifestPkHashMaskWriteVal(self.0) + pub fn modify(self) -> FuseMldsaRevocationWriteVal { + FuseMldsaRevocationWriteVal(self.0) } } - impl From for FuseKeyManifestPkHashMaskReadVal { + impl From for FuseMldsaRevocationReadVal { #[inline(always)] fn from(val: u32) -> Self { Self(val) } } - impl From for u32 { + impl From for u32 { #[inline(always)] - fn from(val: FuseKeyManifestPkHashMaskReadVal) -> u32 { + fn from(val: FuseMldsaRevocationReadVal) -> u32 { val.0 } } #[derive(Clone, Copy)] - pub struct FuseKeyManifestPkHashMaskWriteVal(u32); - impl FuseKeyManifestPkHashMaskWriteVal { + pub struct FuseMldsaRevocationWriteVal(u32); + impl FuseMldsaRevocationWriteVal { /// #[inline(always)] - pub fn mask(self, val: u32) -> Self { + pub fn mldsa_revocation(self, val: u32) -> Self { Self((self.0 & !(0xf << 0)) | ((val & 0xf) << 0)) } } - impl From for FuseKeyManifestPkHashMaskWriteVal { - #[inline(always)] - fn from(val: u32) -> Self { - Self(val) - } - } - impl From for u32 { - #[inline(always)] - fn from(val: FuseKeyManifestPkHashMaskWriteVal) -> u32 { - val.0 - } - } - #[derive(Clone, Copy)] - pub struct FuseLifeCycleReadVal(u32); - impl FuseLifeCycleReadVal { - /// - #[inline(always)] - pub fn life_cycle(&self) -> u32 { - (self.0 >> 0) & 3 - } - /// Construct a WriteVal that can be used to modify the contents of this register value. - #[inline(always)] - pub fn modify(self) -> FuseLifeCycleWriteVal { - FuseLifeCycleWriteVal(self.0) - } - } - impl From for FuseLifeCycleReadVal { - #[inline(always)] - fn from(val: u32) -> Self { - Self(val) - } - } - impl From for u32 { - #[inline(always)] - fn from(val: FuseLifeCycleReadVal) -> u32 { - val.0 - } - } - #[derive(Clone, Copy)] - pub struct FuseLifeCycleWriteVal(u32); - impl FuseLifeCycleWriteVal { - /// - #[inline(always)] - pub fn life_cycle(self, val: u32) -> Self { - Self((self.0 & !(3 << 0)) | ((val & 3) << 0)) - } - } - impl From for FuseLifeCycleWriteVal { - #[inline(always)] - fn from(val: u32) -> Self { - Self(val) - } - } - impl From for u32 { - #[inline(always)] - fn from(val: FuseLifeCycleWriteVal) -> u32 { - val.0 - } - } - #[derive(Clone, Copy)] - pub struct FuseLmsVerifyReadVal(u32); - impl FuseLmsVerifyReadVal { - /// - #[inline(always)] - pub fn lms_verify(&self) -> bool { - ((self.0 >> 0) & 1) != 0 - } - /// Construct a WriteVal that can be used to modify the contents of this register value. - #[inline(always)] - pub fn modify(self) -> FuseLmsVerifyWriteVal { - FuseLmsVerifyWriteVal(self.0) - } - } - impl From for FuseLmsVerifyReadVal { - #[inline(always)] - fn from(val: u32) -> Self { - Self(val) - } - } - impl From for u32 { - #[inline(always)] - fn from(val: FuseLmsVerifyReadVal) -> u32 { - val.0 - } - } - #[derive(Clone, Copy)] - pub struct FuseLmsVerifyWriteVal(u32); - impl FuseLmsVerifyWriteVal { - /// - #[inline(always)] - pub fn lms_verify(self, val: bool) -> Self { - Self((self.0 & !(1 << 0)) | (u32::from(val) << 0)) - } - } - impl From for FuseLmsVerifyWriteVal { + impl From for FuseMldsaRevocationWriteVal { #[inline(always)] fn from(val: u32) -> Self { Self(val) } } - impl From for u32 { + impl From for u32 { #[inline(always)] - fn from(val: FuseLmsVerifyWriteVal) -> u32 { + fn from(val: FuseMldsaRevocationWriteVal) -> u32 { val.0 } } @@ -4198,17 +4766,17 @@ pub mod meta { pub type CptraResetReason = ureg::ReadOnlyReg32; pub type CptraSecurityState = ureg::ReadOnlyReg32; - pub type CptraMboxValidAxiId = ureg::ReadWriteReg32<0xffffffff, u32, u32>; - pub type CptraMboxAxiIdLock = ureg::ReadWriteReg32< + pub type CptraMboxValidAxiUser = ureg::ReadWriteReg32<0xffffffff, u32, u32>; + pub type CptraMboxAxiUserLock = ureg::ReadWriteReg32< 0, - crate::soc_ifc::regs::CptraXxxxAxiIdLockReadVal, - crate::soc_ifc::regs::CptraXxxxAxiIdLockWriteVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockReadVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockWriteVal, >; - pub type CptraTrngValidAxiId = ureg::ReadWriteReg32<0xffffffff, u32, u32>; - pub type CptraTrngAxiIdLock = ureg::ReadWriteReg32< + pub type CptraTrngValidAxiUser = ureg::ReadWriteReg32<0xffffffff, u32, u32>; + pub type CptraTrngAxiUserLock = ureg::ReadWriteReg32< 0, - crate::soc_ifc::regs::CptraXxxxAxiIdLockReadVal, - crate::soc_ifc::regs::CptraXxxxAxiIdLockWriteVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockReadVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockWriteVal, >; pub type CptraTrngCtrl = ureg::ReadWriteReg32< 0, @@ -4264,11 +4832,11 @@ pub mod meta { crate::soc_ifc::regs::CptraWdtStatusReadVal, crate::soc_ifc::regs::CptraWdtStatusWriteVal, >; - pub type CptraFuseValidAxiId = ureg::ReadWriteReg32<0xffffffff, u32, u32>; - pub type CptraFuseAxiIdLock = ureg::ReadWriteReg32< + pub type CptraFuseValidAxiUser = ureg::ReadWriteReg32<0xffffffff, u32, u32>; + pub type CptraFuseAxiUserLock = ureg::ReadWriteReg32< 0, - crate::soc_ifc::regs::CptraXxxxAxiIdLockReadVal, - crate::soc_ifc::regs::CptraXxxxAxiIdLockWriteVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockReadVal, + crate::soc_ifc::regs::CptraXxxxAxiUserLockWriteVal, >; pub type CptraWdtCfg = ureg::ReadWriteReg32<0, u32, u32>; pub type CptraItrngEntropyConfig0 = ureg::ReadWriteReg32< @@ -4282,15 +4850,23 @@ pub mod meta { crate::soc_ifc::regs::CptraItrngEntropyConfig1WriteVal, >; pub type CptraRsvdReg = ureg::ReadWriteReg32<0, u32, u32>; + pub type CptraHwCapabilities = ureg::ReadWriteReg32<0, u32, u32>; + pub type CptraFwCapabilities = ureg::ReadWriteReg32<0, u32, u32>; + pub type CptraCapLock = ureg::ReadWriteReg32< + 0, + crate::soc_ifc::regs::CptraXxxxxxxkReadVal, + crate::soc_ifc::regs::CptraXxxxxxxkWriteVal, + >; + pub type CptraOwnerPkHash = ureg::ReadWriteReg32<0, u32, u32>; + pub type CptraOwnerPkHashLock = ureg::ReadWriteReg32< + 0, + crate::soc_ifc::regs::CptraXxxxxxxkReadVal, + crate::soc_ifc::regs::CptraXxxxxxxkWriteVal, + >; pub type FuseUdsSeed = ureg::WriteOnlyReg32<0, u32>; pub type FuseFieldEntropy = ureg::WriteOnlyReg32<0, u32>; pub type FuseKeyManifestPkHash = ureg::ReadWriteReg32<0, u32, u32>; - pub type FuseKeyManifestPkHashMask = ureg::ReadWriteReg32< - 0, - crate::soc_ifc::regs::FuseKeyManifestPkHashMaskReadVal, - crate::soc_ifc::regs::FuseKeyManifestPkHashMaskWriteVal, - >; - pub type FuseOwnerPkHash = ureg::ReadWriteReg32<0, u32, u32>; + pub type FuseKeyManifestPkHashMask = ureg::ReadWriteReg32<0, u32, u32>; pub type FuseFmcKeyManifestSvn = ureg::ReadWriteReg32<0, u32, u32>; pub type FuseRuntimeSvn = ureg::ReadWriteReg32<0, u32, u32>; pub type FuseAntiRollbackDisable = ureg::ReadWriteReg32< @@ -4300,22 +4876,44 @@ pub mod meta { >; pub type FuseIdevidCertAttr = ureg::ReadWriteReg32<0, u32, u32>; pub type FuseIdevidManufHsmId = ureg::ReadWriteReg32<0, u32, u32>; - pub type FuseLifeCycle = ureg::ReadWriteReg32< - 0, - crate::soc_ifc::regs::FuseLifeCycleReadVal, - crate::soc_ifc::regs::FuseLifeCycleWriteVal, - >; - pub type FuseLmsVerify = ureg::ReadWriteReg32< + pub type FuseLmsRevocation = ureg::ReadWriteReg32<0, u32, u32>; + pub type FuseMldsaRevocation = ureg::ReadWriteReg32< 0, - crate::soc_ifc::regs::FuseLmsVerifyReadVal, - crate::soc_ifc::regs::FuseLmsVerifyWriteVal, + crate::soc_ifc::regs::FuseMldsaRevocationReadVal, + crate::soc_ifc::regs::FuseMldsaRevocationWriteVal, >; - pub type FuseLmsRevocation = ureg::ReadWriteReg32<0, u32, u32>; pub type FuseSocSteppingId = ureg::ReadWriteReg32< 0, crate::soc_ifc::regs::FuseSocSteppingIdReadVal, crate::soc_ifc::regs::FuseSocSteppingIdWriteVal, >; + pub type FuseManufDbgUnlockToken = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsCaliptraBaseAddrL = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsCaliptraBaseAddrH = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsMciBaseAddrL = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsMciBaseAddrH = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsRecoveryIfcBaseAddrL = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsRecoveryIfcBaseAddrH = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsOtpFcBaseAddrL = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsOtpFcBaseAddrH = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsUdsSeedBaseAddrL = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsUdsSeedBaseAddrH = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsProdDebugUnlockAuthPkHashRegBankOffset = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsNumOfProdDebugUnlockAuthPkHashes = ureg::ReadWriteReg32<8, u32, u32>; + pub type SsDebugIntent = ureg::ReadOnlyReg32; + pub type SsStrapGeneric = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsDbgManufServiceRegReq = ureg::ReadWriteReg32< + 0, + crate::soc_ifc::regs::SsDbgManufServiceRegReqReadVal, + crate::soc_ifc::regs::SsDbgManufServiceRegReqWriteVal, + >; + pub type SsDbgManufServiceRegRsp = ureg::ReadWriteReg32< + 0, + crate::soc_ifc::regs::SsDbgManufServiceRegRspReadVal, + crate::soc_ifc::regs::SsDbgManufServiceRegRspWriteVal, + >; + pub type SsSocDbgUnlockLevel = ureg::ReadWriteReg32<0, u32, u32>; + pub type SsGenericFwExecCtrl = ureg::ReadWriteReg32<0, u32, u32>; pub type InternalObfKey = ureg::WriteOnlyReg32<0, u32>; pub type InternalIccmLock = ureg::ReadWriteReg32< 0, diff --git a/hw/latest/registers/src/soc_ifc_trng.rs b/hw/latest/registers/src/soc_ifc_trng.rs index e1e836643d..84be130cb1 100644 --- a/hw/latest/registers/src/soc_ifc_trng.rs +++ b/hw/latest/registers/src/soc_ifc_trng.rs @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license. // -// generated by caliptra_registers_generator with caliptra-rtl repo at ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +// generated by caliptra_registers_generator with caliptra-rtl repo at 00730026cdf11841d20a6085ea3909ea3bd4a21b // #![allow(clippy::erasing_op)] #![allow(clippy::identity_op)] diff --git a/hw/latest/rtl b/hw/latest/rtl index ac8e5592b1..00730026cd 160000 --- a/hw/latest/rtl +++ b/hw/latest/rtl @@ -1 +1 @@ -Subproject commit ac8e5592b1a6d53f92809c98f8f0144c5a5bf0eb +Subproject commit 00730026cdf11841d20a6085ea3909ea3bd4a21b diff --git a/libcaliptra/inc/caliptra_types.h b/libcaliptra/inc/caliptra_types.h index 9058f50bd7..3e6d33470e 100644 --- a/libcaliptra/inc/caliptra_types.h +++ b/libcaliptra/inc/caliptra_types.h @@ -38,7 +38,6 @@ struct caliptra_fuses { uint32_t idevid_cert_attr[24]; uint32_t idevid_manuf_hsm_id[4]; enum device_lifecycle life_cycle; - bool lms_verify; uint32_t lms_revocation; uint16_t soc_stepping_id; }; diff --git a/libcaliptra/src/caliptra_api.c b/libcaliptra/src/caliptra_api.c index 2417891888..04a292c3e2 100644 --- a/libcaliptra/src/caliptra_api.c +++ b/libcaliptra/src/caliptra_api.c @@ -278,15 +278,13 @@ int caliptra_init_fuses(const struct caliptra_fuses *fuses) caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_UDS_SEED_0, fuses->uds_seed, CALIPTRA_ARRAY_SIZE(fuses->uds_seed)); caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_FIELD_ENTROPY_0, fuses->field_entropy, CALIPTRA_ARRAY_SIZE(fuses->field_entropy)); caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_0, fuses->key_manifest_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->key_manifest_pk_hash)); - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK, fuses->key_manifest_pk_hash_mask); - caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash)); + caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_KEY_MANIFEST_PK_HASH_MASK_0, fuses->key_manifest_pk_hash_mask); + caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_CPTRA_OWNER_PK_HASH_0, fuses->owner_pk_hash, CALIPTRA_ARRAY_SIZE(fuses->owner_pk_hash)); caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_FMC_KEY_MANIFEST_SVN, fuses->fmc_key_manifest_svn); caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_RUNTIME_SVN_0, fuses->runtime_svn, CALIPTRA_ARRAY_SIZE(fuses->runtime_svn)); caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_ANTI_ROLLBACK_DISABLE, (uint32_t)fuses->anti_rollback_disable); caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_IDEVID_CERT_ATTR_0, fuses->idevid_cert_attr, CALIPTRA_ARRAY_SIZE(fuses->idevid_cert_attr)); caliptra_fuse_array_write(GENERIC_AND_FUSE_REG_FUSE_IDEVID_MANUF_HSM_ID_0, fuses->idevid_manuf_hsm_id, CALIPTRA_ARRAY_SIZE(fuses->idevid_manuf_hsm_id)); - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_LIFE_CYCLE, (uint32_t)fuses->life_cycle); - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_LMS_VERIFY, (uint32_t)fuses->lms_verify); caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_LMS_REVOCATION, fuses->lms_revocation); caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_FUSE_SOC_STEPPING_ID, fuses->soc_stepping_id); @@ -340,7 +338,7 @@ bool caliptra_ready_for_firmware(void) { status = caliptra_read_status(); - if ((status & GENERIC_AND_FUSE_REG_CPTRA_FLOW_STATUS_READY_FOR_FW_MASK) == GENERIC_AND_FUSE_REG_CPTRA_FLOW_STATUS_READY_FOR_FW_MASK) + if ((status & GENERIC_AND_FUSE_REG_CPTRA_FLOW_STATUS_READY_FOR_MB_PROCESSING_MASK) == GENERIC_AND_FUSE_REG_CPTRA_FLOW_STATUS_READY_FOR_MB_PROCESSING_MASK) { ready = true; } diff --git a/libcaliptra/src/caliptra_fuses.h b/libcaliptra/src/caliptra_fuses.h index 16100bc730..7e345ce9db 100644 --- a/libcaliptra/src/caliptra_fuses.h +++ b/libcaliptra/src/caliptra_fuses.h @@ -89,34 +89,34 @@ static inline void caliptra_write_itrng_entropy_repetition_count(uint16_t data) // NOTE: Is the responsibility of the caller to ensure the index does not exceed MBOX_AXI_ID_SLOTS static inline bool caliptra_read_mbox_pauser_lock(uint8_t idx) { - return caliptra_generic_and_fuse_read(GENERIC_AND_FUSE_REG_CPTRA_MBOX_AXI_ID_LOCK_0 + (sizeof(uint32_t) * idx)) != 0; + return caliptra_generic_and_fuse_read(GENERIC_AND_FUSE_REG_CPTRA_MBOX_AXI_USER_LOCK_0 + (sizeof(uint32_t) * idx)) != 0; } -// NOTE: Is the responsibility of the caller to ensure the index does not exceed MBOX_AXI_ID_SLOTS +// NOTE: Is the responsibility of the caller to ensure the index does not exceed MBOX_AXI_USER_SLOTS static inline void caliptra_set_mbox_pauser_lock(uint8_t idx) { - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_MBOX_AXI_ID_LOCK_0 + (sizeof(uint32_t) * idx), 0x1); + caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_MBOX_AXI_USER_LOCK_0 + (sizeof(uint32_t) * idx), 0x1); } -// NOTE: Is the responsibility of the caller to ensure the index does not exceed MBOX_AXI_ID_SLOTS +// NOTE: Is the responsibility of the caller to ensure the index does not exceed MBOX_AXI_USER_SLOTS static inline void caliptra_write_mbox_valid_pauser(uint8_t idx, uint32_t data) { - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_MBOX_VALID_AXI_ID_0 + (sizeof(uint32_t) * idx), data); + caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_MBOX_VALID_AXI_USER_0 + (sizeof(uint32_t) * idx), data); } static inline bool caliptra_read_fuse_pauser_lock() { - return caliptra_generic_and_fuse_read(GENERIC_AND_FUSE_REG_CPTRA_FUSE_AXI_ID_LOCK) != 0; + return caliptra_generic_and_fuse_read(GENERIC_AND_FUSE_REG_CPTRA_FUSE_AXI_USER_LOCK) != 0; } static inline void caliptra_set_fuse_pauser_lock() { - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_FUSE_AXI_ID_LOCK, 0x1); + caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_FUSE_AXI_USER_LOCK, 0x1); } static inline void caliptra_write_fuse_valid_pauser(uint32_t data) { - caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_FUSE_VALID_AXI_ID, data); + caliptra_generic_and_fuse_write(GENERIC_AND_FUSE_REG_CPTRA_FUSE_VALID_AXI_USER, data); } static inline void caliptra_write_dbg_manuf_serv(uint32_t data) diff --git a/registers/bin/generator/src/main.rs b/registers/bin/generator/src/main.rs index 0c020e81d9..7acfdd5cc8 100644 --- a/registers/bin/generator/src/main.rs +++ b/registers/bin/generator/src/main.rs @@ -120,9 +120,9 @@ fn real_main() -> Result<(), Box> { write_file }; - if args.len() < 6 { + if args.len() < 5 { Err( - "Usage: codegen [--check] ", + "Usage: codegen [--check] ", )?; } @@ -134,7 +134,7 @@ fn real_main() -> Result<(), Box> { .filter(|p| p.exists()) .collect(); - let adamsbridge_rdl_dir = Path::new(&args[4]); + let adamsbridge_rdl_dir = rtl_dir.join("submodules").join("adams-bridge"); let mut adamsbridge_rdl_files: Vec = ADAMSBRIDGE_RDL_FILES .iter() .map(|p| adamsbridge_rdl_dir.join(p)) diff --git a/registers/update.sh b/registers/update.sh index 21af8eb529..ef31983728 100755 --- a/registers/update.sh +++ b/registers/update.sh @@ -9,4 +9,4 @@ if [[ ! -f "../hw/latest/rtl/.git" ]]; then exit 1 fi -cargo run --manifest-path bin/generator/Cargo.toml -- ../hw/latest/rtl bin/extra-rdl/ ../hw/latest/i3c-core-rtl ../hw/latest/adams-bridge ../hw/latest/registers/src/ +cargo run --manifest-path bin/generator/Cargo.toml -- ../hw/latest/rtl bin/extra-rdl/ ../hw/latest/i3c-core-rtl ../hw/latest/registers/src/ diff --git a/rom/dev/src/crypto.rs b/rom/dev/src/crypto.rs index 666197c936..cd7f0141f4 100644 --- a/rom/dev/src/crypto.rs +++ b/rom/dev/src/crypto.rs @@ -191,7 +191,8 @@ impl Crypto { output, KeyUsage::default() .set_hmac_key_en() - .set_ecc_key_gen_seed_en(), + .set_ecc_key_gen_seed_en() + .set_mldsa_seed_en(), ) .into(), mode, diff --git a/rom/dev/src/flow/cold_reset/idev_id.rs b/rom/dev/src/flow/cold_reset/idev_id.rs index aa7f5afb18..ca40af2520 100644 --- a/rom/dev/src/flow/cold_reset/idev_id.rs +++ b/rom/dev/src/flow/cold_reset/idev_id.rs @@ -62,7 +62,7 @@ impl InitDevIdLayer { // If CSR is not requested, indicate to the SOC that it can start // uploading the firmware image to the mailbox. if !env.soc_ifc.mfg_flag_gen_idev_id_csr() { - env.soc_ifc.flow_status_set_ready_for_firmware(); + env.soc_ifc.flow_status_set_ready_for_mb_processing(); } // Decrypt the UDS @@ -111,8 +111,8 @@ impl InitDevIdLayer { Self::generate_csr(env, &output)?; // Indicate (if not already done) to SOC that it can start uploading the firmware image to the mailbox. - if !env.soc_ifc.flow_status_ready_for_firmware() { - env.soc_ifc.flow_status_set_ready_for_firmware(); + if !env.soc_ifc.flow_status_ready_for_mb_processing() { + env.soc_ifc.flow_status_set_ready_for_mb_processing(); } // Write IDevID public key to FHT diff --git a/rom/dev/src/flow/fake.rs b/rom/dev/src/flow/fake.rs index e712fd4be2..c9bdf6e1d6 100644 --- a/rom/dev/src/flow/fake.rs +++ b/rom/dev/src/flow/fake.rs @@ -148,7 +148,7 @@ impl FakeRomFlow { // Zeroize the key vault in the fake ROM flow unsafe { KeyVault::zeroize() }; - env.soc_ifc.flow_status_set_ready_for_firmware(); + env.soc_ifc.flow_status_set_ready_for_mb_processing(); fht::initialize_fht(env); diff --git a/rom/dev/tests/rom_integration_tests/test_dice_derivations.rs b/rom/dev/tests/rom_integration_tests/test_dice_derivations.rs index 9d898b8af6..b6f2f2ca84 100644 --- a/rom/dev/tests/rom_integration_tests/test_dice_derivations.rs +++ b/rom/dev/tests/rom_integration_tests/test_dice_derivations.rs @@ -46,7 +46,12 @@ fn test_cold_reset_status_reporting() { } // Wait for uploading firmware. - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); // Manually put the firmware in the mailbox because // HwModel::upload_firmware returns only when the transaction is complete. diff --git a/rom/dev/tests/rom_integration_tests/test_fake_rom.rs b/rom/dev/tests/rom_integration_tests/test_fake_rom.rs index 1a7bab391a..a7e98c9e85 100644 --- a/rom/dev/tests/rom_integration_tests/test_fake_rom.rs +++ b/rom/dev/tests/rom_integration_tests/test_fake_rom.rs @@ -93,7 +93,12 @@ fn test_fake_rom_production_enabled() { .unwrap(); // Wait for ready for FW - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); } #[test] @@ -122,7 +127,12 @@ fn test_fake_rom_fw_load() { .unwrap(); // Upload the FW once ROM is at the right point - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); @@ -160,7 +170,12 @@ fn test_fake_rom_update_reset() { .unwrap(); // Upload FW - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); @@ -256,7 +271,12 @@ fn test_fake_rom_version() { .unwrap(); // Wait for ready for FW - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); assert_eq!( hw.soc_ifc().cptra_fw_rev_id().at(0).read() as u16, diff --git a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs index 9c1799f44f..ebbfffd631 100644 --- a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs +++ b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs @@ -140,7 +140,6 @@ fn test_pcr_log() { let fuses = Fuses { anti_rollback_disable: true, - lms_verify: true, key_manifest_pk_hash: vendor_pubkey_digest, owner_pk_hash: owner_pubkey_digest, ..Default::default() @@ -244,7 +243,6 @@ fn test_pcr_log_no_owner_key_digest_fuse() { let fuses = Fuses { anti_rollback_disable: true, - lms_verify: true, key_manifest_pk_hash: gen .vendor_pubkey_digest(&image_bundle.manifest.preamble) .unwrap(), @@ -585,7 +583,6 @@ fn test_fuse_log() { anti_rollback_disable: true, fmc_key_manifest_svn: 0x0F, // Value of FMC_SVN runtime_svn: [0xF, 0, 0, 0], // Value of RT_SVN - lms_verify: true, ..Default::default() }; @@ -764,7 +761,6 @@ fn test_fht_info() { #[test] fn test_check_rom_cold_boot_status_reg() { let fuses = Fuses { - lms_verify: false, ..Default::default() }; let rom = caliptra_builder::build_firmware_rom(firmware::rom_from_env()).unwrap(); diff --git a/rom/dev/tests/rom_integration_tests/test_idevid_derivation.rs b/rom/dev/tests/rom_integration_tests/test_idevid_derivation.rs index cb77cceca2..4430ba8b1f 100644 --- a/rom/dev/tests/rom_integration_tests/test_idevid_derivation.rs +++ b/rom/dev/tests/rom_integration_tests/test_idevid_derivation.rs @@ -26,7 +26,12 @@ fn generate_csr(hw: &mut DefaultHwModel, image_bundle: &ImageBundle) -> Vec let downloaded = helpers::get_csr(hw).unwrap(); // Wait for uploading firmware. - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); @@ -64,10 +69,10 @@ fn test_idev_subj_key_id_algo() { } fn fuses_with_random_uds() -> Fuses { - const UDS_LEN: usize = core::mem::size_of::() * 12; + const UDS_LEN: usize = core::mem::size_of::() * 16; let mut uds_bytes = [0; UDS_LEN]; rand_bytes(&mut uds_bytes).unwrap(); - let mut uds_seed = [0u32; 12]; + let mut uds_seed = [0u32; 16]; for (word, bytes) in uds_seed.iter_mut().zip(uds_bytes.chunks_exact(4)) { *word = u32::from_be_bytes(bytes.try_into().unwrap()); @@ -132,7 +137,7 @@ fn verify_key( hw: &mut DefaultHwModel, cmd_id: u32, pubkey: &PKey, - test_uds: &[u32; 12], + test_uds: &[u32; 16], ) -> X509 { let payload = MailboxReqHeader { chksum: caliptra_common::checksum::calc_checksum(cmd_id, &[]), diff --git a/rom/dev/tests/rom_integration_tests/test_image_validation.rs b/rom/dev/tests/rom_integration_tests/test_image_validation.rs index 96fa6dec31..93e581c0ee 100644 --- a/rom/dev/tests/rom_integration_tests/test_image_validation.rs +++ b/rom/dev/tests/rom_integration_tests/test_image_validation.rs @@ -263,7 +263,6 @@ fn test_preamble_vendor_lms_pubkey_revocation() { image_options.vendor_config = vendor_config; let fuses = caliptra_hw_model::Fuses { - lms_verify: true, fuse_lms_revocation: 1u32 << image_options.vendor_config.pqc_key_idx, ..Default::default() }; @@ -324,7 +323,6 @@ fn test_preamble_vendor_ecc_pubkey_out_of_bounds() { #[test] fn test_preamble_vendor_lms_pubkey_out_of_bounds() { let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -510,7 +508,6 @@ fn test_header_verify_vendor_ecc_sig_mismatch() { #[test] fn test_header_verify_vendor_lms_sig_mismatch() { let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -539,7 +536,6 @@ fn test_header_verify_vendor_lms_sig_mismatch() { drop(hw); let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -575,7 +571,6 @@ fn test_header_verify_vendor_lms_sig_mismatch() { #[test] fn test_header_verify_owner_lms_sig_mismatch() { let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -605,7 +600,6 @@ fn test_header_verify_owner_lms_sig_mismatch() { drop(hw); let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -663,7 +657,6 @@ fn test_header_verify_vendor_ecc_pub_key_in_preamble_and_header() { #[test] fn test_header_verify_vendor_lms_pub_key_in_preamble_and_header() { let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; let (mut hw, mut image_bundle) = @@ -1684,7 +1677,12 @@ fn cert_test_with_custom_dates() { // Download the CSR from the mailbox. let idevid_cert_bytes = helpers::get_csr(&mut hw).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); @@ -1744,7 +1742,12 @@ fn cert_test() { // Download the CSR from the mailbox. let csr_bytes = helpers::get_csr(&mut hw).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); @@ -1804,7 +1807,12 @@ fn cert_test_with_ueid() { // Download the CSR from the mailbox. let csr_bytes = helpers::get_csr(&mut hw).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); diff --git a/rom/dev/tests/rom_integration_tests/test_mailbox_errors.rs b/rom/dev/tests/rom_integration_tests/test_mailbox_errors.rs index 6ff11b3153..1fd0078749 100644 --- a/rom/dev/tests/rom_integration_tests/test_mailbox_errors.rs +++ b/rom/dev/tests/rom_integration_tests/test_mailbox_errors.rs @@ -160,7 +160,7 @@ fn test_mailbox_reserved_pauser() { helpers::build_hw_model_and_image_bundle(Fuses::default(), ImageOptions::default()); // Set pauser to the reserved value - hw.set_axi_id(0xffffffff); + hw.set_axi_user(0xffffffff); // Send anything assert_eq!( diff --git a/rom/dev/tests/rom_integration_tests/test_update_reset.rs b/rom/dev/tests/rom_integration_tests/test_update_reset.rs index 769cab5f3f..67321bbe96 100644 --- a/rom/dev/tests/rom_integration_tests/test_update_reset.rs +++ b/rom/dev/tests/rom_integration_tests/test_update_reset.rs @@ -382,7 +382,6 @@ fn test_update_reset_vendor_lms_pub_key_idx_dv_mismatch() { }, BootParams { fuses: caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }, fw_image: Some(&image_bundle.to_bytes().unwrap()), diff --git a/rom/dev/tests/rom_integration_tests/test_wdt_activation_and_stoppage.rs b/rom/dev/tests/rom_integration_tests/test_wdt_activation_and_stoppage.rs index e120c6cc13..8a7a867aa7 100644 --- a/rom/dev/tests/rom_integration_tests/test_wdt_activation_and_stoppage.rs +++ b/rom/dev/tests/rom_integration_tests/test_wdt_activation_and_stoppage.rs @@ -48,7 +48,12 @@ fn test_wdt_activation_and_stoppage() { assert!(hw.soc_ifc().cptra_wdt_timer1_en().read().timer1_en()); // Upload the FW once ROM is at the right point - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); hw.upload_firmware(&image_bundle.to_bytes().unwrap()) .unwrap(); diff --git a/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs b/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs index 2327d013ad..cfa7838fba 100644 --- a/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs +++ b/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs @@ -23,7 +23,12 @@ fn test_get_csr() { let downloaded = helpers::get_csr(&mut hw).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); downloaded }; @@ -55,7 +60,12 @@ fn test_get_csr() { fn test_get_csr_generate_csr_flag_not_set() { let (mut hw, _) = helpers::build_hw_model_and_image_bundle(Fuses::default(), ImageOptions::default()); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); let payload = MailboxReqHeader { chksum: caliptra_common::checksum::calc_checksum(u32::from(CommandId::GET_IDEV_CSR), &[]), diff --git a/runtime/src/mailbox.rs b/runtime/src/mailbox.rs index 3e0bc291c3..362069e9d7 100644 --- a/runtime/src/mailbox.rs +++ b/runtime/src/mailbox.rs @@ -103,7 +103,7 @@ impl Mailbox { /// Gets the id of the mailbox pub fn id(&self) -> u32 { let mbox = self.mbox.regs(); - mbox.id().read() + mbox.user().read() } /// Copies data in mailbox to `buf` diff --git a/runtime/tests/runtime_integration_tests/common.rs b/runtime/tests/runtime_integration_tests/common.rs index eb7fce430a..2f10a2c900 100644 --- a/runtime/tests/runtime_integration_tests/common.rs +++ b/runtime/tests/runtime_integration_tests/common.rs @@ -49,7 +49,7 @@ pub struct RuntimeTestArgs<'a> { pub test_mfg_flags: Option, } -pub fn run_rt_test_lms(args: RuntimeTestArgs, lms_verify: bool) -> DefaultHwModel { +pub fn run_rt_test_lms(args: RuntimeTestArgs) -> DefaultHwModel { let default_rt_fwid = if cfg!(feature = "fpga_realtime") { &APP_WITH_UART_FPGA } else { @@ -88,7 +88,6 @@ pub fn run_rt_test_lms(args: RuntimeTestArgs, lms_verify: bool) -> DefaultHwMode BootParams { fw_image: Some(&image.to_bytes().unwrap()), fuses: Fuses { - lms_verify, ..Default::default() }, initial_dbg_manuf_service_reg: boot_flags, @@ -97,7 +96,12 @@ pub fn run_rt_test_lms(args: RuntimeTestArgs, lms_verify: bool) -> DefaultHwMode ) .unwrap(); - model.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + model.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); model } @@ -105,7 +109,7 @@ pub fn run_rt_test_lms(args: RuntimeTestArgs, lms_verify: bool) -> DefaultHwMode // Run a test which boots ROM -> FMC -> test_bin. If test_bin_name is None, // run the production runtime image. pub fn run_rt_test(args: RuntimeTestArgs) -> DefaultHwModel { - run_rt_test_lms(args, false) + run_rt_test_lms(args) } pub fn generate_test_x509_cert(ec_key: PKey) -> X509 { diff --git a/runtime/tests/runtime_integration_tests/test_mailbox.rs b/runtime/tests/runtime_integration_tests/test_mailbox.rs index 7670e97850..9f014d803a 100644 --- a/runtime/tests/runtime_integration_tests/test_mailbox.rs +++ b/runtime/tests/runtime_integration_tests/test_mailbox.rs @@ -66,7 +66,7 @@ fn test_reserved_pauser() { model.step_until(|m| m.soc_mbox().status().read().mbox_fsm_ps().mbox_idle()); // Set pauser to the reserved value - model.set_axi_id(0xffffffff); + model.set_axi_user(0xffffffff); // Send anything let payload = MailboxReqHeader { diff --git a/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs b/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs index e4db31a51b..d88ad95415 100644 --- a/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs +++ b/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs @@ -102,7 +102,7 @@ pub fn test_auth_manifest() -> AuthorizationManifest { #[test] fn test_set_auth_manifest_cmd() { - let mut model = run_rt_test_lms(RuntimeTestArgs::default(), true); + let mut model = run_rt_test_lms(RuntimeTestArgs::default()); model.step_until(|m| { m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands) @@ -131,7 +131,7 @@ fn test_set_auth_manifest_cmd() { #[test] fn test_set_auth_manifest_cmd_invalid_len() { - let mut model = run_rt_test_lms(RuntimeTestArgs::default(), true); + let mut model = run_rt_test_lms(RuntimeTestArgs::default()); model.step_until(|m| { m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands) @@ -179,7 +179,7 @@ fn test_set_auth_manifest_cmd_invalid_len() { } fn test_manifest_expect_err(manifest: AuthorizationManifest, expected_err: CaliptraError) { - let mut model = run_rt_test_lms(RuntimeTestArgs::default(), true); + let mut model = run_rt_test_lms(RuntimeTestArgs::default()); model.step_until(|m| { m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands) diff --git a/sw-emulator/app/src/main.rs b/sw-emulator/app/src/main.rs index 2cae70601c..8c2a0aa23d 100644 --- a/sw-emulator/app/src/main.rs +++ b/sw-emulator/app/src/main.rs @@ -320,7 +320,7 @@ fn main() -> io::Result<()> { .try_into() .expect("owner_pk_hash must be 48 bytes"), ); - soc_ifc.fuse_owner_pk_hash().write(&owner_pk_hash); + soc_ifc.cptra_owner_pk_hash().write(&owner_pk_hash); } // Populate DBG_MANUF_SERVICE_REG diff --git a/sw-emulator/lib/periph/src/doe.rs b/sw-emulator/lib/periph/src/doe.rs index 47a48dfd13..ffb314bebe 100644 --- a/sw-emulator/lib/periph/src/doe.rs +++ b/sw-emulator/lib/periph/src/doe.rs @@ -172,7 +172,7 @@ impl Doe { /// * `key_id` - Key index to store the UDS fn unscramble_uds(&mut self, key_id: u32) { let cipher_uds = self.soc_reg.uds(); - let mut plain_uds = [0u8; 48]; + let mut plain_uds = [0u8; 64]; Aes256Cbc::decrypt( &self.soc_reg.doe_key(), self.iv.data(), @@ -382,7 +382,7 @@ mod tests { #[test] fn test_clear_secrets() { - let expected_uds = [0u8; 48]; + let expected_uds = [0u8; 64]; let expected_doe_key = [0u8; 32]; let expected_fe = [0u8; 32]; let pic = Pic::new(); diff --git a/sw-emulator/lib/periph/src/hash_sha512.rs b/sw-emulator/lib/periph/src/hash_sha512.rs index 59718f88d6..e6aaa007ea 100644 --- a/sw-emulator/lib/periph/src/hash_sha512.rs +++ b/sw-emulator/lib/periph/src/hash_sha512.rs @@ -561,8 +561,7 @@ impl HashSha512Regs { self.block.fill(0); let result: Result<[u8; KeyVault::PCR_SIZE], BusError> = if pcr_hash_extend == 0 { - let mut key_usage = KeyUsage::default(); - key_usage.set_sha_data(true); + let key_usage = KeyUsage::default(); match self.key_vault.read_key(key_id, key_usage) { Err(x) => Err(x), Ok(x) => Ok(x[..KeyVault::PCR_SIZE].try_into().unwrap()), @@ -892,8 +891,7 @@ mod tests { let mut block: [u8; KeyVault::KEY_SIZE] = [0; KeyVault::KEY_SIZE]; block[..data.len()].copy_from_slice(data); block.to_big_endian(); // Keys are stored in big-endian format. - let mut key_usage = KeyUsage::default(); - key_usage.set_sha_data(true); + let key_usage = KeyUsage::default(); key_vault .write_key(block_id, &block, u32::from(key_usage)) @@ -952,8 +950,7 @@ mod tests { if hash_to_kv { // Instruct hash to be written to the key-vault. - let mut key_usage = KeyUsage::default(); - key_usage.set_sha_data(true); + let key_usage = KeyUsage::default(); let hash_ctrl = InMemoryRegister::::new(0); hash_ctrl.modify( HashWriteControl::KEY_ID.val(hash_id) @@ -1080,8 +1077,7 @@ mod tests { let mut hash_le: [u8; SHA512_HASH_SIZE] = [0; SHA512_HASH_SIZE]; if hash_to_kv { - let mut key_usage = KeyUsage::default(); - key_usage.set_sha_data(true); + let key_usage = KeyUsage::default(); hash_le[..KeyVault::KEY_SIZE] .copy_from_slice(&sha512.key_vault.read_key(hash_id, key_usage).unwrap()[..]); } else { @@ -1170,32 +1166,6 @@ mod tests { test_sha(&SHA_512_TEST_BLOCK, &expected, Sha512Mode::Sha256, &[]); } - #[test] - fn test_sha384_kv_block_read() { - let test_block: [u8; SHA384_HASH_SIZE] = [ - 0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb, - 0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29, - 0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7, - 0xa3, 0x59, 0x14, 0xfc, 0x1e, 0xcd, - ]; - - let expected: [u8; SHA384_HASH_SIZE] = [ - 0x4a, 0x8a, 0x78, 0xb1, 0xa0, 0xa, 0x13, 0x33, 0xfc, 0x92, 0x32, 0x2f, 0xad, 0xd2, - 0x47, 0x47, 0xf2, 0xcd, 0x2f, 0x1, 0x8e, 0xff, 0xa3, 0x61, 0xff, 0x13, 0x33, 0x10, - 0x5b, 0x86, 0x6a, 0xc9, 0x39, 0xea, 0xd2, 0x67, 0x2b, 0xdb, 0xba, 0x4e, 0x18, 0x1c, - 0xb3, 0x4f, 0xb7, 0xeb, 0xa4, 0xf6, - ]; - - for key_id in 0..KeyVault::KEY_COUNT { - test_sha( - &test_block, - &expected, - Sha512Mode::Sha384, - &[KeyVaultAction::BlockFromVault(key_id)], - ); - } - } - #[test] fn test_sha384_kv_block_read_fail() { let test_block: [u8; SHA384_HASH_SIZE] = [ @@ -1239,32 +1209,6 @@ mod tests { } } - #[test] - fn test_sha384_kv_hash_write() { - let test_block: [u8; SHA384_HASH_SIZE] = [ - 0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb, - 0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29, - 0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7, - 0xa3, 0x59, 0x14, 0xfc, 0x1e, 0xcd, - ]; - - let expected: [u8; SHA384_HASH_SIZE] = [ - 0x4a, 0x8a, 0x78, 0xb1, 0xa0, 0xa, 0x13, 0x33, 0xfc, 0x92, 0x32, 0x2f, 0xad, 0xd2, - 0x47, 0x47, 0xf2, 0xcd, 0x2f, 0x1, 0x8e, 0xff, 0xa3, 0x61, 0xff, 0x13, 0x33, 0x10, - 0x5b, 0x86, 0x6a, 0xc9, 0x39, 0xea, 0xd2, 0x67, 0x2b, 0xdb, 0xba, 0x4e, 0x18, 0x1c, - 0xb3, 0x4f, 0xb7, 0xeb, 0xa4, 0xf6, - ]; - - for key_id in 0..8 { - test_sha( - &test_block, - &expected, - Sha512Mode::Sha384, - &[KeyVaultAction::HashToVault(key_id)], - ); - } - } - #[test] fn test_sha384_kv_hash_write_fail() { let test_block: [u8; SHA384_HASH_SIZE] = [ @@ -1294,35 +1238,6 @@ mod tests { } } - #[test] - fn test_sha384_kv_block_read_hash_write() { - let test_block: [u8; SHA384_HASH_SIZE] = [ - 0x9c, 0x2f, 0x48, 0x76, 0x0d, 0x13, 0xac, 0x42, 0xea, 0xd1, 0x96, 0xe5, 0x4d, 0xcb, - 0xaa, 0x5e, 0x58, 0x72, 0x06, 0x62, 0xa9, 0x6b, 0x91, 0x94, 0xe9, 0x81, 0x33, 0x29, - 0xbd, 0xb6, 0x27, 0xc7, 0xc1, 0xca, 0x77, 0x15, 0x31, 0x16, 0x32, 0xc1, 0x39, 0xe7, - 0xa3, 0x59, 0x14, 0xfc, 0x1e, 0xcd, - ]; - - let expected: [u8; SHA384_HASH_SIZE] = [ - 0x4a, 0x8a, 0x78, 0xb1, 0xa0, 0xa, 0x13, 0x33, 0xfc, 0x92, 0x32, 0x2f, 0xad, 0xd2, - 0x47, 0x47, 0xf2, 0xcd, 0x2f, 0x1, 0x8e, 0xff, 0xa3, 0x61, 0xff, 0x13, 0x33, 0x10, - 0x5b, 0x86, 0x6a, 0xc9, 0x39, 0xea, 0xd2, 0x67, 0x2b, 0xdb, 0xba, 0x4e, 0x18, 0x1c, - 0xb3, 0x4f, 0xb7, 0xeb, 0xa4, 0xf6, - ]; - - for key_id in 0..KeyVault::KEY_COUNT { - test_sha( - &test_block, - &expected, - Sha512Mode::Sha384, - &[ - KeyVaultAction::BlockFromVault(key_id), - KeyVaultAction::HashToVault((key_id + 1) % KeyVault::KEY_COUNT), - ], - ); - } - } - fn test_pcr_hash_extend(data: &[u8], pcr_data: &mut [u8; SHA384_HASH_SIZE], expected: &[u8]) { // Prime the PCR vault. let clock = Clock::new(); diff --git a/sw-emulator/lib/periph/src/hmac.rs b/sw-emulator/lib/periph/src/hmac.rs index f7b54d5a95..1d29d2168a 100644 --- a/sw-emulator/lib/periph/src/hmac.rs +++ b/sw-emulator/lib/periph/src/hmac.rs @@ -36,6 +36,7 @@ register_bitfields! [ HMAC384 = 0, HMAC512 = 1, ], + CSR_MODE OFFSET(4) NUMBITS(1) [], RSVD OFFSET(4) NUMBITS(28) [], ], @@ -379,6 +380,8 @@ impl HmacSha { self.zeroize(); } + // [TODO][CAP2] if CSR Mode is set, use a pre-defined key. + Ok(()) } @@ -598,7 +601,8 @@ impl HmacSha { KeyReadStatus::ERROR::KV_WRITE_FAIL.value } Ok(data) => { - self.format_block(&data); + let key_size = self.key_len() * 4; + self.format_block(&data[..key_size.min(data.len())]); self.block_from_kv = true; KeyReadStatus::ERROR::KV_SUCCESS.value } diff --git a/sw-emulator/lib/periph/src/key_vault.rs b/sw-emulator/lib/periph/src/key_vault.rs index 57532129ff..2ac77073fe 100644 --- a/sw-emulator/lib/periph/src/key_vault.rs +++ b/sw-emulator/lib/periph/src/key_vault.rs @@ -146,7 +146,7 @@ pub struct KeyVault { impl KeyVault { pub const PCR_SIZE: usize = 48; - pub const KEY_COUNT: u32 = 32; + pub const KEY_COUNT: u32 = 24; pub const KEY_SIZE: usize = 64; pub const KEY_CONTROL_REG_OFFSET: u32 = 0; pub const KEY_CONTROL_REG_WIDTH: u32 = 0x4; @@ -246,8 +246,8 @@ bitfield! { /// Flag indicating if the key can be used as HMAC data pub hmac_data, set_hmac_data: 1; - /// Flag indicating if the key can be used as SHA data - pub sha_data, set_sha_data: 2; + /// Flag indicating if the key can be used as MLDSA seed + pub mldsa_seed, set_mldsa_seed: 2; /// Flag indicating if the key can be used aas ECC Private Key pub ecc_private_key, set_ecc_private_key: 3; diff --git a/sw-emulator/lib/periph/src/mailbox.rs b/sw-emulator/lib/periph/src/mailbox.rs index a3790229f5..59383d8a2d 100644 --- a/sw-emulator/lib/periph/src/mailbox.rs +++ b/sw-emulator/lib/periph/src/mailbox.rs @@ -238,6 +238,10 @@ pub struct MailboxRegs { #[register(offset = 0x0000_0020, write_fn = write_unlock, read_fn = read_unlock)] _unlock: ReadWriteRegister, + /// MBOX_TAP_MODE register + #[register(offset = 0x0000_0024)] + _tap_mode: ReadWriteRegister, + /// State Machine state_machine: StateMachine, @@ -274,6 +278,7 @@ impl MailboxRegs { execute: ReadWriteRegister::new(Self::EXEC_VAL), _status: ReadWriteRegister::new(Self::STATUS_VAL), _unlock: ReadWriteRegister::new(Self::UNLOCK_VAL), + _tap_mode: ReadWriteRegister::new(0), state_machine: StateMachine::new(Context::new(ram)), requester: MailboxRequester::Caliptra, irq: false, @@ -654,7 +659,7 @@ mod tests { // Confirm it is locked assert!(uc_regs.lock().read().lock()); - assert_eq!(uc_regs.id().read(), 0); + assert_eq!(uc_regs.user().read(), 0); // Write command uc_regs.cmd().write(|_| 0x55); @@ -735,7 +740,7 @@ mod tests { // Confirm it is locked assert!(soc_regs.lock().read().lock()); - assert_eq!(soc_regs.id().read(), MailboxRequester::Soc as u32); + assert_eq!(soc_regs.user().read(), MailboxRequester::Soc as u32); // Write command soc_regs.cmd().write(|_| 0x55); @@ -876,7 +881,7 @@ mod tests { // Confirm it is locked assert!(uc_regs.lock().read().lock()); - let user = uc_regs.id().read(); + let user = uc_regs.user().read(); assert_eq!(user, MailboxRequester::Caliptra as u32); // Write command diff --git a/sw-emulator/lib/periph/src/ml_dsa87.rs b/sw-emulator/lib/periph/src/ml_dsa87.rs index 41133a0af2..74f09843a1 100644 --- a/sw-emulator/lib/periph/src/ml_dsa87.rs +++ b/sw-emulator/lib/periph/src/ml_dsa87.rs @@ -383,9 +383,8 @@ impl Mldsa87 { fn seed_read_complete(&mut self) { let key_id = self.kv_rd_seed_ctrl.reg.read(KvRdSeedCtrl::READ_ENTRY); - // TODO will keyvault feature a special ID for ML-DSA usage? let mut key_usage = KeyUsage::default(); - key_usage.set_ecc_key_gen_seed(true); + key_usage.set_mldsa_seed(true); let result = self.key_vault.read_key(key_id, key_usage); let (seed_read_result, seed) = match result.err() { @@ -767,7 +766,7 @@ mod tests { let mut key_vault = KeyVault::new(); let mut key_usage = KeyUsage::default(); - key_usage.set_ecc_key_gen_seed(true); + key_usage.set_mldsa_seed(true); key_vault .write_key(key_id, &seed, u32::from(key_usage)) diff --git a/sw-emulator/lib/periph/src/soc_reg.rs b/sw-emulator/lib/periph/src/soc_reg.rs index 0b54cb1666..7b0bfed20c 100644 --- a/sw-emulator/lib/periph/src/soc_reg.rs +++ b/sw-emulator/lib/periph/src/soc_reg.rs @@ -74,7 +74,7 @@ mod constants { pub const CPTRA_GENERIC_INPUT_WIRES_SIZE: usize = 8; pub const CPTRA_GENERIC_OUTPUT_WIRES_START: u32 = 0xcc; pub const CPTRA_GENERIC_OUTPUT_WIRES_SIZE: usize = 8; - pub const FUSE_UDS_SEED_SIZE: usize = 48; + pub const FUSE_UDS_SEED_SIZE: usize = 64; pub const FUSE_FIELD_ENTROPY_SIZE: usize = 32; pub const CPTRA_WDT_TIMER1_EN_START: u32 = 0xe4; pub const CPTRA_WDT_TIMER1_CTRL_START: u32 = 0xe8; @@ -84,12 +84,13 @@ mod constants { pub const CPTRA_WDT_TIMER2_TIMEOUT_PERIOD_START: u32 = 0xfc; pub const CPTRA_WDT_STATUS_START: u32 = 0x104; pub const CPTRA_FUSE_VALID_PAUSER_START: u32 = 0x108; + pub const CPTRA_OWNER_PK_HASH_START: u32 = 0x140; + pub const CPTRA_OWNER_PK_HASH_SIZE: usize = 48; pub const CPTRA_FUSE_PAUSER_LOCK_START: u32 = 0x10c; - pub const FUSE_VENDOR_PK_HASH_START: u32 = 0x250; - pub const FUSE_VENDOR_PK_HASH_SIZE: usize = 48; - pub const FUSE_VENDOR_PK_MASK_START: u32 = 0x280; - pub const FUSE_OWNER_PK_HASH_START: u32 = 0x284; - pub const FUSE_OWNER_PK_HASH_SIZE: usize = 48; + pub const FUSE_KEY_MANIFEST_PK_HASH_START: u32 = 0x260; + pub const FUSE_KEY_MANIFEST_PK_HASH_SIZE: usize = 48; + pub const FUSE_KEY_MANIFEST_PK_HASH_MASK_START: u32 = 0x290; + pub const FUSE_KEY_MANIFEST_PK_HASH_MASK_SIZE: usize = 32; pub const FUSE_FMC_SVN_START: u32 = 0x2b4; pub const FUSE_RUNTIME_SVN_START: u32 = 0x2b8; pub const FUSE_RUNTIME_SVN_SIZE: usize = 16; @@ -98,7 +99,8 @@ mod constants { pub const FUSE_IDEVID_CERT_ATTR_SIZE: usize = 96; pub const FUSE_IDEVID_MANUF_HSM_ID_START: u32 = 0x32c; pub const FUSE_IDEVID_MANUF_HSM_ID_SIZE: usize = 16; - pub const FUSE_LIFE_CYCLE_START: u32 = 0x33c; + pub const FUSE_MANUF_DBG_UNLOCK_TOKEN_START: u32 = 0x34c; + pub const FUSE_MANUF_DBG_UNLOCK_TOKEN_SIZE: usize = 16; pub const INTERNAL_OBF_KEY_SIZE: usize = 32; pub const INTERNAL_ICCM_LOCK_START: u32 = 0x620; pub const INTERNAL_FW_UPDATE_RESET_START: u32 = 0x624; @@ -197,10 +199,9 @@ register_bitfields! [ RSVD OFFSET(2) NUMBITS(30) [], ], - /// LMS Verify - LmsVerify [ - LMS_VERIFY OFFSET(0) NUMBITS(1) [], - RSVD OFFSET(1) NUMBITS(31) [], + /// Cap Lock + CapLock [ + LOCK OFFSET(0) NUMBITS(1) [], ], /// SoC Stepping ID @@ -523,16 +524,16 @@ struct SocRegistersImpl { // TODO: Functionality for mbox pauser regs needs to be implemented #[register_array(offset = 0x0048)] - cptra_mbox_valid_pauser: [u32; CPTRA_MBOX_VALID_PAUSER_SIZE / 4], + cptra_mbox_valid_axi_user: [u32; CPTRA_MBOX_VALID_PAUSER_SIZE / 4], #[register_array(offset = 0x005c)] - cptra_mbox_pauser_lock: [u32; CPTRA_MBOX_PAUSER_LOCK_SIZE / 4], + cptra_mbox_axi_user_lock: [u32; CPTRA_MBOX_PAUSER_LOCK_SIZE / 4], #[register(offset = 0x0070)] - cptra_trng_valid_pauser: ReadWriteRegister, + cptra_trng_valid_axi_user: ReadWriteRegister, #[register(offset = 0x0074)] - cptra_trng_pauser_lock: ReadWriteRegister, + cptra_trng_axi_user_lock: ReadWriteRegister, #[register_array(offset = 0x0078)] cptra_trng_data: [u32; CPTRA_TRNG_DATA_SIZE / 4], @@ -596,10 +597,13 @@ struct SocRegistersImpl { // TODO: Functionality for fuse pauser regs needs to be implemented #[register(offset = 0x0108)] - cptra_fuse_valid_pauser: ReadWriteRegister, + cptra_fuse_valid_axi_user: ReadWriteRegister, #[register(offset = 0x010c)] - cptra_fuse_pauser_lock: ReadWriteRegister, + cptra_fuse_axi_user_lock: ReadWriteRegister, + + #[register_array(offset = 0x110)] + cptra_wdt_cfg: [u32; 2], #[register(offset = 0x0118)] cptra_i_trng_entropy_config_0: u32, @@ -610,23 +614,33 @@ struct SocRegistersImpl { #[register_array(offset = 0x0120)] cptra_rsvd_reg: [u32; 2], + #[register(offset = 0x128)] + cptra_hw_capabilities: u32, + + #[register(offset = 0x12c)] + cptra_fw_capabilities: u32, + + #[register(offset = 0x130)] + cptra_cap_lock: ReadWriteRegister, + + // TODO implement lock + #[register_array(offset = 0x140)] + cptra_owner_pk_hash: [u32; CPTRA_OWNER_PK_HASH_SIZE / 4], + + #[register(offset = 0x170)] + cptra_owner_pk_hash_lock: u32, + #[register_array(offset = 0x0200)] fuse_uds_seed: [u32; FUSE_UDS_SEED_SIZE / 4], - #[register_array(offset = 0x110)] - cptra_wdt_cfg: [u32; 2], - - #[register_array(offset = 0x0230)] + #[register_array(offset = 0x0240)] fuse_field_entropy: [u32; FUSE_FIELD_ENTROPY_SIZE / 4], - #[register_array(offset = 0x0250)] - fuse_vendor_pk_hash: [u32; FUSE_VENDOR_PK_HASH_SIZE / 4], - - #[register(offset = 0x0280)] - fuse_vendor_pk_hash_mask: ReadWriteRegister, + #[register_array(offset = 0x0260)] + fuse_key_manifest_pk_hash: [u32; FUSE_KEY_MANIFEST_PK_HASH_SIZE / 4], - #[register_array(offset = 0x0284)] - fuse_owner_pk_hash: [u32; FUSE_OWNER_PK_HASH_SIZE / 4], + #[register_array(offset = 0x0290)] + fuse_key_manifest_pk_hash_mask: [u32; FUSE_KEY_MANIFEST_PK_HASH_MASK_SIZE / 4], #[register(offset = 0x02b4)] fuse_fmc_svn: u32, @@ -643,18 +657,18 @@ struct SocRegistersImpl { #[register_array(offset = 0x032c)] fuse_idevid_manuf_hsm_id: [u32; FUSE_IDEVID_MANUF_HSM_ID_SIZE / 4], - #[register(offset = 0x033c)] - fuse_life_cycle: u32, - #[register(offset = 0x340)] - fuse_lms_verify: ReadWriteRegister, + fuse_lms_revocation: u32, #[register(offset = 0x344)] - fuse_lms_revocation: u32, + fuse_mldsa_revocation: u32, #[register(offset = 0x348)] fuse_soc_stepping_id: ReadWriteRegister, + #[register_array(offset = 0x34c)] + fuse_manuf_dbg_unlock_token: [u32; FUSE_MANUF_DBG_UNLOCK_TOKEN_SIZE / 4], + /// INTERNAL_OBF_KEY Register internal_obf_key: [u32; 8], @@ -767,7 +781,8 @@ impl SocRegistersImpl { 0xF5, 0x8C, 0x4C, 0x4, 0xD6, 0xE5, 0xF1, 0xBA, 0x77, 0x9E, 0xAB, 0xFB, 0x5F, 0x7B, 0xFB, 0xD6, 0x9C, 0xFC, 0x4E, 0x96, 0x7E, 0xDB, 0x80, 0x8D, 0x67, 0x9F, 0x77, 0x7B, 0xC6, 0x70, 0x2C, 0x7D, 0x39, 0xF2, 0x33, 0x69, 0xA9, 0xD9, 0xBA, 0xCF, 0xA5, 0x30, 0xE2, 0x63, 0x4, - 0x23, 0x14, 0x61, + 0x23, 0x14, 0x61, 0x3B, 0x4, 0x38, 0x96, 0xCF, 0xE1, 0x95, 0x74, 0xFC, 0xA0, 0xA, 0xCC, + 0x2A, 0x5C, 0x31, 0xCD, ]; /// The number of CPU clock cycles it takes to read the firmware from the mailbox. @@ -798,10 +813,10 @@ impl SocRegistersImpl { cptra_flow_status: ReadWriteRegister::new(flow_status.get()), cptra_reset_reason: ReadOnlyRegister::new(0), cptra_security_state: ReadOnlyRegister::new(args.security_state.into()), - cptra_mbox_valid_pauser: Default::default(), - cptra_mbox_pauser_lock: Default::default(), - cptra_trng_valid_pauser: ReadWriteRegister::new(0), - cptra_trng_pauser_lock: ReadWriteRegister::new(0), + cptra_mbox_valid_axi_user: Default::default(), + cptra_mbox_axi_user_lock: Default::default(), + cptra_trng_valid_axi_user: ReadWriteRegister::new(0), + cptra_trng_axi_user_lock: ReadWriteRegister::new(0), cptra_trng_data: Default::default(), cptra_trng_ctrl: 0, cptra_trng_status: 0, @@ -815,20 +830,37 @@ impl SocRegistersImpl { cptra_hw_rev_id: ReadOnlyRegister::new(0x11), // TODO 2.0 cptra_fw_rev_id: Default::default(), cptra_hw_config: 0, + cptra_wdt_timer1_en: ReadWriteRegister::new(0), + cptra_wdt_timer1_ctrl: ReadWriteRegister::new(0), + cptra_wdt_timer1_timeout_period: [0xffff_ffff; 2], + cptra_wdt_timer2_en: ReadWriteRegister::new(0), + cptra_wdt_timer2_ctrl: ReadWriteRegister::new(0), + cptra_wdt_timer2_timeout_period: [0xffff_ffff; 2], + cptra_wdt_status: ReadOnlyRegister::new(0), + cptra_fuse_valid_axi_user: ReadWriteRegister::new(0xffff_ffff), + cptra_fuse_axi_user_lock: ReadWriteRegister::new(0), + cptra_wdt_cfg: [0x0; 2], + cptra_i_trng_entropy_config_0: 0, + cptra_i_trng_entropy_config_1: 0, + cptra_rsvd_reg: Default::default(), + cptra_hw_capabilities: 0, + cptra_fw_capabilities: 0, + cptra_cap_lock: ReadWriteRegister::new(0), + cptra_owner_pk_hash: Default::default(), + cptra_owner_pk_hash_lock: 0, fuse_uds_seed: words_from_bytes_be(&Self::UDS), fuse_field_entropy: [0xffff_ffff; 8], - fuse_vendor_pk_hash: Default::default(), - fuse_vendor_pk_hash_mask: ReadWriteRegister::new(0), - fuse_owner_pk_hash: Default::default(), + fuse_key_manifest_pk_hash: [0; 12], + fuse_key_manifest_pk_hash_mask: [0; 8], fuse_fmc_svn: Default::default(), fuse_runtime_svn: Default::default(), fuse_anti_rollback_disable: Default::default(), fuse_idevid_cert_attr: Default::default(), fuse_idevid_manuf_hsm_id: Default::default(), - fuse_life_cycle: Default::default(), - fuse_lms_verify: ReadWriteRegister::new(0), fuse_lms_revocation: Default::default(), + fuse_mldsa_revocation: Default::default(), fuse_soc_stepping_id: ReadWriteRegister::new(0), + fuse_manuf_dbg_unlock_token: [0; 4], internal_obf_key: args.cptra_obf_key, internal_iccm_lock: ReadWriteRegister::new(0), internal_fw_update_reset: ReadWriteRegister::new(0), @@ -856,35 +888,21 @@ impl SocRegistersImpl { tb_services_cb: args.tb_services_cb.take(), ready_for_fw_cb: args.ready_for_fw_cb.take(), upload_update_fw: args.upload_update_fw.take(), - fuses_can_be_written: true, bootfsm_go_cb: args.bootfsm_go_cb.take(), + fuses_can_be_written: true, download_idevid_csr_cb: args.download_idevid_csr_cb.take(), - cptra_wdt_timer1_en: ReadWriteRegister::new(0), - cptra_wdt_timer1_ctrl: ReadWriteRegister::new(0), - cptra_wdt_timer1_timeout_period: [0xffff_ffff; 2], - cptra_wdt_timer2_en: ReadWriteRegister::new(0), - cptra_wdt_timer2_ctrl: ReadWriteRegister::new(0), - cptra_wdt_timer2_timeout_period: [0xffff_ffff; 2], - cptra_wdt_status: ReadOnlyRegister::new(0), - cptra_i_trng_entropy_config_0: 0, - cptra_i_trng_entropy_config_1: 0, - cptra_rsvd_reg: Default::default(), op_wdt_timer1_expired_action: None, op_wdt_timer2_expired_action: None, etrng_responses: args.etrng_responses, pending_etrng_response: None, op_pending_etrng_response_action: None, - cptra_wdt_cfg: [0x0; 2], - cptra_fuse_valid_pauser: ReadWriteRegister::new(0xffff_ffff), - cptra_fuse_pauser_lock: ReadWriteRegister::new(0), }; - regs } /// Clear secrets fn clear_secrets(&mut self) { - self.fuse_uds_seed = [0u32; 12]; + self.fuse_uds_seed = [0u32; 16]; self.fuse_field_entropy = [0u32; 8]; self.internal_obf_key = [0u32; 8]; } @@ -1552,7 +1570,7 @@ mod tests { }, ); soc.external_regs().regs.borrow_mut().fuse_field_entropy = [0x33333333; 8]; - assert_eq!(soc.uds(), [0xff_u8; 48]); + assert_eq!(soc.uds(), [0xff_u8; 64]); assert_eq!(soc.field_entropy(), [0xff_u8; 32]); assert_eq!(soc.doe_key(), [0xff_u8; 32]); } diff --git a/test/src/derive.rs b/test/src/derive.rs index 8f85415351..2722133d5a 100644 --- a/test/src/derive.rs +++ b/test/src/derive.rs @@ -35,7 +35,7 @@ pub struct DoeInput { pub doe_iv: [u32; 4], // The UDS seed, as stored in the fuses - pub uds_seed: [u32; 12], + pub uds_seed: [u32; 16], // The field entropy, as stored in the fuses pub field_entropy_seed: [u32; 8], @@ -62,7 +62,7 @@ impl Default for DoeInput { #[derive(Clone, Copy, Debug, Eq, PartialEq)] pub struct DoeOutput { // The decrypted UDS as stored in the key vault - pub uds: [u32; 12], + pub uds: [u32; 16], // The decrypted field entropy as stored in the key vault (with padding) pub field_entropy: [u32; 12], @@ -85,7 +85,7 @@ impl DoeOutput { } let mut result = Self { - uds: [0_u32; 12], + uds: [0_u32; 16], // After reset, the key-vault registers are filled with a particular // word, depending on the debug-locked mode. The field entropy only @@ -129,7 +129,8 @@ fn test_doe_output() { doe_iv: [0x455ba825, 0x45e16ca6, 0xf97d1f86, 0xb3718021], uds_seed: [ 0x86c65f40, 0x04d45413, 0x5041da9a, 0x8580ec9a, 0xc7007ee6, 0xceb4a4b8, 0xce485f47, - 0xbf6976b8, 0xc906de7b, 0xb0cd2dce, 0x8d2b8eed, 0xa537255f, + 0xbf6976b8, 0xc906de7b, 0xb0cd2dce, 0x8d2b8eed, 0xa537255f, 0x2fd70f7c, 0xda37caeb, + 0xa748021, 0x34d2fd94, ], field_entropy_seed: [ 0x8531a3db, 0xc1725f07, 0x05f5a301, 0x047c1e27, 0xd0f18efa, 0x6a33e9d2, 0x3827ead4, @@ -142,7 +143,8 @@ fn test_doe_output() { DoeOutput { uds: [ 2450659586, 3204072599, 1027011035, 1213873878, 763047603, 1402117172, 2275304687, - 1797647086, 2750999, 2465724634, 992659675, 557913425 + 1797647086, 2750999, 2465724634, 992659675, 557913425, 1982584393, 56096072, + 3122931436, 3177452069 ], field_entropy: [ 437386532, 405572964, 972652519, 2702758929, 92052297, 1822317414, 295423989, @@ -197,7 +199,8 @@ fn test_idevid() { let idevid = IDevId::derive(&DoeOutput { uds: [ 0x92121902, 0xbefa4497, 0x3d36f1db, 0x485a3ed6, 0x2d7b2eb3, 0x53929c34, 0x879e64ef, - 0x6b25eaee, 0x0029fa17, 0x92f7f8da, 0x3b2ac8db, 0x21411551, + 0x6b25eaee, 0x0029fa17, 0x92f7f8da, 0x3b2ac8db, 0x21411551, 0xed0e3d62, 0x5e51aed, + 0x14199450, 0x45b540a1, ], field_entropy: [ 0xdbca1cfa, 0x149c0355, 0x7ee48ddb, 0xb022238b, 0x057c9b49, 0x6c9e5b66, 0x119bcff5, @@ -208,13 +211,13 @@ fn test_idevid() { idevid, IDevId { cdi: [ - 0x0ae8ec4b, 0x25da6d36, 0x6469502c, 0x94c7b654, 0xf78a5b9e, 0x1cef338f, 0xee5b5ecb, - 0x9b533c4e, 0xc11af69e, 0xe23d2612, 0x6b37a1fb, 0xd36e0914, 0x1f5d9fdc, 0x2927753a, - 0x4523e552, 0x5216eaf3, + 0xe047693d, 0x5038cf58, 0xbafff529, 0x4308aced, 0xd356fd37, 0x620386b3, 0xb2cfdd97, + 0x602e5b26, 0x29ff1601, 0xe3196949, 0xe04109ab, 0x9b6bcab1, 0xef5dc70d, 0xbd2d0875, + 0xf17a7559, 0x2328baa2, ], ecc_priv_key: [ - 0xaf16a87e, 0x14729bb6, 0xa9912ded, 0xe8331772, 0x288451ff, 0x4a304f24, 0xe02438c3, - 0xf3413e68, 0x4862cca1, 0xfe65126b, 0x1f3d8677, 0x36424b27, + 0x34d9279, 0x2e58660b, 0xcfa3e026, 0x90ac31dc, 0xb97a6b6c, 0xf259f7d4, 0xaa3b7a0d, + 0x565232ff, 0x38560790, 0x73ff1c04, 0x34501150, 0x48641108, ], } ); @@ -271,7 +274,8 @@ fn test_ldevid() { let ldevid = LDevId::derive(&DoeOutput { uds: [ 0x92121902, 0xbefa4497, 0x3d36f1db, 0x485a3ed6, 0x2d7b2eb3, 0x53929c34, 0x879e64ef, - 0x6b25eaee, 0x0029fa17, 0x92f7f8da, 0x3b2ac8db, 0x21411551, + 0x6b25eaee, 0x0029fa17, 0x92f7f8da, 0x3b2ac8db, 0x21411551, 0x57d115c, 0xfade7a, + 0xb8cca563, 0xe1f504a2, ], field_entropy: [ 0xdbca1cfa, 0x149c0355, 0x7ee48ddb, 0xb022238b, 0x057c9b49, 0x6c9e5b66, 0x119bcff5, @@ -282,13 +286,13 @@ fn test_ldevid() { ldevid, LDevId { cdi: [ - 0x179d3c40, 0xddca767f, 0x47cd8c43, 0x4dfe5832, 0x9e8f8119, 0xec29ffeb, 0x21fb3af5, - 0xd50a5ab4, 0x2d7b7d1d, 0x61e96220, 0xbc161735, 0xc66dce6f, 0x6dd8e4ec, 0xa28b66d7, - 0x28788a5f, 0x6f845a7c, + 0x5c705f09, 0x63f7edfb, 0x9cf0cb89, 0x7306da3f, 0xff1acde2, 0xf1f0b333, 0xafb85fa3, + 0x8783a424, 0x6c6aa9db, 0x43ce3297, 0x2568332, 0x53670f99, 0x9e4fff07, 0xdc1911f7, + 0xd7af58ed, 0xab20aff0, ], ecc_priv_key: [ - 0xec4cfba4, 0x28d8344c, 0xbb443f0d, 0xcca57231, 0x1b28d1df, 0x202aaff3, 0xc2f37cd3, - 0x7e1de81d, 0xfc624db2, 0x835f1a4, 0x37b02dbc, 0xd39e5a09, + 0x15e65daa, 0x3e7dedbb, 0x60eb7ea6, 0xd7e9e441, 0xf2adaa7a, 0x35ca904c, 0x9076d1a1, + 0x69972589, 0x274a2869, 0x48eb0fb4, 0xee749db1, 0x15cbe26e, ], } ); diff --git a/test/src/lib.rs b/test/src/lib.rs index ebcd55fa3b..44dba1f839 100644 --- a/test/src/lib.rs +++ b/test/src/lib.rs @@ -92,7 +92,12 @@ pub fn run_test( let mut model = caliptra_hw_model::new(init_params, boot_params).unwrap(); - model.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + model.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); model } diff --git a/test/tests/caliptra_integration_tests/jtag_test.rs b/test/tests/caliptra_integration_tests/jtag_test.rs index b64bdeb0d8..5b40aa04d4 100644 --- a/test/tests/caliptra_integration_tests/jtag_test.rs +++ b/test/tests/caliptra_integration_tests/jtag_test.rs @@ -94,7 +94,6 @@ fn gdb_test() { key_manifest_pk_hash: vendor_pk_desc_hash, owner_pk_hash, fmc_key_manifest_svn: 0b1111111, - lms_verify: true, ..Default::default() }; let mut hw = caliptra_hw_model::new( diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs index 252c3192b0..770a9051fb 100644 --- a/test/tests/caliptra_integration_tests/smoke_test.rs +++ b/test/tests/caliptra_integration_tests/smoke_test.rs @@ -106,9 +106,9 @@ fn test_golden_idevid_pubkey_matches_generated() { assert_eq!( generated_idevid.cdi, [ - 3736836117, 951734631, 1062246775, 1343680552, 3737486010, 473346827, 2246415195, - 914173071, 357859522, 506223632, 1064260590, 4040292325, 1807964448, 3683558581, - 3839832324, 1615123947, + 1595302429, 2693222204, 2700750034, 2341068947, 1086336218, 1015077934, 3439704633, + 2756110496, 670106478, 1965056064, 3175014961, 1018544412, 1086626027, 1869434586, + 2638089882, 3209973098 ] ); assert!(generated_idevid @@ -125,9 +125,9 @@ fn test_golden_ldevid_pubkey_matches_generated() { assert_eq!( generated_ldevid.cdi, [ - 0x34caaef4, 0x5b1cf2cc, 0x80034cc7, 0xda97ab04, 0xfcf1df75, 0x48896447, 0x81e51dd4, - 0x80638cbe, 0xe349cfad, 0x4d70b120, 0xcbf5cc76, 0x8c00bb5c, 0x10179e15, 0xfdd9244b, - 0x6226db25, 0xd4f08f3d, + 2646856615, 2999180291, 4071428836, 3246385254, 3302857457, 919578714, 2458268004, + 291060689, 3979116117, 4017638804, 3557014009, 2639554114, 2914235687, 3521247795, + 1993163061, 3092908117 ] ); assert!(generated_ldevid @@ -163,7 +163,6 @@ fn smoke_test() { owner_pk_hash: owner_pk_hash_words, fmc_key_manifest_svn: 0b1111111, runtime_svn: [0x7F, 0, 0, 0], // Equals 7 - lms_verify: true, ..Default::default() }; let mut hw = caliptra_hw_model::new( diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der index 2cbe7ddd85..80846c5715 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der and b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt index 901b1b28c7..fb78315d10 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt @@ -4,7 +4,7 @@ Certificate: Serial Number: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 LDevID/serialNumber=DFC3F8F71FC244C9A62F5151EB0C6BE427742BCEC40C43151A9B85895955666A + Issuer: CN=Caliptra 1.0 LDevID/serialNumber=DE96A450F23A8E4A5333005E60BFCF4D3DA8FA1603FAFB605D2B22C44F4C2292 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT @@ -34,7 +34,7 @@ Certificate: X509v3 Subject Key Identifier: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 X509v3 Authority Key Identifier: - DF:C3:F8:F7:1F:C2:44:C9:A6:2F:51:51:EB:0C:6B:E4:27:74:2B:CE + DE:96:A4:50:F2:3A:8E:4A:53:33:00:5E:60:BF:CF:4D:3D:A8:FA:16 Signature Algorithm: ecdsa-with-SHA384 Signature Value: 30:64:02:30:44:44:44:44:44:44:44:44:44:44:44:44:44:44: diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der index 604f12d2e7..3df680220e 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der and b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt index 61b0b36de3..03be72f9ac 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt @@ -1,18 +1,18 @@ Certificate Request: Data: Version: 1 (0x0) - Subject: CN=Caliptra 1.0 IDevID/serialNumber=A4E4087E3C1F08D4C647D22F12B49CC479B21D0923D0E5D81172B9AA103DDCCA + Subject: CN=Caliptra 1.0 IDevID/serialNumber=7FFEDEF6DCD6697BD0F381AA37B58112F24BDDB5550D2C791B5798AD202A0351 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: - 04:06:3d:ee:99:b8:27:78:0d:a6:07:13:6e:ec:51: - 19:bd:a9:6b:bd:36:66:fb:68:c4:88:d4:36:e2:71: - 30:a7:d3:c2:84:f5:31:69:87:41:54:ac:d9:8e:90: - d4:f8:72:f3:2b:8f:23:12:14:db:4c:87:ec:6c:a0: - a5:13:0f:d5:c7:65:f0:ac:b6:f1:1c:94:d4:43:8d: - bc:08:30:d0:74:0b:d5:e9:ee:9f:d1:d4:d1:2b:b5: - 68:8a:a9:fe:93:71:0b + 04:31:8c:e7:cc:f1:0d:d3:2f:48:1c:3d:76:fc:64: + ba:21:5b:54:d5:c8:60:ad:c7:46:2f:22:32:1c:af: + 26:47:43:9c:59:cc:ac:18:b2:ec:40:62:2f:18:84: + ed:14:23:cb:8a:04:05:6b:1e:8c:71:5d:8c:98:63: + f2:f6:fb:71:da:de:33:46:3a:62:d2:1b:af:ae:2e: + 6d:d8:3e:3c:93:51:dc:fa:0a:0f:de:36:4f:ba:5d: + 14:b9:ce:6d:da:16:9c ASN1 OID: secp384r1 NIST CURVE: P-384 Attributes: @@ -25,9 +25,9 @@ Certificate Request: 0.................... Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:64:02:30:22:94:41:95:98:87:89:b3:fb:75:67:72:e7:e3: - f2:b0:3f:12:5d:4d:92:e5:8b:d8:c2:a0:44:4a:0c:bc:94:77: - c2:3d:62:0d:cc:a8:0e:6f:b5:b1:8c:00:35:05:da:96:02:30: - 54:7f:43:5c:9b:41:f0:3b:dd:7d:40:b2:19:a5:c8:16:85:b7: - c8:85:1d:9e:26:1b:ba:6f:d5:6b:48:20:8d:ea:b1:41:d7:f8: - d4:a5:d7:56:67:51:85:48:90:0a:b1:ca + 30:66:02:31:00:a4:30:2b:92:9d:b5:d3:6e:ac:90:73:8f:df: + 2e:da:ed:65:ae:40:07:a7:65:fa:20:fb:ff:26:f8:74:ad:38: + 86:2d:5a:e3:73:e6:d8:e5:86:3b:31:71:5f:f8:db:82:ab:02: + 31:00:ae:da:6c:36:13:2f:9d:17:de:c2:e2:a4:8f:82:fd:5a: + 38:e9:f0:4f:a5:9f:95:39:28:0c:ac:ee:92:b8:2c:f7:1d:96: + 77:15:10:4e:12:5b:6d:3b:5d:ef:5d:da:f7:c2 diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der index 4114083c4e..c9b81aa89e 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der and b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt index 4c22e355cf..f3071fd64c 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt @@ -2,24 +2,24 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 5f:c3:f8:f7:1f:c2:44:c9:a6:2f:51:51:eb:0c:6b:e4:27:74:2b:ce + 5e:96:a4:50:f2:3a:8e:4a:53:33:00:5e:60:bf:cf:4d:3d:a8:fa:16 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 IDevID/serialNumber=A4E4087E3C1F08D4C647D22F12B49CC479B21D0923D0E5D81172B9AA103DDCCA + Issuer: CN=Caliptra 1.0 IDevID/serialNumber=7FFEDEF6DCD6697BD0F381AA37B58112F24BDDB5550D2C791B5798AD202A0351 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 LDevID/serialNumber=DFC3F8F71FC244C9A62F5151EB0C6BE427742BCEC40C43151A9B85895955666A + Subject: CN=Caliptra 1.0 LDevID/serialNumber=DE96A450F23A8E4A5333005E60BFCF4D3DA8FA1603FAFB605D2B22C44F4C2292 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: - 04:09:c7:e7:63:d1:07:f9:38:73:0e:e9:7b:0e:f0: - 13:f3:af:a1:96:9e:ab:15:d8:67:06:4b:ea:87:fc: - 3c:3c:d7:c4:73:a3:a3:1f:6d:50:df:51:ad:25:77: - 27:db:d9:2f:9a:02:8f:2f:da:ac:02:1e:b7:86:f3: - 15:fb:41:da:60:f7:a4:bc:39:3d:84:ce:d8:f4:4f: - c0:a4:09:37:c2:8c:f5:b9:be:a7:7a:b0:dc:c4:41: - 68:c1:70:e7:8d:57:01 + 04:e0:1c:57:6c:ae:bb:0f:d1:ae:e1:08:d1:83:6f: + 5b:9a:a0:48:73:71:b0:71:50:cd:b6:ba:12:37:70: + 4f:ff:c0:25:3d:e4:50:40:95:47:10:00:a7:75:61: + 06:42:7e:70:8c:ae:3f:75:02:85:22:4a:4e:a6:b6: + 43:73:82:42:05:c6:42:4f:ed:c3:c8:d3:44:a6:56: + 94:01:04:43:e3:51:6b:91:9e:e3:b8:58:71:50:96: + b2:62:ff:0f:81:c6:65 ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: @@ -30,14 +30,14 @@ Certificate: 2.23.133.5.4.4: 0.................... X509v3 Subject Key Identifier: - DF:C3:F8:F7:1F:C2:44:C9:A6:2F:51:51:EB:0C:6B:E4:27:74:2B:CE + DE:96:A4:50:F2:3A:8E:4A:53:33:00:5E:60:BF:CF:4D:3D:A8:FA:16 X509v3 Authority Key Identifier: - CC:4B:9C:46:76:F2:04:18:83:AC:E2:B3:4F:EC:59:6A:E9:56:56:6D + 34:81:C7:4A:AB:11:71:5C:08:03:D8:78:92:AB:8A:2B:7E:B2:2A:90 Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:64:02:30:6d:84:70:5d:2a:8b:86:fc:4e:d2:9c:c2:11:e3: - 8d:bb:eb:c2:43:f1:89:94:35:a7:02:31:6b:a9:36:39:fa:8b: - 8f:b4:7e:b3:63:5e:ee:38:3b:5e:4b:e3:ae:1b:22:04:02:30: - 34:d6:02:dc:d8:88:e4:63:af:0e:60:2a:7d:ea:5b:fc:94:d2: - 02:5b:03:ee:67:8e:ce:e0:aa:a7:14:a0:e8:80:42:28:5a:9f: - b8:dc:2a:cc:d8:76:23:bc:63:99:8e:16 + 30:65:02:30:3b:2b:4e:7e:2d:38:57:1d:90:63:df:ae:62:8d: + 02:18:d6:d1:7f:17:56:a1:39:83:83:21:99:22:da:4e:b1:5a: + 82:41:26:a1:1c:f4:cf:bc:11:5b:f6:c0:88:3f:e7:49:02:31: + 00:97:52:49:d6:b9:70:d1:72:1e:75:df:71:90:55:d1:19:31: + d3:9a:81:01:2d:8d:8d:20:33:2b:87:0c:7e:53:8c:d5:55:24: + 16:e4:eb:24:de:37:4d:68:94:e1:a8:96:e0 diff --git a/test/tests/caliptra_integration_tests/test_code_coverage.rs b/test/tests/caliptra_integration_tests/test_code_coverage.rs index da1a551b95..a428590446 100644 --- a/test/tests/caliptra_integration_tests/test_code_coverage.rs +++ b/test/tests/caliptra_integration_tests/test_code_coverage.rs @@ -29,7 +29,12 @@ fn test_emu_coverage() { ) .unwrap(); // Upload FW - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); let CoverageBitmaps { rom, iccm: _iccm } = hw.code_coverage_bitmap(); calculator::coverage_from_bitmap(0, rom, &instr_pcs) }; diff --git a/test/tests/fips_test_suite/common.rs b/test/tests/fips_test_suite/common.rs index e96fa409a5..392da7acf9 100755 --- a/test/tests/fips_test_suite/common.rs +++ b/test/tests/fips_test_suite/common.rs @@ -210,7 +210,12 @@ pub fn fips_test_init_to_rom( let mut model = fips_test_init_base(init_params, boot_params); // Step to ready for FW in ROM - model.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + model.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); model } diff --git a/test/tests/fips_test_suite/fw_load.rs b/test/tests/fips_test_suite/fw_load.rs index 2efafb0061..6de7a4b63c 100755 --- a/test/tests/fips_test_suite/fw_load.rs +++ b/test/tests/fips_test_suite/fw_load.rs @@ -227,7 +227,12 @@ fn fw_load_error_flow_base( }) .unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); // Verify we can load FW (use clean FW) hw.upload_firmware(&clean_fw_image.to_bytes().unwrap()) @@ -946,7 +951,6 @@ fn fw_load_error_vendor_lms_pub_key_index_mismatch() { // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -960,9 +964,7 @@ fn fw_load_error_vendor_lms_pub_key_index_mismatch() { #[test] #[cfg(not(feature = "test_env_immutable_rom"))] fn fw_load_error_vendor_lms_verify_failure() { - // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -981,9 +983,7 @@ fn fw_load_error_vendor_lms_pub_key_index_out_of_bounds() { // Set LMS pub key index to MAX + 1 fw_image.manifest.preamble.vendor_pqc_pub_key_idx = VENDOR_LMS_MAX_KEY_COUNT; - // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -1013,9 +1013,7 @@ fn fw_load_error_vendor_lms_signature_invalid() { // Modify the vendor public key. lms_pub_key.digest = [Default::default(); 6]; - // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -1044,9 +1042,7 @@ fn fw_load_error_fmc_runtime_load_addr_overlap() { #[test] #[cfg(not(feature = "test_env_immutable_rom"))] fn fw_load_error_owner_lms_verify_failure() { - // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -1080,7 +1076,6 @@ fn fw_load_error_owner_lms_signature_invalid() { // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -1104,7 +1099,6 @@ fn fw_load_error_vendor_lms_pub_key_revoked() { // Set fuses let fuses = caliptra_hw_model::Fuses { - lms_verify: true, fuse_lms_revocation: 1u32 << image_options.vendor_config.pqc_key_idx, ..Default::default() }; @@ -1162,9 +1156,7 @@ fn fw_load_error_update_reset_vendor_pqc_pub_key_idx_mismatch() { // Generate image let update_image = build_fw_image(image_options_update_reset); - // Turn LMS verify on let fuses = caliptra_hw_model::Fuses { - lms_verify: true, ..Default::default() }; @@ -1235,7 +1227,6 @@ fn fw_load_bad_pub_key_flow(fw_image: ImageBundle, exp_error_code: u32) { life_cycle: DeviceLifecycle::Production, key_manifest_pk_hash: vendor_pk_desc_hash, owner_pk_hash, - lms_verify: true, ..Default::default() }; diff --git a/test/tests/fips_test_suite/self_tests.rs b/test/tests/fips_test_suite/self_tests.rs index 1168527ec2..be9fba237f 100755 --- a/test/tests/fips_test_suite/self_tests.rs +++ b/test/tests/fips_test_suite/self_tests.rs @@ -130,7 +130,12 @@ fn self_test_failure_flow_rom(hook_code: u8, exp_error_code: u32) { })) } hw.boot(BootParams::default()).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); // Verify crypto operations can be performed // Verify the SHA engine is usable @@ -226,7 +231,12 @@ fn self_test_failure_flow_rt(hook_code: u8, exp_error_code: u32) { hw = fips_test_init_model(None) } hw.boot(BootParams::default()).unwrap(); - hw.step_until(|m| m.soc_ifc().cptra_flow_status().read().ready_for_fw()); + hw.step_until(|m| { + m.soc_ifc() + .cptra_flow_status() + .read() + .ready_for_mb_processing() + }); // Verify crypto operations can be performed // Verify the SHA engine is usable