Deprecate FMC SVN from build tooling and firmware.

- The reported FMC SVN is now called the cold-boot firmware SVN.
- Build tooling can no longer set distinct FMC and RT FW SVNs.

api/src/mailbox.rs

@@ -776,9 +776,9 @@ impl Response for FipsVersionResp {}
 pub struct FwInfoResp {
     pub hdr: MailboxRespHeader,
     pub pl0_pauser: u32,
-    pub runtime_svn: u32,
-    pub min_runtime_svn: u32,
-    pub fmc_manifest_svn: u32,
+    pub fw_svn: u32,
+    pub min_fw_svn: u32,
+    pub cold_boot_fw_svn: u32,
     pub attestation_disabled: u32,
     pub rom_revision: [u8; 20],
     pub fmc_revision: [u8; 20],

api/types/src/lib.rs

@@ -159,8 +159,7 @@ pub struct Fuses {
     pub key_manifest_pk_hash: [u32; 12],
     pub key_manifest_pk_hash_mask: U4,
     pub owner_pk_hash: [u32; 12],
-    pub fmc_key_manifest_svn: u32,
-    pub runtime_svn: [u32; 4],
+    pub fw_svn: [u32; 4],
     pub anti_rollback_disable: bool,
     pub idevid_cert_attr: [u32; 24],
     pub idevid_manuf_hsm_id: [u32; 4],
@@ -177,8 +176,7 @@ impl Default for Fuses {
             key_manifest_pk_hash: Default::default(),
             key_manifest_pk_hash_mask: Default::default(),
             owner_pk_hash: Default::default(),
-            fmc_key_manifest_svn: Default::default(),
-            runtime_svn: Default::default(),
+            fw_svn: Default::default(),
             anti_rollback_disable: Default::default(),
             idevid_cert_attr: Default::default(),
             idevid_manuf_hsm_id: Default::default(),

builder/src/lib.rs

@@ -439,9 +439,7 @@ pub fn elf_size(elf_bytes: &[u8]) -> io::Result<u64> {
 #[derive(Clone)]
 pub struct ImageOptions {
     pub fmc_version: u16,
-    pub fmc_svn: u32,
     pub app_version: u32,
-    pub app_svn: u32,
     pub vendor_config: ImageGeneratorVendorConfig,
     pub owner_config: Option<ImageGeneratorOwnerConfig>,
     pub fw_image_type: FwImageType,
@@ -450,9 +448,7 @@ impl Default for ImageOptions {
     fn default() -> Self {
         Self {
             fmc_version: Default::default(),
-            fmc_svn: Default::default(),
             app_version: Default::default(),
-            app_svn: Default::default(),
             vendor_config: caliptra_image_fake_keys::VENDOR_CONFIG_KEY_0,
             owner_config: Some(caliptra_image_fake_keys::OWNER_CONFIG),
             fw_image_type: FwImageType::EccLms,
@@ -469,13 +465,8 @@ pub fn build_and_sign_image(
     let app_elf = build_firmware_elf(app)?;
     let gen = ImageGenerator::new(Crypto::default());
     let image = gen.generate(&ImageGeneratorConfig {
-        fmc: ElfExecutable::new(
-            &fmc_elf,
-            opts.fmc_version as u32,
-            opts.fmc_svn,
-            image_revision()?,
-        )?,
-        runtime: ElfExecutable::new(&app_elf, opts.app_version, opts.app_svn, image_revision()?)?,
+        fmc: ElfExecutable::new(&fmc_elf, opts.fmc_version as u32, image_revision()?)?,
+        runtime: ElfExecutable::new(&app_elf, opts.app_version, image_revision()?)?,
         vendor_config: opts.vendor_config,
         owner_config: opts.owner_config,
         fw_image_type: opts.fw_image_type,

common/src/verifier.rs

@@ -128,9 +128,9 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
         self.data_vault.fmc_tci().into()
     }
 
-    // Get Runtime fuse SVN
-    fn runtime_fuse_svn(&self) -> u32 {
-        self.soc_ifc.fuse_bank().runtime_fuse_svn()
+    // Get firmware fuse SVN
+    fn fw_fuse_svn(&self) -> u32 {
+        self.soc_ifc.fuse_bank().fw_fuse_svn()
     }
 
     fn iccm_range(&self) -> Range<u32> {

drivers/src/data_vault.rs

@@ -69,7 +69,7 @@ impl From<ColdResetEntry48> for usize {
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum ColdResetEntry4 {
-    FmcSvn = 0,
+    ColdBootFwSvn = 0,
     RomColdBootStatus = 1,
     FmcEntryPoint = 2,
     EccVendorPubKeyIndex = 3,
@@ -80,7 +80,7 @@ impl TryFrom<u8> for ColdResetEntry4 {
     type Error = ();
     fn try_from(value: u8) -> Result<Self, Self::Error> {
         match value {
-            0 => Ok(Self::FmcSvn),
+            0 => Ok(Self::ColdBootFwSvn),
             2 => Ok(Self::FmcEntryPoint),
             3 => Ok(Self::EccVendorPubKeyIndex),
             4 => Ok(Self::LmsVendorPubKeyIndex),
@@ -132,10 +132,10 @@ impl From<WarmResetEntry48> for usize {
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum WarmResetEntry4 {
-    RtSvn = 0,
+    FwSvn = 0,
     RtEntryPoint = 1,
     ManifestAddr = 2,
-    RtMinSvn = 3,
+    FwMinSvn = 3,
     RomUpdateResetStatus = 4,
 }
 
@@ -161,10 +161,10 @@ impl TryFrom<u8> for WarmResetEntry4 {
     type Error = ();
     fn try_from(original: u8) -> Result<Self, Self::Error> {
         match original {
-            0 => Ok(Self::RtSvn),
+            0 => Ok(Self::FwSvn),
             1 => Ok(Self::RtEntryPoint),
             2 => Ok(Self::ManifestAddr),
-            3 => Ok(Self::RtMinSvn),
+            3 => Ok(Self::FwMinSvn),
             _ => Err(()),
         }
     }
@@ -298,13 +298,13 @@ impl DataVault {
         self.read_cold_reset_entry48(ColdResetEntry48::OwnerPubKeyHash)
     }
 
-    /// Get the fmc security version number.
+    /// Get the cold-boot firmware security version number.
     ///
     /// # Returns
-    /// * fmc security version number
+    /// * cold-boot firmware security version number
     ///
-    pub fn fmc_svn(&self) -> u32 {
-        self.read_cold_reset_entry4(ColdResetEntry4::FmcSvn)
+    pub fn cold_boot_fw_svn(&self) -> u32 {
+        self.read_cold_reset_entry4(ColdResetEntry4::ColdBootFwSvn)
     }
 
     /// Get the fmc entry.
@@ -361,22 +361,22 @@ impl DataVault {
         self.read_warm_reset_entry48(WarmResetEntry48::RtTci)
     }
 
-    /// Get the rt security version number.
+    /// Get the fw security version number.
     ///
     /// # Returns
-    /// * rt security version number
+    /// * fw security version number
     ///
-    pub fn rt_svn(&self) -> u32 {
-        self.read_warm_reset_entry4(WarmResetEntry4::RtSvn)
+    pub fn fw_svn(&self) -> u32 {
+        self.read_warm_reset_entry4(WarmResetEntry4::FwSvn)
     }
 
-    /// Get the rt minimum security version number.
+    /// Get the fw minimum security version number.
     ///
     /// # Returns
-    /// * rt minimum security version number
+    /// * fw minimum security version number
     ///
-    pub fn rt_min_svn(&self) -> u32 {
-        self.read_warm_reset_entry4(WarmResetEntry4::RtMinSvn)
+    pub fn fw_min_svn(&self) -> u32 {
+        self.read_warm_reset_entry4(WarmResetEntry4::FwMinSvn)
     }
 
     /// Get the rt entry.

drivers/src/fuse_bank.rs

@@ -258,32 +258,17 @@ impl FuseBank<'_> {
         soc_ifc_regs.fuse_anti_rollback_disable().read().dis()
     }
 
-    /// Get the fmc fuse security version number.
+    /// Get the firmware fuse security version number.
     ///
     /// # Arguments
     /// * None
     ///
     /// # Returns
-    ///     fmc security version number
+    ///     firmware security version number
     ///
-    pub fn fmc_fuse_svn(&self) -> u32 {
-        let soc_ifc_regs = self.soc_ifc.regs();
-        32 - soc_ifc_regs
-            .fuse_fmc_key_manifest_svn()
-            .read()
-            .leading_zeros()
-    }
-
-    /// Get the runtime fuse security version number.
-    ///
-    /// # Arguments
-    /// * None
-    ///
-    /// # Returns
-    ///     runtime security version number
-    ///
-    pub fn runtime_fuse_svn(&self) -> u32 {
+    pub fn fw_fuse_svn(&self) -> u32 {
         let soc_ifc_regs = self.soc_ifc.regs();
+        // The legacy name of this register is `fuse_runtime_svn`
         first_set_msbit(&soc_ifc_regs.fuse_runtime_svn().read())
     }
 

drivers/src/fuse_log.rs

@@ -21,13 +21,13 @@ pub enum FuseLogEntryId {
     Invalid = 0,
     VendorEccPubKeyIndex = 1,      // 4 bytes  (From Manifest)
     VendorEccPubKeyRevocation = 2, // 4 bytes  (From Fuse)
-    ManifestFmcSvn = 3,            // 4 bytes
+    ColdBootFwSvn = 3,             // 4 bytes
     ManifestReserved0 = 4,         // 4 bytes
     #[deprecated]
     _DeprecatedFuseFmcSvn = 5, // 4 bytes
-    ManifestRtSvn = 6,             // 4 bytes
+    ManifestFwSvn = 6,             // 4 bytes
     ManifestReserved1 = 7,         // 4 bytes
-    FuseRtSvn = 8,                 // 4 bytes
+    FuseFwSvn = 8,                 // 4 bytes
     VendorLmsPubKeyIndex = 9,      // 4 bytes  (From Manifest)
     VendorLmsPubKeyRevocation = 10, // 4 bytes  (From Fuse)
 }
@@ -38,12 +38,12 @@ impl From<u32> for FuseLogEntryId {
         match id {
             1 => FuseLogEntryId::VendorEccPubKeyIndex,
             2 => FuseLogEntryId::VendorEccPubKeyRevocation,
-            3 => FuseLogEntryId::ManifestFmcSvn,
+            3 => FuseLogEntryId::ColdBootFwSvn,
             4 => FuseLogEntryId::ManifestReserved0,
             5 => FuseLogEntryId::_DeprecatedFuseFmcSvn,
-            6 => FuseLogEntryId::ManifestRtSvn,
+            6 => FuseLogEntryId::ManifestFwSvn,
             7 => FuseLogEntryId::ManifestReserved1,
-            8 => FuseLogEntryId::FuseRtSvn,
+            8 => FuseLogEntryId::FuseFwSvn,
             9 => FuseLogEntryId::VendorLmsPubKeyIndex,
             10 => FuseLogEntryId::VendorLmsPubKeyRevocation,
             _ => FuseLogEntryId::Invalid,

drivers/src/hand_off.rs

@@ -223,8 +223,8 @@ pub struct FirmwareHandoffTable {
     /// Index of FMC Certificate Signature S Component in the Data Vault.
     pub fmc_cert_sig_s_dv_hdl: HandOffDataHandle,
 
-    /// Index of FMC SVN value in the Data Vault
-    pub fmc_svn_dv_hdl: HandOffDataHandle,
+    /// Index of FW's cold-boot SVN value in the Data Vault.
+    pub cold_boot_fw_svn_dv_hdl: HandOffDataHandle,
 
     /// Index of RT TCI value in the Data Vault.
     pub rt_tci_dv_hdl: HandOffDataHandle,
@@ -235,11 +235,11 @@ pub struct FirmwareHandoffTable {
     /// Index of RT Private Alias Key in the Key Vault.
     pub rt_priv_key_kv_hdl: HandOffDataHandle,
 
-    /// Index of RT SVN value in the Data Vault
-    pub rt_svn_dv_hdl: HandOffDataHandle,
+    /// Index of FW SVN value in the Data Vault
+    pub fw_svn_dv_hdl: HandOffDataHandle,
 
-    /// Index of RT Min SVN value in the Data Vault
-    pub rt_min_svn_dv_hdl: HandOffDataHandle,
+    /// Index of FW Min SVN value in the Data Vault
+    pub fw_min_svn_dv_hdl: HandOffDataHandle,
 
     /// LdevId TBS Address
     pub ldevid_tbs_addr: u32,
@@ -292,11 +292,11 @@ pub struct FirmwareHandoffTable {
     /// RtAlias TBS Size.
     pub rtalias_tbs_size: u16,
 
-    /// Maximum value RT FW SVN can take.
-    pub rt_hash_chain_max_svn: u16,
+    /// Maximum value FW SVN can take.
+    pub fw_hash_chain_max_svn: u16,
 
-    /// Index of RT hash chain value in the Key Vault.
-    pub rt_hash_chain_kv_hdl: HandOffDataHandle,
+    /// Index of FW hash chain value in the Key Vault.
+    pub fw_hash_chain_kv_hdl: HandOffDataHandle,
 
     /// Reserved for future use.
     pub reserved: [u8; 1632],
@@ -318,12 +318,12 @@ impl Default for FirmwareHandoffTable {
             fmc_pub_key_y_dv_hdl: FHT_INVALID_HANDLE,
             fmc_cert_sig_r_dv_hdl: FHT_INVALID_HANDLE,
             fmc_cert_sig_s_dv_hdl: FHT_INVALID_HANDLE,
-            fmc_svn_dv_hdl: FHT_INVALID_HANDLE,
+            cold_boot_fw_svn_dv_hdl: FHT_INVALID_HANDLE,
             rt_tci_dv_hdl: FHT_INVALID_HANDLE,
             rt_cdi_kv_hdl: FHT_INVALID_HANDLE,
             rt_priv_key_kv_hdl: FHT_INVALID_HANDLE,
-            rt_svn_dv_hdl: FHT_INVALID_HANDLE,
-            rt_min_svn_dv_hdl: FHT_INVALID_HANDLE,
+            fw_svn_dv_hdl: FHT_INVALID_HANDLE,
+            fw_min_svn_dv_hdl: FHT_INVALID_HANDLE,
             ldevid_tbs_addr: 0,
             fmcalias_tbs_addr: 0,
             ldevid_tbs_size: 0,
@@ -341,8 +341,8 @@ impl Default for FirmwareHandoffTable {
             idev_dice_mldsa_pub_key_load_addr: 0,
             rom_info_addr: RomAddr::new(FHT_INVALID_ADDRESS),
             rtalias_tbs_size: 0,
-            rt_hash_chain_max_svn: 0,
-            rt_hash_chain_kv_hdl: HandOffDataHandle(0),
+            fw_hash_chain_max_svn: 0,
+            fw_hash_chain_kv_hdl: HandOffDataHandle(0),
             reserved: [0u8; 1632],
         }
     }
@@ -386,15 +386,18 @@ pub fn print_fht(fht: &FirmwareHandoffTable) {
         "FMC Certificate Signature S DV Handle: 0x{:08x}",
         fht.fmc_cert_sig_s_dv_hdl.0
     );
-    crate::cprintln!("FMC SVN DV Handle: 0x{:08x}", fht.fmc_svn_dv_hdl.0);
+    crate::cprintln!(
+        "Cold boot SVN DV Handle: 0x{:08x}",
+        fht.cold_boot_fw_svn_dv_hdl.0
+    );
     crate::cprintln!("RT TCI DV Handle: 0x{:08x}", fht.rt_tci_dv_hdl.0);
     crate::cprintln!("RT CDI KV Handle: 0x{:08x}", fht.rt_cdi_kv_hdl.0);
     crate::cprintln!(
         "RT Private Key KV Handle: 0x{:08x}",
         fht.rt_priv_key_kv_hdl.0
     );
-    crate::cprintln!("RT SVN DV Handle: 0x{:08x}", fht.rt_svn_dv_hdl.0);
-    crate::cprintln!("RT Min SVN DV Handle: 0x{:08x}", fht.rt_min_svn_dv_hdl.0);
+    crate::cprintln!("FW SVN DV Handle: 0x{:08x}", fht.fw_svn_dv_hdl.0);
+    crate::cprintln!("FW Min SVN DV Handle: 0x{:08x}", fht.fw_min_svn_dv_hdl.0);
 
     crate::cprintln!(
         "IdevId MLDSA Public Key Address: 0x{:08x}",

error/src/lib.rs

@@ -229,10 +229,10 @@ impl CaliptraError {
         CaliptraError::new_const(0x000b002a);
     pub const IMAGE_VERIFIER_ERR_RUNTIME_ENTRY_POINT_UNALIGNED: CaliptraError =
         CaliptraError::new_const(0x000b002b);
-    pub const IMAGE_VERIFIER_ERR_RUNTIME_SVN_GREATER_THAN_MAX_SUPPORTED: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_FIRMWARE_SVN_GREATER_THAN_MAX_SUPPORTED: CaliptraError =
         CaliptraError::new_const(0x000b002c);
-    // 0x000b002d was IMAGE_VERIFIER_ERR_RUNTIME_SVN_LESS_THAN_MIN_SUPPORTED
-    pub const IMAGE_VERIFIER_ERR_RUNTIME_SVN_LESS_THAN_FUSE: CaliptraError =
+    // 0x000b002d was IMAGE_VERIFIER_ERR_FIRMWARE_SVN_LESS_THAN_MIN_SUPPORTED
+    pub const IMAGE_VERIFIER_ERR_FIRMWARE_SVN_LESS_THAN_FUSE: CaliptraError =
         CaliptraError::new_const(0x000b002e);
     pub const IMAGE_VERIFIER_ERR_IMAGE_LEN_MORE_THAN_BUNDLE_SIZE: CaliptraError =
         CaliptraError::new_const(0x000b002f);
@@ -410,10 +410,11 @@ impl CaliptraError {
         CaliptraError::new_const(0x000E002A);
     pub const RUNTIME_CMD_BUSY_DURING_WARM_RESET: CaliptraError =
         CaliptraError::new_const(0x000E002B);
-    pub const RUNTIME_RT_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002C);
-    pub const RUNTIME_RT_MIN_SVN_HANDOFF_FAILED: CaliptraError =
+    pub const RUNTIME_FW_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002C);
+    pub const RUNTIME_FW_MIN_SVN_HANDOFF_FAILED: CaliptraError =
         CaliptraError::new_const(0x000E002D);
-    pub const RUNTIME_FMC_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002E);
+    pub const RUNTIME_COLD_BOOT_FW_SVN_HANDOFF_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000E002E);
     pub const RUNTIME_CONTEXT_HAS_TAG_VALIDATION_FAILED: CaliptraError =
         CaliptraError::new_const(0x000E002F);
     pub const RUNTIME_LDEV_ID_CERT_TOO_BIG: CaliptraError = CaliptraError::new_const(0x000E0030);

fmc/Makefile

@@ -73,12 +73,11 @@ build-fw-image: gen-certs build-emu build-test-rt
 		--lms-pk-idx 3 \
 		--fmc $(TARGET_DIR)/caliptra-fmc \
 		--fmc-version 0 \
-		--fmc-svn 0 \
 		--fmc-rev $(GIT_REV) \
 		--rt $(TARGET_DIR)/caliptra-runtime \
 		--rt-version 0 \
-		--rt-svn 0 \
 		--rt-rev $(GIT_REV) \
+		--fw-svn 0 \
 		--out $(TARGET_DIR)/caliptra-rom-test-fw \
 
 bloat: build