Skip to content

Commit

Permalink
Deprecate FMC SVN from build tooling and firmware.
Browse files Browse the repository at this point in the history
There are no functional changes in this commit.

- The reported FMC SVN is now accurately renamed to be the cold-boot firmware SVN.
- As the ROM now ignores the FMC SVN in images, build tooling longer allows populating the FMC image's SVN.
  • Loading branch information
bluegate010 committed Dec 17, 2024
1 parent 4e0dd15 commit 3dd712c
Show file tree
Hide file tree
Showing 59 changed files with 345 additions and 422 deletions.
6 changes: 3 additions & 3 deletions api/src/mailbox.rs
Original file line number Diff line number Diff line change
Expand Up @@ -776,9 +776,9 @@ impl Response for FipsVersionResp {}
pub struct FwInfoResp {
pub hdr: MailboxRespHeader,
pub pl0_pauser: u32,
pub runtime_svn: u32,
pub min_runtime_svn: u32,
pub fmc_manifest_svn: u32,
pub fw_svn: u32,
pub min_fw_svn: u32,
pub cold_boot_fw_svn: u32,
pub attestation_disabled: u32,
pub rom_revision: [u8; 20],
pub fmc_revision: [u8; 20],
Expand Down
6 changes: 2 additions & 4 deletions api/src/soc_mgr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -139,10 +139,8 @@ pub trait SocManager {
self.soc_ifc()
.cptra_owner_pk_hash()
.write(&fuses.owner_pk_hash);
self.soc_ifc()
.fuse_fmc_key_manifest_svn()
.write(|_| fuses.fmc_key_manifest_svn);
self.soc_ifc().fuse_runtime_svn().write(&fuses.runtime_svn);
self.soc_ifc().fuse_fmc_key_manifest_svn().write(|_| 0); // deprecated fuse.
self.soc_ifc().fuse_runtime_svn().write(&fuses.fw_svn);
self.soc_ifc()
.fuse_anti_rollback_disable()
.write(|w| w.dis(fuses.anti_rollback_disable));
Expand Down
6 changes: 2 additions & 4 deletions api/types/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -159,8 +159,7 @@ pub struct Fuses {
pub key_manifest_pk_hash: [u32; 12],
pub key_manifest_pk_hash_mask: U4,
pub owner_pk_hash: [u32; 12],
pub fmc_key_manifest_svn: u32,
pub runtime_svn: [u32; 4],
pub fw_svn: [u32; 4],
pub anti_rollback_disable: bool,
pub idevid_cert_attr: [u32; 24],
pub idevid_manuf_hsm_id: [u32; 4],
Expand All @@ -177,8 +176,7 @@ impl Default for Fuses {
key_manifest_pk_hash: Default::default(),
key_manifest_pk_hash_mask: Default::default(),
owner_pk_hash: Default::default(),
fmc_key_manifest_svn: Default::default(),
runtime_svn: Default::default(),
fw_svn: Default::default(),
anti_rollback_disable: Default::default(),
idevid_cert_attr: Default::default(),
idevid_manuf_hsm_id: Default::default(),
Expand Down
16 changes: 5 additions & 11 deletions builder/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -455,9 +455,8 @@ pub fn elf_size(elf_bytes: &[u8]) -> io::Result<u64> {
#[derive(Clone)]
pub struct ImageOptions {
pub fmc_version: u16,
pub fmc_svn: u32,
pub app_version: u32,
pub app_svn: u32,
pub fw_svn: u32,
pub vendor_config: ImageGeneratorVendorConfig,
pub owner_config: Option<ImageGeneratorOwnerConfig>,
pub pqc_key_type: FwVerificationPqcKeyType,
Expand All @@ -466,9 +465,8 @@ impl Default for ImageOptions {
fn default() -> Self {
Self {
fmc_version: Default::default(),
fmc_svn: Default::default(),
app_version: Default::default(),
app_svn: Default::default(),
fw_svn: Default::default(),
vendor_config: caliptra_image_fake_keys::VENDOR_CONFIG_KEY_0,
owner_config: Some(caliptra_image_fake_keys::OWNER_CONFIG),
pqc_key_type: FwVerificationPqcKeyType::LMS,
Expand All @@ -485,13 +483,9 @@ pub fn build_and_sign_image(
let app_elf = build_firmware_elf(app)?;
let gen = ImageGenerator::new(Crypto::default());
let image = gen.generate(&ImageGeneratorConfig {
fmc: ElfExecutable::new(
&fmc_elf,
opts.fmc_version as u32,
opts.fmc_svn,
image_revision()?,
)?,
runtime: ElfExecutable::new(&app_elf, opts.app_version, opts.app_svn, image_revision()?)?,
fmc: ElfExecutable::new(&fmc_elf, opts.fmc_version as u32, image_revision()?)?,
runtime: ElfExecutable::new(&app_elf, opts.app_version, image_revision()?)?,
fw_svn: opts.fw_svn,
vendor_config: opts.vendor_config,
owner_config: opts.owner_config,
pqc_key_type: opts.pqc_key_type,
Expand Down
6 changes: 3 additions & 3 deletions common/src/verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -172,9 +172,9 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
self.data_vault.fmc_tci().into()
}

// Get Runtime fuse SVN
fn runtime_fuse_svn(&self) -> u32 {
self.soc_ifc.fuse_bank().runtime_fuse_svn()
// Get firmware fuse SVN
fn fw_fuse_svn(&self) -> u32 {
self.soc_ifc.fuse_bank().fw_fuse_svn()
}

fn iccm_range(&self) -> Range<u32> {
Expand Down
36 changes: 18 additions & 18 deletions drivers/src/data_vault.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ impl From<ColdResetEntry48> for usize {

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ColdResetEntry4 {
FmcSvn = 0,
ColdBootFwSvn = 0,
RomColdBootStatus = 1,
FmcEntryPoint = 2,
EccVendorPubKeyIndex = 3,
Expand All @@ -80,7 +80,7 @@ impl TryFrom<u8> for ColdResetEntry4 {
type Error = ();
fn try_from(value: u8) -> Result<Self, Self::Error> {
match value {
0 => Ok(Self::FmcSvn),
0 => Ok(Self::ColdBootFwSvn),
2 => Ok(Self::FmcEntryPoint),
3 => Ok(Self::EccVendorPubKeyIndex),
4 => Ok(Self::PqcVendorPubKeyIndex),
Expand Down Expand Up @@ -132,10 +132,10 @@ impl From<WarmResetEntry48> for usize {

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum WarmResetEntry4 {
RtSvn = 0,
FwSvn = 0,
RtEntryPoint = 1,
ManifestAddr = 2,
RtMinSvn = 3,
FwMinSvn = 3,
RomUpdateResetStatus = 4,
}

Expand All @@ -161,10 +161,10 @@ impl TryFrom<u8> for WarmResetEntry4 {
type Error = ();
fn try_from(original: u8) -> Result<Self, Self::Error> {
match original {
0 => Ok(Self::RtSvn),
0 => Ok(Self::FwSvn),
1 => Ok(Self::RtEntryPoint),
2 => Ok(Self::ManifestAddr),
3 => Ok(Self::RtMinSvn),
3 => Ok(Self::FwMinSvn),
_ => Err(()),
}
}
Expand Down Expand Up @@ -298,13 +298,13 @@ impl DataVault {
self.read_cold_reset_entry48(ColdResetEntry48::OwnerPubKeyHash)
}

/// Get the fmc security version number.
/// Get the cold-boot firmware security version number.
///
/// # Returns
/// * fmc security version number
/// * cold-boot firmware security version number
///
pub fn fmc_svn(&self) -> u32 {
self.read_cold_reset_entry4(ColdResetEntry4::FmcSvn)
pub fn cold_boot_fw_svn(&self) -> u32 {
self.read_cold_reset_entry4(ColdResetEntry4::ColdBootFwSvn)
}

/// Get the fmc entry.
Expand Down Expand Up @@ -361,22 +361,22 @@ impl DataVault {
self.read_warm_reset_entry48(WarmResetEntry48::RtTci)
}

/// Get the rt security version number.
/// Get the fw security version number.
///
/// # Returns
/// * rt security version number
/// * fw security version number
///
pub fn rt_svn(&self) -> u32 {
self.read_warm_reset_entry4(WarmResetEntry4::RtSvn)
pub fn fw_svn(&self) -> u32 {
self.read_warm_reset_entry4(WarmResetEntry4::FwSvn)
}

/// Get the rt minimum security version number.
/// Get the fw minimum security version number.
///
/// # Returns
/// * rt minimum security version number
/// * fw minimum security version number
///
pub fn rt_min_svn(&self) -> u32 {
self.read_warm_reset_entry4(WarmResetEntry4::RtMinSvn)
pub fn fw_min_svn(&self) -> u32 {
self.read_warm_reset_entry4(WarmResetEntry4::FwMinSvn)
}

/// Get the rt entry.
Expand Down
23 changes: 4 additions & 19 deletions drivers/src/fuse_bank.rs
Original file line number Diff line number Diff line change
Expand Up @@ -271,32 +271,17 @@ impl FuseBank<'_> {
soc_ifc_regs.fuse_anti_rollback_disable().read().dis()
}

/// Get the fmc fuse security version number.
/// Get the firmware fuse security version number.
///
/// # Arguments
/// * None
///
/// # Returns
/// fmc security version number
/// firmware security version number
///
pub fn fmc_fuse_svn(&self) -> u32 {
let soc_ifc_regs = self.soc_ifc.regs();
32 - soc_ifc_regs
.fuse_fmc_key_manifest_svn()
.read()
.leading_zeros()
}

/// Get the runtime fuse security version number.
///
/// # Arguments
/// * None
///
/// # Returns
/// runtime security version number
///
pub fn runtime_fuse_svn(&self) -> u32 {
pub fn fw_fuse_svn(&self) -> u32 {
let soc_ifc_regs = self.soc_ifc.regs();
// The legacy name of this register is `fuse_runtime_svn`
first_set_msbit(&soc_ifc_regs.fuse_runtime_svn().read())
}

Expand Down
12 changes: 6 additions & 6 deletions drivers/src/fuse_log.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ pub enum FuseLogEntryId {
Invalid = 0,
VendorEccPubKeyIndex = 1, // 4 bytes (From Manifest)
VendorEccPubKeyRevocation = 2, // 4 bytes (From Fuse)
ManifestFmcSvn = 3, // 4 bytes
ColdBootFwSvn = 3, // 4 bytes
ManifestReserved0 = 4, // 4 bytes
#[deprecated]
_DeprecatedFuseFmcSvn = 5, // 4 bytes
ManifestRtSvn = 6, // 4 bytes
ManifestFwSvn = 6, // 4 bytes
ManifestReserved1 = 7, // 4 bytes
FuseRtSvn = 8, // 4 bytes
FuseFwSvn = 8, // 4 bytes
VendorPqcPubKeyIndex = 9, // 4 bytes (From Manifest)
VendorPqcPubKeyRevocation = 10, // 4 bytes (From Fuse)
}
Expand All @@ -38,12 +38,12 @@ impl From<u32> for FuseLogEntryId {
match id {
1 => FuseLogEntryId::VendorEccPubKeyIndex,
2 => FuseLogEntryId::VendorEccPubKeyRevocation,
3 => FuseLogEntryId::ManifestFmcSvn,
3 => FuseLogEntryId::ColdBootFwSvn,
4 => FuseLogEntryId::ManifestReserved0,
5 => FuseLogEntryId::_DeprecatedFuseFmcSvn,
6 => FuseLogEntryId::ManifestRtSvn,
6 => FuseLogEntryId::ManifestFwSvn,
7 => FuseLogEntryId::ManifestReserved1,
8 => FuseLogEntryId::FuseRtSvn,
8 => FuseLogEntryId::FuseFwSvn,
9 => FuseLogEntryId::VendorPqcPubKeyIndex,
10 => FuseLogEntryId::VendorPqcPubKeyRevocation,
_ => FuseLogEntryId::Invalid,
Expand Down
39 changes: 21 additions & 18 deletions drivers/src/hand_off.rs
Original file line number Diff line number Diff line change
Expand Up @@ -223,8 +223,8 @@ pub struct FirmwareHandoffTable {
/// Index of FMC Certificate Signature S Component in the Data Vault.
pub fmc_cert_sig_s_dv_hdl: HandOffDataHandle,

/// Index of FMC SVN value in the Data Vault
pub fmc_svn_dv_hdl: HandOffDataHandle,
/// Index of FW's cold-boot SVN value in the Data Vault.
pub cold_boot_fw_svn_dv_hdl: HandOffDataHandle,

/// Index of RT TCI value in the Data Vault.
pub rt_tci_dv_hdl: HandOffDataHandle,
Expand All @@ -235,11 +235,11 @@ pub struct FirmwareHandoffTable {
/// Index of RT Private Alias Key in the Key Vault.
pub rt_priv_key_kv_hdl: HandOffDataHandle,

/// Index of RT SVN value in the Data Vault
pub rt_svn_dv_hdl: HandOffDataHandle,
/// Index of FW SVN value in the Data Vault
pub fw_svn_dv_hdl: HandOffDataHandle,

/// Index of RT Min SVN value in the Data Vault
pub rt_min_svn_dv_hdl: HandOffDataHandle,
/// Index of FW Min SVN value in the Data Vault
pub fw_min_svn_dv_hdl: HandOffDataHandle,

/// LdevId TBS Address
pub ldevid_tbs_addr: u32,
Expand Down Expand Up @@ -292,11 +292,11 @@ pub struct FirmwareHandoffTable {
/// RtAlias TBS Size.
pub rtalias_tbs_size: u16,

/// Maximum value RT FW SVN can take.
pub rt_hash_chain_max_svn: u16,
/// Maximum value FW SVN can take.
pub fw_hash_chain_max_svn: u16,

/// Index of RT hash chain value in the Key Vault.
pub rt_hash_chain_kv_hdl: HandOffDataHandle,
/// Index of FW hash chain value in the Key Vault.
pub fw_hash_chain_kv_hdl: HandOffDataHandle,

/// Reserved for future use.
pub reserved: [u8; 1632],
Expand All @@ -318,12 +318,12 @@ impl Default for FirmwareHandoffTable {
fmc_pub_key_y_dv_hdl: FHT_INVALID_HANDLE,
fmc_cert_sig_r_dv_hdl: FHT_INVALID_HANDLE,
fmc_cert_sig_s_dv_hdl: FHT_INVALID_HANDLE,
fmc_svn_dv_hdl: FHT_INVALID_HANDLE,
cold_boot_fw_svn_dv_hdl: FHT_INVALID_HANDLE,
rt_tci_dv_hdl: FHT_INVALID_HANDLE,
rt_cdi_kv_hdl: FHT_INVALID_HANDLE,
rt_priv_key_kv_hdl: FHT_INVALID_HANDLE,
rt_svn_dv_hdl: FHT_INVALID_HANDLE,
rt_min_svn_dv_hdl: FHT_INVALID_HANDLE,
fw_svn_dv_hdl: FHT_INVALID_HANDLE,
fw_min_svn_dv_hdl: FHT_INVALID_HANDLE,
ldevid_tbs_addr: 0,
fmcalias_tbs_addr: 0,
ldevid_tbs_size: 0,
Expand All @@ -341,8 +341,8 @@ impl Default for FirmwareHandoffTable {
idev_dice_mldsa_pub_key_load_addr: 0,
rom_info_addr: RomAddr::new(FHT_INVALID_ADDRESS),
rtalias_tbs_size: 0,
rt_hash_chain_max_svn: 0,
rt_hash_chain_kv_hdl: HandOffDataHandle(0),
fw_hash_chain_max_svn: 0,
fw_hash_chain_kv_hdl: HandOffDataHandle(0),
reserved: [0u8; 1632],
}
}
Expand Down Expand Up @@ -386,15 +386,18 @@ pub fn print_fht(fht: &FirmwareHandoffTable) {
"FMC Certificate Signature S DV Handle: 0x{:08x}",
fht.fmc_cert_sig_s_dv_hdl.0
);
crate::cprintln!("FMC SVN DV Handle: 0x{:08x}", fht.fmc_svn_dv_hdl.0);
crate::cprintln!(
"Cold boot SVN DV Handle: 0x{:08x}",
fht.cold_boot_fw_svn_dv_hdl.0
);
crate::cprintln!("RT TCI DV Handle: 0x{:08x}", fht.rt_tci_dv_hdl.0);
crate::cprintln!("RT CDI KV Handle: 0x{:08x}", fht.rt_cdi_kv_hdl.0);
crate::cprintln!(
"RT Private Key KV Handle: 0x{:08x}",
fht.rt_priv_key_kv_hdl.0
);
crate::cprintln!("RT SVN DV Handle: 0x{:08x}", fht.rt_svn_dv_hdl.0);
crate::cprintln!("RT Min SVN DV Handle: 0x{:08x}", fht.rt_min_svn_dv_hdl.0);
crate::cprintln!("FW SVN DV Handle: 0x{:08x}", fht.fw_svn_dv_hdl.0);
crate::cprintln!("FW Min SVN DV Handle: 0x{:08x}", fht.fw_min_svn_dv_hdl.0);

crate::cprintln!(
"IdevId MLDSA Public Key Address: 0x{:08x}",
Expand Down
13 changes: 7 additions & 6 deletions error/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -229,10 +229,10 @@ impl CaliptraError {
CaliptraError::new_const(0x000b002a);
pub const IMAGE_VERIFIER_ERR_RUNTIME_ENTRY_POINT_UNALIGNED: CaliptraError =
CaliptraError::new_const(0x000b002b);
pub const IMAGE_VERIFIER_ERR_RUNTIME_SVN_GREATER_THAN_MAX_SUPPORTED: CaliptraError =
pub const IMAGE_VERIFIER_ERR_FIRMWARE_SVN_GREATER_THAN_MAX_SUPPORTED: CaliptraError =
CaliptraError::new_const(0x000b002c);
// 0x000b002d was IMAGE_VERIFIER_ERR_RUNTIME_SVN_LESS_THAN_MIN_SUPPORTED
pub const IMAGE_VERIFIER_ERR_RUNTIME_SVN_LESS_THAN_FUSE: CaliptraError =
// 0x000b002d was IMAGE_VERIFIER_ERR_FIRMWARE_SVN_LESS_THAN_MIN_SUPPORTED
pub const IMAGE_VERIFIER_ERR_FIRMWARE_SVN_LESS_THAN_FUSE: CaliptraError =
CaliptraError::new_const(0x000b002e);
pub const IMAGE_VERIFIER_ERR_IMAGE_LEN_MORE_THAN_BUNDLE_SIZE: CaliptraError =
CaliptraError::new_const(0x000b002f);
Expand Down Expand Up @@ -434,10 +434,11 @@ impl CaliptraError {
CaliptraError::new_const(0x000E002A);
pub const RUNTIME_CMD_BUSY_DURING_WARM_RESET: CaliptraError =
CaliptraError::new_const(0x000E002B);
pub const RUNTIME_RT_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002C);
pub const RUNTIME_RT_MIN_SVN_HANDOFF_FAILED: CaliptraError =
pub const RUNTIME_FW_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002C);
pub const RUNTIME_FW_MIN_SVN_HANDOFF_FAILED: CaliptraError =
CaliptraError::new_const(0x000E002D);
pub const RUNTIME_FMC_SVN_HANDOFF_FAILED: CaliptraError = CaliptraError::new_const(0x000E002E);
pub const RUNTIME_COLD_BOOT_FW_SVN_HANDOFF_FAILED: CaliptraError =
CaliptraError::new_const(0x000E002E);
pub const RUNTIME_CONTEXT_HAS_TAG_VALIDATION_FAILED: CaliptraError =
CaliptraError::new_const(0x000E002F);
pub const RUNTIME_LDEV_ID_CERT_TOO_BIG: CaliptraError = CaliptraError::new_const(0x000E0030);
Expand Down
3 changes: 1 addition & 2 deletions fmc/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -73,12 +73,11 @@ build-fw-image: gen-certs build-emu build-test-rt
--pqc-pk-idx 3 \
--fmc $(TARGET_DIR)/caliptra-fmc \
--fmc-version 0 \
--fmc-svn 0 \
--fmc-rev $(GIT_REV) \
--rt $(TARGET_DIR)/caliptra-runtime \
--rt-version 0 \
--rt-svn 0 \
--rt-rev $(GIT_REV) \
--fw-svn 0 \
--out $(TARGET_DIR)/caliptra-rom-test-fw \

bloat: build
Expand Down
Loading

0 comments on commit 3dd712c

Please sign in to comment.