[feat] Firmware image generation and verification with MLDSA keys. (#…

…1830)

This change updates the image generator to generate an image with MLDSA public keys and signatures. Additionally, this change updates the image verifier for verifying the image signatures with the MLDSA public keys.

.gitignore

@@ -28,3 +28,5 @@ hw/fpga/vivado*.log
 
 # libcaliptra build artifacts
 libcaliptra/libcaliptra.a
+
+hw-latest/verilated/out/*

builder/src/lib.rs

@@ -20,7 +20,7 @@ use caliptra_image_elf::ElfExecutable;
 use caliptra_image_gen::{
     ImageGenerator, ImageGeneratorConfig, ImageGeneratorOwnerConfig, ImageGeneratorVendorConfig,
 };
-use caliptra_image_types::{FwImageType, ImageBundle, ImageRevision, RomInfo};
+use caliptra_image_types::{FwVerificationPqcKeyType, ImageBundle, ImageRevision, RomInfo};
 use elf::endian::LittleEndian;
 use nix::fcntl::FlockArg;
 use zerocopy::AsBytes;
@@ -444,7 +444,7 @@ pub struct ImageOptions {
     pub app_svn: u32,
     pub vendor_config: ImageGeneratorVendorConfig,
     pub owner_config: Option<ImageGeneratorOwnerConfig>,
-    pub fw_image_type: FwImageType,
+    pub pqc_key_type: FwVerificationPqcKeyType,
 }
 impl Default for ImageOptions {
     fn default() -> Self {
@@ -455,7 +455,7 @@ impl Default for ImageOptions {
             app_svn: Default::default(),
             vendor_config: caliptra_image_fake_keys::VENDOR_CONFIG_KEY_0,
             owner_config: Some(caliptra_image_fake_keys::OWNER_CONFIG),
-            fw_image_type: FwImageType::EccLms,
+            pqc_key_type: FwVerificationPqcKeyType::LMS,
         }
     }
 }
@@ -478,7 +478,7 @@ pub fn build_and_sign_image(
         runtime: ElfExecutable::new(&app_elf, opts.app_version, opts.app_svn, image_revision()?)?,
         vendor_config: opts.vendor_config,
         owner_config: opts.owner_config,
-        fw_image_type: opts.fw_image_type,
+        pqc_key_type: opts.pqc_key_type,
     })?;
     Ok(image)
 }

common/src/lib.rs

@@ -40,7 +40,7 @@ pub use pcr::{PcrLogEntry, PcrLogEntryId, RT_FW_CURRENT_PCR, RT_FW_JOURNEY_PCR};
 pub const FMC_ORG: u32 = 0x40000000;
 pub const FMC_SIZE: u32 = 20 * 1024;
 pub const RUNTIME_ORG: u32 = FMC_ORG + FMC_SIZE;
-pub const RUNTIME_SIZE: u32 = 97 * 1024;
+pub const RUNTIME_SIZE: u32 = 98 * 1024;
 
 pub use memory_layout::{DATA_ORG, FHT_ORG, FHT_SIZE, MAN1_ORG};
 pub use wdt::{restart_wdt, start_wdt, stop_wdt, WdtTimeout};

common/src/verifier.rs

@@ -16,6 +16,7 @@ use caliptra_drivers::*;
 use caliptra_image_types::*;
 use caliptra_image_verify::ImageVerificationEnv;
 use core::ops::Range;
+use zerocopy::{AsBytes, FromBytes};
 
 use caliptra_drivers::memory_layout::ICCM_RANGE;
 
@@ -25,14 +26,15 @@ pub struct FirmwareImageVerificationEnv<'a, 'b> {
     pub sha2_512_384: &'a mut Sha2_512_384,
     pub soc_ifc: &'a mut SocIfc,
     pub ecc384: &'a mut Ecc384,
+    pub mldsa87: &'a mut Mldsa87,
     pub data_vault: &'a mut DataVault,
     pub pcr_bank: &'a mut PcrBank,
     pub image: &'b [u8],
 }
 
 impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b> {
-    /// Calculate Digest using SHA-384 Accelerator
-    fn sha384_digest(&mut self, offset: u32, len: u32) -> CaliptraResult<ImageDigest> {
+    /// Calculate 384 digest using SHA2 Engine
+    fn sha384_digest(&mut self, offset: u32, len: u32) -> CaliptraResult<ImageDigest384> {
         let err = CaliptraError::IMAGE_VERIFIER_ERR_DIGEST_OUT_OF_BOUNDS;
         let data = self
             .image
@@ -43,10 +45,22 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
         Ok(self.sha2_512_384.sha384_digest(data)?.0)
     }
 
+    /// Calculate 512 digest using SHA2 Engine
+    fn sha512_digest(&mut self, offset: u32, len: u32) -> CaliptraResult<ImageDigest512> {
+        let err = CaliptraError::IMAGE_VERIFIER_ERR_DIGEST_OUT_OF_BOUNDS;
+        let data = self
+            .image
+            .get(offset as usize..)
+            .ok_or(err)?
+            .get(..len as usize)
+            .ok_or(err)?;
+        Ok(self.sha2_512_384.sha512_digest(data)?.0)
+    }
+
     /// ECC-384 Verification routine
     fn ecc384_verify(
         &mut self,
-        digest: &ImageDigest,
+        digest: &ImageDigest384,
         pub_key: &ImageEccPubKey,
         sig: &ImageEccSignature,
     ) -> CaliptraResult<Array4xN<12, 48>> {
@@ -67,7 +81,7 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
 
     fn lms_verify(
         &mut self,
-        digest: &ImageDigest,
+        digest: &ImageDigest384,
         pub_key: &ImageLmsPublicKey,
         sig: &ImageLmsSignature,
     ) -> CaliptraResult<HashValue<SHA192_DIGEST_WORD_SIZE>> {
@@ -78,8 +92,38 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
         Lms::default().verify_lms_signature_cfi(self.sha256, &message, pub_key, sig)
     }
 
+    fn mldsa87_verify(
+        &mut self,
+        digest: &ImageDigest512,
+        pub_key: &ImageMldsaPubKey,
+        sig: &ImageMldsaSignature,
+    ) -> CaliptraResult<Mldsa87Result> {
+        // Public Key is received in hw format from the image. No conversion needed.
+        let pub_key_bytes: [u8; MLDSA87_PUB_KEY_BYTE_SIZE] = pub_key
+            .0
+            .as_bytes()
+            .try_into()
+            .map_err(|_| CaliptraError::IMAGE_VERIFIER_ERR_MLDSA_TYPE_CONVERSION_FAILED)?;
+        let pub_key = Mldsa87PubKey::read_from(pub_key_bytes.as_bytes())
+            .ok_or(CaliptraError::IMAGE_VERIFIER_ERR_MLDSA_TYPE_CONVERSION_FAILED)?;
+
+        // Signature is received in hw format from the image. No conversion needed.
+        let sig_bytes: [u8; MLDSA87_SIGNATURE_BYTE_SIZE] = sig
+            .0
+            .as_bytes()
+            .try_into()
+            .map_err(|_| CaliptraError::IMAGE_VERIFIER_ERR_MLDSA_TYPE_CONVERSION_FAILED)?;
+        let sig = Mldsa87Signature::read_from(sig_bytes.as_bytes())
+            .ok_or(CaliptraError::IMAGE_VERIFIER_ERR_MLDSA_TYPE_CONVERSION_FAILED)?;
+
+        // digest is received in hw format. No conversion needed.
+        let msg = digest.into();
+
+        self.mldsa87.verify(&pub_key, &msg, &sig)
+    }
+
     /// Retrieve Vendor Public Key Info Digest
-    fn vendor_pub_key_info_digest_fuses(&self) -> ImageDigest {
+    fn vendor_pub_key_info_digest_fuses(&self) -> ImageDigest384 {
         self.soc_ifc.fuse_bank().vendor_pub_key_info_hash().into()
     }
 
@@ -94,7 +138,7 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
     }
 
     /// Retrieve Owner Public Key Digest from fuses
-    fn owner_pub_key_digest_fuses(&self) -> ImageDigest {
+    fn owner_pub_key_digest_fuses(&self) -> ImageDigest384 {
         self.soc_ifc.fuse_bank().owner_pub_key_hash().into()
     }
 
@@ -114,17 +158,17 @@ impl<'a, 'b> ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'a, 'b>
     }
 
     /// Get the vendor LMS key index saved in data vault on cold boot
-    fn vendor_lms_pub_key_idx_dv(&self) -> u32 {
-        self.data_vault.lms_vendor_pk_index()
+    fn vendor_pqc_pub_key_idx_dv(&self) -> u32 {
+        self.data_vault.pqc_vendor_pk_index()
     }
 
     /// Get the owner public key digest saved in the dv on cold boot
-    fn owner_pub_key_digest_dv(&self) -> ImageDigest {
+    fn owner_pub_key_digest_dv(&self) -> ImageDigest384 {
         self.data_vault.owner_pk_hash().into()
     }
 
     // Get the fmc digest from the data vault on cold boot
-    fn get_fmc_digest_dv(&self) -> ImageDigest {
+    fn get_fmc_digest_dv(&self) -> ImageDigest384 {
         self.data_vault.fmc_tci().into()
     }
 

drivers/src/data_vault.rs

@@ -73,7 +73,7 @@ pub enum ColdResetEntry4 {
     RomColdBootStatus = 1,
     FmcEntryPoint = 2,
     EccVendorPubKeyIndex = 3,
-    LmsVendorPubKeyIndex = 4,
+    PqcVendorPubKeyIndex = 4,
 }
 
 impl TryFrom<u8> for ColdResetEntry4 {
@@ -83,7 +83,7 @@ impl TryFrom<u8> for ColdResetEntry4 {
             0 => Ok(Self::FmcSvn),
             2 => Ok(Self::FmcEntryPoint),
             3 => Ok(Self::EccVendorPubKeyIndex),
-            4 => Ok(Self::LmsVendorPubKeyIndex),
+            4 => Ok(Self::PqcVendorPubKeyIndex),
             _ => Err(()),
         }
     }
@@ -325,13 +325,13 @@ impl DataVault {
         self.read_cold_reset_entry4(ColdResetEntry4::EccVendorPubKeyIndex)
     }
 
-    /// Get the Lms vendor public key index used for image verification.
+    /// Get the PQC (LMS or MLDSA) vendor public key index used for image verification.
     ///
     /// # Returns
     ///
     /// * `u32` - Vendor public key index
-    pub fn lms_vendor_pk_index(&self) -> u32 {
-        self.read_cold_reset_entry4(ColdResetEntry4::LmsVendorPubKeyIndex)
+    pub fn pqc_vendor_pk_index(&self) -> u32 {
+        self.read_cold_reset_entry4(ColdResetEntry4::PqcVendorPubKeyIndex)
     }
 
     /// Get the rom cold boot status.

drivers/src/fuse_log.rs

@@ -28,8 +28,8 @@ pub enum FuseLogEntryId {
     ManifestRtSvn = 6,             // 4 bytes
     ManifestReserved1 = 7,         // 4 bytes
     FuseRtSvn = 8,                 // 4 bytes
-    VendorLmsPubKeyIndex = 9,      // 4 bytes  (From Manifest)
-    VendorLmsPubKeyRevocation = 10, // 4 bytes  (From Fuse)
+    VendorPqcPubKeyIndex = 9,      // 4 bytes  (From Manifest)
+    VendorPqcPubKeyRevocation = 10, // 4 bytes  (From Fuse)
 }
 
 impl From<u32> for FuseLogEntryId {
@@ -44,8 +44,8 @@ impl From<u32> for FuseLogEntryId {
             6 => FuseLogEntryId::ManifestRtSvn,
             7 => FuseLogEntryId::ManifestReserved1,
             8 => FuseLogEntryId::FuseRtSvn,
-            9 => FuseLogEntryId::VendorLmsPubKeyIndex,
-            10 => FuseLogEntryId::VendorLmsPubKeyRevocation,
+            9 => FuseLogEntryId::VendorPqcPubKeyIndex,
+            10 => FuseLogEntryId::VendorPqcPubKeyRevocation,
             _ => FuseLogEntryId::Invalid,
         }
     }

drivers/src/memory_layout.rs

@@ -65,8 +65,8 @@ pub const MBOX_SIZE: u32 = 128 * 1024;
 pub const ICCM_SIZE: u32 = 128 * 1024;
 pub const DCCM_SIZE: u32 = 256 * 1024;
 pub const ROM_DATA_SIZE: u32 = 996;
-pub const MAN1_SIZE: u32 = 8 * 1024;
-pub const MAN2_SIZE: u32 = 8 * 1024;
+pub const MAN1_SIZE: u32 = 17 * 1024;
+pub const MAN2_SIZE: u32 = 17 * 1024;
 pub const FHT_SIZE: u32 = 2 * 1024;
 pub const IDEVID_MLDSA_PUB_KEY_MAX_SIZE: u32 = 3 * 1024;
 pub const LDEVID_TBS_SIZE: u32 = 1024;
@@ -79,7 +79,7 @@ pub const DPE_SIZE: u32 = 5 * 1024;
 pub const PCR_RESET_COUNTER_SIZE: u32 = 1024;
 pub const AUTH_MAN_IMAGE_METADATA_MAX_SIZE: u32 = 7 * 1024;
 pub const IDEVID_CSR_SIZE: u32 = 1024;
-pub const DATA_SIZE: u32 = 148 * 1024;
+pub const DATA_SIZE: u32 = 130 * 1024;
 pub const STACK_SIZE: u32 = 64 * 1024;
 pub const ROM_STACK_SIZE: u32 = 14 * 1024;
 pub const ESTACK_SIZE: u32 = 1024;

drivers/src/mldsa87.rs

@@ -20,11 +20,12 @@ use crate::{
 };
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_derive::cfi_impl_fn;
+use caliptra_cfi_derive::Launder;
 use caliptra_registers::mldsa::{MldsaReg, RegisterBlock};
 
 #[must_use]
 #[repr(u32)]
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Launder)]
 pub enum Mldsa87Result {
     Success = 0xAAAAAAAA,
     SigVerifyFailed = 0x55555555,

error/src/lib.rs

@@ -200,7 +200,7 @@ impl CaliptraError {
         CaliptraError::new_const(0x000b0019);
     pub const IMAGE_VERIFIER_ERR_OWNER_ECC_SIGNATURE_INVALID_ARG: CaliptraError =
         CaliptraError::new_const(0x000b001a);
-    pub const IMAGE_VERIFIER_ERR_VENDOR_PUB_KEY_DIGEST_INVALID_ARG: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_VENDOR_ECC_PUB_KEY_INVALID_ARG: CaliptraError =
         CaliptraError::new_const(0x000b001b);
     pub const IMAGE_VERIFIER_ERR_VENDOR_ECC_SIGNATURE_INVALID_ARG: CaliptraError =
         CaliptraError::new_const(0x000b001c);
@@ -236,7 +236,7 @@ impl CaliptraError {
         CaliptraError::new_const(0x000b002e);
     pub const IMAGE_VERIFIER_ERR_IMAGE_LEN_MORE_THAN_BUNDLE_SIZE: CaliptraError =
         CaliptraError::new_const(0x000b002f);
-    pub const IMAGE_VERIFIER_ERR_VENDOR_LMS_PUB_KEY_INDEX_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_VENDOR_PQC_PUB_KEY_INDEX_MISMATCH: CaliptraError =
         CaliptraError::new_const(0x000b0030);
     pub const IMAGE_VERIFIER_ERR_VENDOR_LMS_VERIFY_FAILURE: CaliptraError =
         CaliptraError::new_const(0x000b0031);
@@ -256,7 +256,7 @@ impl CaliptraError {
         CaliptraError::new_const(0x000b003b);
     pub const IMAGE_VERIFIER_ERR_RUNTIME_SIZE_ZERO: CaliptraError =
         CaliptraError::new_const(0x000b003c);
-    pub const IMAGE_VERIFIER_ERR_UPDATE_RESET_VENDOR_LMS_PUB_KEY_IDX_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_UPDATE_RESET_VENDOR_PQC_PUB_KEY_IDX_MISMATCH: CaliptraError =
         CaliptraError::new_const(0x000b003d);
     pub const IMAGE_VERIFIER_ERR_FMC_LOAD_ADDRESS_IMAGE_SIZE_ARITHMETIC_OVERFLOW: CaliptraError =
         CaliptraError::new_const(0x000b003e);
@@ -266,28 +266,52 @@ impl CaliptraError {
         CaliptraError::new_const(0x000b0040);
     pub const IMAGE_VERIFIER_ERR_DIGEST_OUT_OF_BOUNDS: CaliptraError =
         CaliptraError::new_const(0x000b0041);
-    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_MARKER_MISMATCH: CaliptraError =
-        CaliptraError::new_const(0x000b0042);
     pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_VERSION_MISMATCH: CaliptraError =
+        CaliptraError::new_const(0x000b0042);
+    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_HASH_COUNT_GT_MAX: CaliptraError =
         CaliptraError::new_const(0x000b0043);
-    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_INTENT_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_PQC_KEY_DESCRIPTOR_VERSION_MISMATCH: CaliptraError =
         CaliptraError::new_const(0x000b0044);
-    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_HASH_COUNT_GT_MAX: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_PQC_KEY_DESCRIPTOR_TYPE_MISMATCH: CaliptraError =
+        CaliptraError::new_const(0x000b0045);
+    pub const IMAGE_VERIFIER_ERR_PQC_KEY_DESCRIPTOR_HASH_COUNT_GT_MAX: CaliptraError =
         CaliptraError::new_const(0x000b0046);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_MARKER_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_INVALID_HASH_COUNT: CaliptraError =
         CaliptraError::new_const(0x000b0047);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_VERSION_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_PQC_KEY_DESCRIPTOR_INVALID_HASH_COUNT: CaliptraError =
         CaliptraError::new_const(0x000b0048);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_INTENT_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_FW_IMAGE_VERIFICATION_KEY_TYPE_INVALID: CaliptraError =
         CaliptraError::new_const(0x000b0049);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_TYPE_MISMATCH: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_LMS_VENDOR_PUB_KEY_INVALID: CaliptraError =
         CaliptraError::new_const(0x000b004a);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_HASH_COUNT_GT_MAX: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_LMS_VENDOR_SIG_INVALID: CaliptraError =
         CaliptraError::new_const(0x000b004b);
-    pub const IMAGE_VERIFIER_ERR_ECC_KEY_DESCRIPTOR_INVALID_HASH_COUNT: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_LMS_OWNER_PUB_KEY_INVALID: CaliptraError =
         CaliptraError::new_const(0x000b004c);
-    pub const IMAGE_VERIFIER_ERR_LMS_KEY_DESCRIPTOR_INVALID_HASH_COUNT: CaliptraError =
+    pub const IMAGE_VERIFIER_ERR_LMS_OWNER_SIG_INVALID: CaliptraError =
         CaliptraError::new_const(0x000b004d);
+    pub const IMAGE_VERIFIER_ERR_MLDSA_VENDOR_PUB_KEY_READ_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000b004e);
+    pub const IMAGE_VERIFIER_ERR_MLDSA_VENDOR_SIG_READ_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000b004f);
+    pub const IMAGE_VERIFIER_ERR_MLDSA_OWNER_PUB_KEY_READ_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000b0050);
+    pub const IMAGE_VERIFIER_ERR_MLDSA_OWNER_SIG_READ_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000b0051);
+    pub const IMAGE_VERIFIER_ERR_VENDOR_MLDSA_DIGEST_MISSING: CaliptraError =
+        CaliptraError::new_const(0x000b0052);
+    pub const IMAGE_VERIFIER_ERR_OWNER_MLDSA_DIGEST_MISSING: CaliptraError =
+        CaliptraError::new_const(0x000b0053);
+    pub const IMAGE_VERIFIER_ERR_VENDOR_MLDSA_VERIFY_FAILURE: CaliptraError =
+        CaliptraError::new_const(0x000b0054);
+    pub const IMAGE_VERIFIER_ERR_VENDOR_MLDSA_SIGNATURE_INVALID: CaliptraError =
+        CaliptraError::new_const(0x000b0055);
+    pub const IMAGE_VERIFIER_ERR_OWNER_MLDSA_VERIFY_FAILURE: CaliptraError =
+        CaliptraError::new_const(0x000b0056);
+    pub const IMAGE_VERIFIER_ERR_OWNER_MLDSA_SIGNATURE_INVALID: CaliptraError =
+        CaliptraError::new_const(0x000b0057);
+    pub const IMAGE_VERIFIER_ERR_MLDSA_TYPE_CONVERSION_FAILED: CaliptraError =
+        CaliptraError::new_const(0x000b0058);
 
     /// Driver Error: LMS
     pub const DRIVER_LMS_INVALID_LMS_ALGO_TYPE: CaliptraError =
@@ -480,6 +504,10 @@ impl CaliptraError {
         CaliptraError::new_const(0x000E0051);
     pub const RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM: CaliptraError =
         CaliptraError::new_const(0x000E0052);
+    pub const RUNTIME_AUTH_MANIFEST_LMS_VENDOR_PUB_KEY_INVALID: CaliptraError =
+        CaliptraError::new_const(0x000E0053);
+    pub const RUNTIME_AUTH_MANIFEST_LMS_OWNER_PUB_KEY_INVALID: CaliptraError =
+        CaliptraError::new_const(0x000E0054);
 
     /// FMC Errors
     pub const FMC_GLOBAL_NMI: CaliptraError = CaliptraError::new_const(0x000F0001);

fmc/Makefile

@@ -70,7 +70,7 @@ build-fw-image: gen-certs build-emu build-test-rt
 		create \
 		--key-config $(TARGET_DIR)/keys.toml \
 		--ecc-pk-idx 3 \
-		--lms-pk-idx 3 \
+		--pqc-pk-idx 3 \
 		--fmc $(TARGET_DIR)/caliptra-fmc \
 		--fmc-version 0 \
 		--fmc-svn 0 \