Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unify separate FMC and RT SVNs into a single firmware SVN. #1767

Closed
wants to merge 1 commit into from
Closed

Unify separate FMC and RT SVNs into a single firmware SVN. #1767

wants to merge 1 commit into from

Conversation

bluegate010
Copy link
Contributor

@bluegate010 bluegate010 commented Nov 2, 2024
edited
Loading

Apologies for the size of this PR.

With this change, there is now a singular SVN representing the security state of both FMC and Runtime. This is done as part of enabling Stable Identity in ROM, which can only easily be implemented in terms of a single SVN.

This does not alter the external API for Caliptra, with the sole exception that what was previously reported as the FMC's SVN is now the value of the (FMC+RT) FW SVN as it was during cold-boot.

  • The FMC and Runtime images still each carry an SVN, but this is done only for backwards compatibility in the build tooling, and ROM ensures the two SVNs are equal.
  • The FMC and Runtime alias certificates still each carry an SVN.
  • The FMC alias certificate's SVN is the value that the firmware's SVN was at cold-boot.
  • The Runtime alias certificate's SVN is the value that the firmware's SVN was at the last update-reset.

See additional commentary in #1703.

@bluegate010 bluegate010 linked an issue Nov 2, 2024 that may be closed by this pull request
Deprecate FMC SVN #1703
Open
@mhatrevi mhatrevi added the Caliptra v2.0 Items to be considered for v2.0 Release label Nov 4, 2024
@bluegate010 bluegate010 changed the title Deprecate FMC SVN. Deprecate separate FMC and RT SVNs, in favor of a unified firmware SVN. Nov 5, 2024
@bluegate010 bluegate010 changed the title Deprecate separate FMC and RT SVNs, in favor of a unified firmware SVN. Unify separate FMC and RT SVNs into a single firmware SVN. Nov 5, 2024
@bluegate010 bluegate010 mentioned this pull request Nov 6, 2024
Merged
@bluegate010 bluegate010 force-pushed the svn-deprecation branch 2 times, most recently from 60ec50f to 3ee5ce0 Compare November 7, 2024 18:21
mhatrevi
mhatrevi previously approved these changes Nov 11, 2024
View reviewed changes
mhatrevi
mhatrevi previously approved these changes Nov 11, 2024
View reviewed changes
jhand2
jhand2 reviewed Nov 11, 2024
View reviewed changes
drivers/src/fuse_log.rs Outdated Show resolved Hide resolved
error/README.md Outdated Show resolved Hide resolved
error/src/lib.rs Outdated Show resolved Hide resolved
error/src/lib.rs Outdated Show resolved Hide resolved
hw-model/src/lib.rs Outdated Show resolved Hide resolved
rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs Outdated Show resolved Hide resolved
rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs Outdated Show resolved Hide resolved
rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs Outdated Show resolved Hide resolved
rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs Show resolved Hide resolved
test/tests/caliptra_integration_tests/smoke_test.rs Outdated Show resolved Hide resolved
@bluegate010 bluegate010 force-pushed the svn-deprecation branch 5 times, most recently from b65e8e0 to ca0fafc Compare November 17, 2024 19:21
@bluegate010 bluegate010 marked this pull request as draft November 19, 2024 04:40
@bluegate010
Copy link
Contributor Author

bluegate010 commented Nov 19, 2024
edited
Loading

Update: this will be split into a couple PRs. First PR in #1802

@bluegate010 bluegate010 force-pushed the svn-deprecation branch 4 times, most recently from 2057102 to c83dd35 Compare November 27, 2024 04:23
@bluegate010
Deprecate FMC SVN from build tooling and firmware.
ec8091b 
- The reported FMC SVN is now called the cold-boot firmware SVN.
- Build tooling can no longer set distinct FMC and RT FW SVNs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhand2 jhand2 jhand2 left review comments

@vsonims vsonims vsonims requested changes

@mhatrevi mhatrevi mhatrevi left review comments

@fdamato fdamato Awaiting requested review from fdamato fdamato is a code owner

@wmaroneAMD wmaroneAMD Awaiting requested review from wmaroneAMD wmaroneAMD is a code owner

@JohnTraverAmd JohnTraverAmd Awaiting requested review from JohnTraverAmd JohnTraverAmd is a code owner

@jlmahowa-amd jlmahowa-amd Awaiting requested review from jlmahowa-amd jlmahowa-amd is a code owner

@korran korran Awaiting requested review from korran korran is a code owner

@swenson swenson Awaiting requested review from swenson swenson is a code owner

@nquarton nquarton Awaiting requested review from nquarton nquarton is a code owner

@rusty1968 rusty1968 Awaiting requested review from rusty1968 rusty1968 is a code owner

@FerralCoder FerralCoder Awaiting requested review from FerralCoder FerralCoder is a code owner

@ajisaxena ajisaxena Awaiting requested review from ajisaxena ajisaxena is a code owner

Assignees
No one assigned
Labels
Caliptra v2.0 Items to be considered for v2.0 Release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Deprecate FMC SVN
4 participants
@bluegate010 @jhand2 @mhatrevi @vsonims