Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self Signed FMC Alias Csr #1863

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Self Signed FMC Alias Csr #1863

wants to merge 1 commit into from
+846 −67

Conversation

rusty1968
Copy link
Contributor

  • FMC modfied to generate a self signed FMC Alias CSR test upon cold boot.
  • Persistent driver modified to add persistent memory for the FMC Alias CSR
  • Runtime modified to expose an API to retrieve it.
  • Test case created to verify the self signed FMC Alias CSR.
  • Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.

@rusty1968
Self Signed FMC Alias Csr
f87b445 
- FMC modfied to generate a  self signed FMC Alias CSR test upon cold boot.
- Persistent driver modified to add persistent memory for the FMC Alias CSR
- Runtime modified to expose an API to retrieve it.
- Test case created to verify the self signed FMC Alias CSR.
- Test case created to verify the RT Alias Certificate with the pub key of the FMC Alias CSR.
@rusty1968 rusty1968 self-assigned this Dec 19, 2024
@rusty1968 rusty1968 marked this pull request as ready for review December 19, 2024 18:14
clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
api/src/mailbox.rs
@@ -1010,6 +1016,41 @@ impl Default for GetIdevCsrResp {
}
}

// GET_IDEVID_CSR
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Minor copy paste error

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
drivers/src/persistent.rs
Comment on lines +238 to +239
#[cfg(feature = "fmc")]
reserved11: [u8; memory_layout::FMC_ALIAS_CSR_SIZE as usize - size_of::<FmcAliasCsr>()],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the fmc is not enabled, a slice of memory_layout::FMC_ALIAS_CSR_SIZE should still be reserved so PersistentData is the same size / shape between image types.

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
error/src/lib.rs
@@ -450,6 +450,9 @@ impl CaliptraError {
pub const RUNTIME_AUTH_MANIFEST_IMAGE_METADATA_LIST_DUPLICATE_FIRMWARE_ID: CaliptraError =
CaliptraError::new_const(0x000E0053);

pub const RUNTIME_GET_FMC_CSR_UNPROVISIONED: CaliptraError =
CaliptraError::new_const(0x000E0053);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0x000E0053 => 0x000E0054 so RUNTIME_GET_FMC_CSR_UNPROVISIONED has a unique error code.

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
fmc/src/flow/crypto.rs
/// # Arguments
///
/// * `env` - FMC Environment
/// * `priv_key` - Key slot to retrieve the private key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like pub_key is missing from the doc comment.

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
fmc/src/flow/fmc_alias_csr.rs
Comment on lines +28 to +32
/// * `hand_off` - HandOff
///
/// # Returns
///
/// * `DiceInput` - DICE Layer Input
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the doc string doesn't match the function signature.

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
runtime/src/get_fmc_alias_csr.rs
let csr_persistent_mem = &drivers.persistent_data.get().fmc_alias_csr;

match csr_persistent_mem.get_csr_len() {
FmcAliasCsr::UNPROVISIONED_CSR => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the 0 case matter? E.g. for FMC images that did not support this feature?

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
runtime/src/get_fmc_alias_csr.rs

pub struct GetFmcAliasCsrCmd;
impl GetFmcAliasCsrCmd {
// #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Commented code

clundin25
clundin25 reviewed Dec 19, 2024
View reviewed changes
runtime/src/get_fmc_alias_csr.rs
Comment on lines +42 to +43
// A valid `IDevIDCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max
// size of the buffer in `GetIdevCsrResp`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Copy and paste mismatch

jhand2
jhand2 reviewed Dec 20, 2024
View reviewed changes
common/src/lib.rs
@@ -38,9 +38,9 @@ pub use fuse::{FuseLogEntry, FuseLogEntryId};
pub use pcr::{PcrLogEntry, PcrLogEntryId, RT_FW_CURRENT_PCR, RT_FW_JOURNEY_PCR};

pub const FMC_ORG: u32 = 0x40000000;
pub const FMC_SIZE: u32 = 20 * 1024;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the size-history CI job, we're still only using ~18KiB in FMC. Do we need to change the size here?

jhand2
jhand2 reviewed Dec 20, 2024
View reviewed changes
drivers/src/memory_layout.rs
@@ -74,7 +75,8 @@ pub const DPE_SIZE: u32 = 5 * 1024;
pub const PCR_RESET_COUNTER_SIZE: u32 = 1024;
pub const AUTH_MAN_IMAGE_METADATA_MAX_SIZE: u32 = 7 * 1024;
pub const IDEVID_CSR_SIZE: u32 = 1024;
pub const DATA_SIZE: u32 = 27 * 1024;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: now that #1722 is merged, should be able to just add to the PersistentData driver and leave memory layout as-is

jhand2
jhand2 reviewed Dec 20, 2024
View reviewed changes
drivers/src/persistent.rs
@@ -164,6 +231,12 @@ pub struct PersistentData {

pub idevid_csr: IdevIdCsr,
reserved10: [u8; memory_layout::IDEVID_CSR_SIZE as usize - size_of::<IdevIdCsr>()],

#[cfg(feature = "fmc")]
pub fmc_alias_csr: FmcAliasCsr,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this also need to be accessible in RT?

jhand2
jhand2 reviewed Dec 20, 2024
View reviewed changes
runtime/src/main.rs
\____\__,_|_|_| .__/ \__|_| \__,_| |_| \_\|_|
|_|
"#;
const BANNER: &str = r#"Caliptra RT"#;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional: might be good to put size optimizations in a separate PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clundin25 clundin25 clundin25 left review comments

@jhand2 jhand2 jhand2 left review comments

@fdamato fdamato Awaiting requested review from fdamato fdamato is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 is a code owner

@mhatrevi mhatrevi Awaiting requested review from mhatrevi mhatrevi is a code owner

@swenson swenson Awaiting requested review from swenson swenson is a code owner

@vsonims vsonims Awaiting requested review from vsonims vsonims is a code owner

@FerralCoder FerralCoder Awaiting requested review from FerralCoder FerralCoder is a code owner

@ajisaxena ajisaxena Awaiting requested review from ajisaxena ajisaxena is a code owner

@jlmahowa-amd jlmahowa-amd Awaiting requested review from jlmahowa-amd jlmahowa-amd is a code owner

@korran korran Awaiting requested review from korran korran is a code owner

@JohnTraverAmd JohnTraverAmd Awaiting requested review from JohnTraverAmd JohnTraverAmd is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@rusty1968 rusty1968

Labels
Caliptra v1.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rusty1968 @jhand2 @clundin25