Skip to content

Commit

Permalink
Merge branch 'main' into vmhatre/update-auth-man-doc
Browse files Browse the repository at this point in the history
mhatrevi authored Jan 29, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents 7f535d6 + 37dc9b1 commit 4f7bf69
Showing 14 changed files with 495 additions and 24 deletions.
10 changes: 6 additions & 4 deletions .github/workflows/nightly-release.yml
Original file line number Diff line number Diff line change
@@ -292,14 +292,16 @@ jobs:
rom-logging: false
rom-version: "1.1"

# The current 1.0.x ROM used in CI will overflow the stack into unused space
# We disable the stack overflow check (sw_emu_stack_check_disable) when testing against that ROM
sw-emulator-hw-1_0-full-suite-etrng-log:
name: sw-emulator Suite (etrng, log)
needs: find-latest-release
if: needs.find-latest-release.outputs.create_release
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.0-etrng-log
extra-features: hw-1.0,slow_tests
extra-features: hw-1.0,slow_tests,sw_emu_stack_check_disable
rom-logging: true
rom-version: "1.0"

@@ -310,7 +312,7 @@ jobs:
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog
extra-features: hw-1.0,slow_tests
extra-features: hw-1.0,slow_tests,sw_emu_stack_check_disable
rom-logging: false
rom-version: "1.0"

@@ -321,7 +323,7 @@ jobs:
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.0-itrng-log
extra-features: hw-1.0,slow_tests,itrng
extra-features: hw-1.0,slow_tests,itrng,sw_emu_stack_check_disable
rom-logging: true
rom-version: "1.0"

@@ -332,7 +334,7 @@ jobs:
uses: ./.github/workflows/fw-test-emu.yml
with:
artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog
extra-features: hw-1.0,slow_tests,itrng
extra-features: hw-1.0,slow_tests,itrng,sw_emu_stack_check_disable
rom-logging: false
rom-version: "1.0"

4 changes: 2 additions & 2 deletions api/src/mailbox.rs
Original file line number Diff line number Diff line change
@@ -630,7 +630,7 @@ pub struct CertifyKeyExtendedResp {
pub certify_key_resp: [u8; CertifyKeyExtendedResp::CERTIFY_KEY_RESP_SIZE],
}
impl CertifyKeyExtendedResp {
pub const CERTIFY_KEY_RESP_SIZE: usize = 2176;
pub const CERTIFY_KEY_RESP_SIZE: usize = 6272;
}
impl Response for CertifyKeyExtendedResp {}

@@ -700,7 +700,7 @@ pub struct InvokeDpeResp {
pub data: [u8; InvokeDpeResp::DATA_MAX_SIZE], // variable length
}
impl InvokeDpeResp {
pub const DATA_MAX_SIZE: usize = 2200;
pub const DATA_MAX_SIZE: usize = 6556;
}
impl ResponseVarSize for InvokeDpeResp {}

22 changes: 20 additions & 2 deletions builder/bin/image_gen.rs
Original file line number Diff line number Diff line change
@@ -5,12 +5,14 @@ use caliptra_builder::version;
use caliptra_builder::ImageOptions;
use caliptra_image_types::ImageHeader;
use caliptra_image_types::ImageManifest;
use caliptra_image_types::ImageSignatures;
use clap::{arg, value_parser, Command};
use memoffset::{offset_of, span_of};
use serde_json::{json, to_string_pretty};
use sha2::{Digest, Sha384};
use std::collections::HashSet;
use std::path::PathBuf;
use zerocopy::FromBytes;

fn main() {
let args = Command::new("image-gen")
@@ -43,6 +45,8 @@ fn main() {
.value_parser(value_parser!(PathBuf))
)
.arg(arg!(--"zeros" "Build an image bundle with zero'd FMC and RT. This will NMI immediately."))
.arg(arg!(--"owner-sig-override" [FILE] "Manually overwrite the owner_sigs of the FW bundle image with the contents of binary [FILE]. The signature should be an ECC signature concatenated with an LMS signature").value_parser(value_parser!(PathBuf)))
.arg(arg!(--"vendor-sig-override" [FILE] "Manually overwrite the vendor_sigs of the FW bundle image with the contents of binary [FILE]. The signature should be an ECC signature concatenated with an LMS signature").value_parser(value_parser!(PathBuf)))
.get_matches();

if let Some(path) = args.get_one::<PathBuf>("rom-no-log") {
@@ -81,7 +85,7 @@ fn main() {
)
.unwrap()
} else {
caliptra_builder::build_and_sign_image(
let mut image = caliptra_builder::build_and_sign_image(
&firmware::FMC_WITH_UART,
&firmware::APP_WITH_UART,
ImageOptions {
@@ -92,7 +96,21 @@ fn main() {
..Default::default()
},
)
.unwrap()
.unwrap();

if let Some(path) = args.get_one::<PathBuf>("owner-sig-override") {
let sig_override = std::fs::read(path).unwrap();
image.manifest.preamble.owner_sigs =
ImageSignatures::read_from_bytes(&sig_override).unwrap();
}

if let Some(path) = args.get_one::<PathBuf>("vendor-sig-override") {
let sig_override = std::fs::read(path).unwrap();
image.manifest.preamble.vendor_sigs =
ImageSignatures::read_from_bytes(&sig_override).unwrap();
}

image
};

let contents = image.to_bytes().unwrap();
10 changes: 5 additions & 5 deletions drivers/src/memory_layout.rs
Original file line number Diff line number Diff line change
@@ -24,9 +24,9 @@ pub const CFI_STATE_ORG: u32 = 0x500003E4; // size = 6 words
pub const BOOT_STATUS_ORG: u32 = 0x500003FC;
pub const PERSISTENT_DATA_ORG: u32 = 0x50000400;

pub const DATA_ORG: u32 = 0x5000D800;
pub const DATA_ORG: u32 = 0x50009C00;

pub const STACK_ORG: u32 = 0x5000f800;
pub const STACK_ORG: u32 = 0x5000A400;
pub const ROM_STACK_ORG: u32 = 0x5001C000;

pub const ESTACK_ORG: u32 = 0x5001F800;
@@ -45,16 +45,16 @@ pub const ROM_NSTACK_ORG: u32 = 0x5001FC00;
// reserved for future use and then allocating the rest of the DCCM.
//
// The `DATA_SIZE` variable reflects the leftover space.
pub const PERSISTENT_DATA_SIZE: u32 = 53 * 1024;
pub const PERSISTENT_DATA_SIZE: u32 = 38 * 1024;

pub const ROM_RELAXATION_PADDING: u32 = 4 * 1024;
pub const ROM_SIZE: u32 = 48 * 1024;
pub const MBOX_SIZE: u32 = 128 * 1024;
pub const ICCM_SIZE: u32 = 128 * 1024;
pub const DCCM_SIZE: u32 = 128 * 1024;
pub const ROM_DATA_SIZE: u32 = 996;
pub const DATA_SIZE: u32 = 8 * 1024;
pub const STACK_SIZE: u32 = 64 * 1024;
pub const DATA_SIZE: u32 = 2 * 1024;
pub const STACK_SIZE: u32 = 85 * 1024;
pub const ROM_STACK_SIZE: u32 = 14 * 1024;
pub const ESTACK_SIZE: u32 = 1024;
pub const ROM_ESTACK_SIZE: u32 = 1024;
2 changes: 1 addition & 1 deletion drivers/src/persistent.rs
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ pub const DPE_SIZE: u32 = 5 * 1024;
pub const PCR_RESET_COUNTER_SIZE: u32 = 1024;
pub const AUTH_MAN_IMAGE_METADATA_MAX_SIZE: u32 = 7 * 1024;
pub const IDEVID_CSR_SIZE: u32 = 1024;
pub const RESERVED_MEMORY_SIZE: u32 = 19 * 1024;
pub const RESERVED_MEMORY_SIZE: u32 = 4 * 1024;

pub const PCR_LOG_MAX_COUNT: usize = 17;
pub const FUSE_LOG_MAX_COUNT: usize = 62;
4 changes: 2 additions & 2 deletions libcaliptra/inc/caliptra_enums.h
Original file line number Diff line number Diff line change
@@ -103,8 +103,8 @@ enum dpe_error_codes {
DPE_RAND_ERROR = 0x1007,
};

#define DPE_PROFILE_256 1
#define DPE_PROFILE_384 2
#define DPE_PROFILE_256 3
#define DPE_PROFILE_384 4

enum dpe_profile {
P256Sha256 = DPE_PROFILE_256,
4 changes: 2 additions & 2 deletions libcaliptra/inc/caliptra_types.h
Original file line number Diff line number Diff line change
@@ -204,7 +204,7 @@ struct caliptra_certify_key_extended_req {

struct caliptra_certify_key_extended_resp {
struct caliptra_resp_header hdr;
uint8_t certify_key_resp[2176];
uint8_t certify_key_resp[6272];
};

struct caliptra_fips_version_resp {
@@ -243,7 +243,7 @@ struct dpe_resp_hdr {


#define DPE_HANDLE_SIZE 16
#define DPE_CERT_SIZE 2048
#define DPE_CERT_SIZE 6144

#ifndef DPE_PROFILE
#define DPE_PROFILE DPE_PROFILE_384
452 changes: 449 additions & 3 deletions runtime/tests/runtime_integration_tests/test_authorize_and_stash.rs

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@ use zerocopy::{FromBytes, IntoBytes, TryFromBytes};

use crate::common::{run_rt_test, RuntimeTestArgs};

fn update_fw(model: &mut DefaultHwModel, rt_fw: &FwId<'static>, image_opts: ImageOptions) {
pub fn update_fw(model: &mut DefaultHwModel, rt_fw: &FwId<'static>, image_opts: ImageOptions) {
let image = caliptra_builder::build_and_sign_image(&FMC_WITH_UART, rt_fw, image_opts)
.unwrap()
.to_bytes()
3 changes: 3 additions & 0 deletions sw-emulator/lib/cpu/Cargo.toml
Original file line number Diff line number Diff line change
@@ -15,3 +15,6 @@ caliptra-emu-derive.workspace = true
caliptra-emu-types.workspace = true
lazy_static.workspace = true
tock-registers.workspace = true

[features]
"sw_emu_stack_check_disable" = []
1 change: 1 addition & 0 deletions sw-emulator/lib/cpu/src/cpu.rs
Original file line number Diff line number Diff line change
@@ -402,6 +402,7 @@ impl<TBus: Bus> Cpu<TBus> {
/// * `RvException` - Exception with cause `RvExceptionCause::IllegalRegister`
pub fn write_xreg(&mut self, reg: XReg, val: RvData) -> Result<(), RvException> {
// XReg::X2 is the sp register.
#[cfg(not(feature = "sw_emu_stack_check_disable"))]
if reg == XReg::X2 {
self.check_stack(val);
}
2 changes: 1 addition & 1 deletion test/dpe_verification/transport.go
Original file line number Diff line number Diff line change
@@ -233,7 +233,7 @@ func (s *CptraModel) GetProfileMajorVersion() uint16 {
}

func (s *CptraModel) GetProfileMinorVersion() uint16 {
return 10
return 11
}

func (s *CptraModel) GetProfileVendorID() uint32 {
1 change: 1 addition & 0 deletions zero_bin/Cargo.toml
Original file line number Diff line number Diff line change
@@ -22,3 +22,4 @@ default = ["std"]
std = ["caliptra_common/std"]
riscv = []
fmc = []
"hw-1.0" = []

0 comments on commit 4f7bf69

Please sign in to comment.