Merge branch 'caliptra-common' into pr954

Cargo.toml

@@ -22,6 +22,7 @@ exclude = [
 ]
 
 members = [
+  "api",
   "builder",
   "cfi/lib",
   "cfi/derive",
@@ -83,6 +84,7 @@ asn1 = "0.13.0"
 bitfield = "0.14.0"
 bitflags = "2.0.1"
 bit-vec = "0.6.3"
+caliptra-api = { path = "api" }
 caliptra-cfi-lib = { path = "cfi/lib", default-features = false, features = ["cfi", "cfi-counter" ] }
 caliptra-cfi-derive = { path = "cfi/derive" }
 caliptra_common = { path = "common", default-features = false }

FROZEN_IMAGES.sha384sum

@@ -1,3 +1,3 @@
 # WARNING: Do not update this file without the approval of the Caliptra TAC
-fc2237cea5f3517a9f5475f508e8a021df16371d099550e59eab34c0ab7d3954206719a0a58f7aa4bdd41d1dbd9a3faa  caliptra-rom-no-log.bin
-c428fb65379fd3884d0f2865191ba2fdd1c9c9e00e3756c1a7afb8c7f3c1f6c54fd294674ac49fec24ac4932c49fbc05  caliptra-rom-with-log.bin
+f9db2f9623da514dedb5b5a8b3ca31e509ad2baff0b8ffc4ea3f362ae0325d0e2cae126fe42c91ad2235621edc1f5d08  caliptra-rom-no-log.bin
+4c39f5227a53d7adc996aaff7118893f23d5307e167ce36a222b00d31a425ef0279aa308cac3f15ed75779bc0d24d8cd  caliptra-rom-with-log.bin

api/Cargo.toml

@@ -0,0 +1,13 @@
+# Licensed under the Apache-2.0 license
+
+[package]
+name = "caliptra-api"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+bitflags.workspace = true
+caliptra-error.workspace = true
+zerocopy.workspace = true

api/src/lib.rs

@@ -0,0 +1,11 @@
+// Licensed under the Apache-2.0 license
+
+#![no_std]
+
+mod capabilities;
+mod checksum;
+pub mod mailbox;
+
+pub use caliptra_error as error;
+pub use capabilities::Capabilities;
+pub use checksum::{calc_checksum, verify_checksum};

common/src/mailbox_api.rs → api/src/mailbox.rs

@@ -1,6 +1,6 @@
 // Licensed under the Apache-2.0 license
 
-use caliptra_drivers::{CaliptraError, CaliptraResult};
+use caliptra_error::{CaliptraError, CaliptraResult};
 use core::mem::size_of;
 use zerocopy::{AsBytes, FromBytes, LayoutVerified};
 

common/Cargo.toml

@@ -13,6 +13,7 @@ caliptra-cpu.workspace = true
 caliptra-drivers.workspace = true
 caliptra-image-types = { workspace = true, default-features = false }
 caliptra-image-verify.workspace = true
+caliptra-api.workspace = true
 caliptra-registers.workspace = true
 ufmt.workspace = true
 zerocopy.workspace = true

common/src/lib.rs

@@ -3,14 +3,17 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
 pub mod boot_status;
-pub mod capabilities;
-pub mod checksum;
+pub mod capabilities {
+    pub use caliptra_api::Capabilities;
+}
+pub mod checksum {
+    pub use caliptra_api::{calc_checksum, verify_checksum};
+}
 pub mod crypto;
 pub mod dice;
 pub mod error_handler;
 pub mod fips;
 pub mod keyids;
-pub mod mailbox_api;
 pub mod verifier;
 pub mod wdt;
 
@@ -21,6 +24,7 @@ pub use hand_off::{
 };
 
 pub use boot_status::RomBootStatus;
+pub use caliptra_api::mailbox as mailbox_api;
 pub use caliptra_drivers::cprint;
 pub use caliptra_drivers::cprintln;
 pub use caliptra_drivers::fuse_log as fuse;

drivers/src/csrng.rs

@@ -26,21 +26,12 @@ use caliptra_registers::csrng::CsrngReg;
 use caliptra_registers::entropy_src::{self, regs::AlertFailCountsReadVal, EntropySrcReg};
 use caliptra_registers::soc_ifc::{self, SocIfcReg};
 
-use core::array;
+use core::mem::MaybeUninit;
 
 // https://opentitan.org/book/hw/ip/csrng/doc/theory_of_operation.html#command-description
 const MAX_SEED_WORDS: usize = 12;
 const WORDS_PER_BLOCK: usize = 4;
 
-struct IsCompleteBlocks<const NUM_WORDS: usize>;
-
-impl<const NUM_WORDS: usize> IsCompleteBlocks<NUM_WORDS> {
-    const ASSERT: () = assert!(
-        NUM_WORDS != 0 && NUM_WORDS % WORDS_PER_BLOCK == 0,
-        "NUM_WORDS must be non-zero and divisible by WORDS_PER_BLOCK"
-    );
-}
-
 /// A unique handle to the underlying CSRNG peripheral.
 pub struct Csrng {
     csrng: CsrngReg,
@@ -141,51 +132,35 @@ impl Csrng {
     /// }
     /// ```
     pub fn generate12(&mut self) -> CaliptraResult<[u32; 12]> {
-        self.generate()
-    }
-
-    /// Return 16 randomly generated [`u32`]s.
-    ///
-    /// # Errors
-    ///
-    /// Returns an error if the internal generate command fails.
-    ///
-    /// # Examples
-    ///
-    /// ```no_run
-    /// let mut csrng = ...;
-    ///
-    /// let random_words: [u32; 16] = csrng.generate()?;
-    ///
-    /// for word in random_words {
-    ///     // Do something with `word`.
-    /// }
-    /// ```
-    pub fn generate16(&mut self) -> CaliptraResult<[u32; 16]> {
-        self.generate()
-    }
-
-    fn generate<const N: usize>(&mut self) -> CaliptraResult<[u32; N]> {
-        #[allow(clippy::let_unit_value)]
-        let _ = IsCompleteBlocks::<N>::ASSERT;
-
         check_for_alert_state(self.entropy_src.regs())?;
 
         send_command(
             &mut self.csrng,
             Command::Generate {
-                num_128_bit_blocks: N / WORDS_PER_BLOCK,
+                num_128_bit_blocks: 12 / WORDS_PER_BLOCK,
             },
         )?;
 
-        Ok(array::from_fn(|i| {
-            if i % WORDS_PER_BLOCK == 0 {
-                // Wait for CSRNG to generate next block of words.
-                wait::until(|| self.csrng.regs().genbits_vld().read().genbits_vld());
-            }
-
-            self.csrng.regs().genbits().read()
-        }))
+        let mut result = MaybeUninit::<[u32; 12]>::uninit();
+        let dest = result.as_mut_ptr() as *mut u32;
+        unsafe {
+            wait::until(|| self.csrng.regs().genbits_vld().read().genbits_vld());
+            dest.add(0).write(self.csrng.regs().genbits().read());
+            dest.add(1).write(self.csrng.regs().genbits().read());
+            dest.add(2).write(self.csrng.regs().genbits().read());
+            dest.add(3).write(self.csrng.regs().genbits().read());
+            wait::until(|| self.csrng.regs().genbits_vld().read().genbits_vld());
+            dest.add(4).write(self.csrng.regs().genbits().read());
+            dest.add(5).write(self.csrng.regs().genbits().read());
+            dest.add(6).write(self.csrng.regs().genbits().read());
+            dest.add(7).write(self.csrng.regs().genbits().read());
+            wait::until(|| self.csrng.regs().genbits_vld().read().genbits_vld());
+            dest.add(8).write(self.csrng.regs().genbits().read());
+            dest.add(9).write(self.csrng.regs().genbits().read());
+            dest.add(10).write(self.csrng.regs().genbits().read());
+            dest.add(11).write(self.csrng.regs().genbits().read());
+            Ok(result.assume_init())
+        }
     }
 
     pub fn reseed(&mut self, seed: Seed) -> CaliptraResult<()> {

drivers/test-fw/src/bin/csrng_tests.rs

@@ -31,23 +31,22 @@ fn test_ctr_drbg_ctr0_smoke() {
         0x5600419c, 0xca79b0b0, 0xdda33b5c, 0xa468649e, 0xdf5d73fa,
     ]);
 
-    const EXPECTED_OUTPUT: [u32; 16] = [
-        0xe48bb8cb, 0x1012c84c, 0x5af8a7f1, 0xd1c07cd9, 0xdf82ab22, 0x771c619b, 0xd40fccb1,
-        0x87189e99, 0x510494b3, 0x64f7ac0c, 0x2581f391, 0x80b1dc2f, 0x793e01c5, 0x87b107ae,
-        0xdb17514c, 0xa43c41b7,
+    const EXPECTED_OUTPUT: [u32; 12] = [
+        0x725eda90, 0xc79b4a14, 0xe43b74ac, 0x9d9a938b, 0xc395a610, 0x4c5a1483, 0xa45f15e8,
+        0x2708cbef, 0x89eb63a9, 0x70cdc6bc, 0x710daba1, 0xed39808c,
     ];
 
     let mut csrng =
         Csrng::with_seed(csrng_reg, entropy_src_reg, &soc_ifc_reg, SEED).expect("construct CSRNG");
 
     // The original OpenTitan test tosses the first call to generate.
     let _ = csrng
-        .generate16()
+        .generate12()
         .expect("first call to generate should work");
 
     assert_eq!(
         csrng
-            .generate16()
+            .generate12()
             .expect("second call to generate should work"),
         EXPECTED_OUTPUT
     );

fmc/README.md

@@ -429,6 +429,19 @@ regardless of which reset path caused it to be executed.
 FMC does not participate in Caliptra update/recovery flows. FMC is designed such that it does not perform any different steps during update
 and simply behaves the same as it does during other cold/warm resets.
 
+## Fake FMC
+
+Fake FMC is a variation of the FMC intended to be used in the verification/enabling stages of development. The purpose is to greatly reduce the boot time for pre-Si environments by eliminating certain steps from the boot flow.
+
+**Differences from normal FMC:**
+Currently, Fake FMC directly proceeds to runtime without generating the RT Alias Cert. In the future, there will be a static cert and a corresponding private key will be used by runtime to support the DICE challenge flow.
+
+**How to use:**
+- Fake FMC is provided in the release along with the normal collateral.
+- The image builder exposes the argument "fake" that can be used to generate the fake versions
+
+Fake FMC should be used with the Fake ROM. Details can be found in the ROM readme.
+
 ## Future
 
 - Current POR is for FIPS Crypto boundary to encompass all of Caliptra FW, including ROM, FMC, and Runtime. With this boundary, there is no need for any

hw-model/Cargo.toml

@@ -16,12 +16,12 @@ itrng = ["caliptra-verilated?/itrng"]
 [dependencies]
 bitfield.workspace = true
 bit-vec.workspace = true
-caliptra_common = { workspace = true, default-features = false }
 caliptra-emu-bus.workspace = true
 caliptra-emu-cpu.workspace = true
 caliptra-emu-periph.workspace = true
 caliptra-emu-types.workspace = true
 caliptra-hw-model-types.workspace = true
+caliptra-api.workspace = true
 caliptra-registers.workspace = true
 caliptra-verilated = { workspace = true, optional = true }
 rand.workspace = true