Skip to content

Commit

Permalink
[fix] CFI check for TRNG source
Browse files Browse the repository at this point in the history 
This fix addresses issue# #920
  • Loading branch information
@mhatrevi
mhatrevi committed Oct 12, 2023
1 parent 203e80c commit b3db033
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
4 changes: 4 additions & 0 deletions drivers/src/soc_ifc.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ impl SocIfc {
((val >> 31) & 1) != 0
}

pub fn hw_config_internal_trng(&mut self) -> bool {
self.soc_ifc.regs().cptra_hw_config().read().i_trng_en()
}

/// Enable or disable WDT1
///
/// # Arguments
Expand Down
10 changes: 8 additions & 2 deletions rom/dev/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ Abstract:
#![cfg_attr(feature = "fake-rom", allow(unused_imports))]

use crate::{lock::lock_registers, print::HexBytes};
use caliptra_cfi_lib::CfiCounter;
use caliptra_cfi_lib::{cfi_assert, cfi_assert_eq, CfiCounter};
use caliptra_registers::soc_ifc::SocIfcReg;
use core::hint::black_box;

use caliptra_drivers::{
cprintln, report_fw_error_fatal, report_fw_error_non_fatal, CaliptraError, Ecc384, Hmac384,
KeyVault, Mailbox, ResetReason, Sha256, Sha384, Sha384Acc, ShaAccLockState, SocIfc,
KeyVault, Mailbox, ResetReason, Sha256, Sha384, Sha384Acc, ShaAccLockState, SocIfc, Trng,
};
use caliptra_error::CaliptraResult;
use caliptra_image_types::RomInfo;
Expand Down Expand Up @@ -74,6 +74,12 @@ pub extern "C" fn rom_entry() -> ! {
cprintln!("[state] CFI Disabled");
}

// Check if TRNG is correctly sourced as per hw config.
match env.trng {
Trng::Internal(_) => cfi_assert!(env.soc_ifc.hw_config_internal_trng()),
Trng::External(_) => cfi_assert!(!env.soc_ifc.hw_config_internal_trng()),
}

let _lifecyle = match env.soc_ifc.lifecycle() {
caliptra_drivers::Lifecycle::Unprovisioned => "Unprovisioned",
caliptra_drivers::Lifecycle::Manufacturing => "Manufacturing",
Expand Down

0 comments on commit b3db033

Please sign in to comment.