diff --git a/.github/workflows/fpga.yml b/.github/workflows/fpga.yml index 84c84388b1..5f143ea03a 100644 --- a/.github/workflows/fpga.yml +++ b/.github/workflows/fpga.yml @@ -22,6 +22,9 @@ on: hw-version: default: "latest" type: string + rom-version: + default: "latest" + type: string workflow_call: description: 'Set true for workflow_call' default: true @@ -161,6 +164,9 @@ jobs: run: | export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc" export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT" + if [ "${{ inputs.rom-version }}" != "latest" ]; then + export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}" + fi if [ "${{ inputs.workflow_call }}" ]; then FEATURES=fpga_realtime,${{ inputs.extra-features }} @@ -420,11 +426,6 @@ jobs: TEST_BIN=/tmp/caliptra-test-binaries VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1" - if [[ "${{ inputs.workflow_call }}" && "${{ inputs.hw-version }}" != "latest" ]]; then - VARS+=" FIPS_TEST_HW_EXP_VERSION=1_0_0" - VARS+=" FIPS_TEST_ROM_EXP_VERSION=1_0_1" - fi - if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART" elif [ "${{ inputs.rom-logging }}" == false ]; then @@ -433,7 +434,12 @@ jobs: echo "Unexpected inputs.rom-logging: ${{ inputs.rom-logging }}" exit 1 fi - echo CPTRA_ROM_TYPE=${CPTRA_ROM_TYPE} + + if [[ "${{ inputs.workflow_call }}" && "${{ inputs.rom-version }}" != "latest" ]]; then + VARS+=" CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"" + fi + + echo VARS=${VARS} COMMON_ARGS=( --cargo-metadata="${TEST_BIN}/target/nextest/cargo-metadata.json" diff --git a/.github/workflows/fw-test-emu.yml b/.github/workflows/fw-test-emu.yml index 06fdfca5df..33d270edb7 100644 --- a/.github/workflows/fw-test-emu.yml +++ b/.github/workflows/fw-test-emu.yml @@ -13,6 +13,9 @@ on: rom-logging: default: true type: boolean + rom-version: + default: "latest" + type: string jobs: build_and_test: @@ -57,6 +60,9 @@ jobs: - name: Run tests run: | export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware + if [ "${{ inputs.rom-version }}" != "latest" ]; then + export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}" + fi if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then export CPTRA_ROM_TYPE=ROM_WITH_UART @@ -67,11 +73,6 @@ jobs: exit 1 fi - if [[ ${{ inputs.extra-features }} == *"hw-1.0"* ]]; then - export FIPS_TEST_HW_EXP_VERSION=1_0_0 - export FIPS_TEST_ROM_EXP_VERSION=1_0_1 - fi - # Workaround https://github.com/nextest-rs/nextest/issues/267 export LD_LIBRARY_PATH=$(rustc --print sysroot)/lib diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml index d67ee3d39f..105d4e2059 100644 --- a/.github/workflows/nightly-release.yml +++ b/.github/workflows/nightly-release.yml @@ -23,7 +23,6 @@ jobs: - uses: actions/checkout@v3 with: submodules: 'true' - ref: 'main' fetch-depth: 0 - name: Find latest release @@ -66,6 +65,7 @@ jobs: artifact-suffix: -fpga-realtime-hw-1.0-etrng-log extra-features: slow_tests hw-version: "1.0" + rom-version: "1.0" rom-logging: true fpga-itrng: false @@ -78,6 +78,7 @@ jobs: artifact-suffix: -fpga-realtime-hw-1.0-etrng-nolog extra-features: slow_tests hw-version: "1.0" + rom-version: "1.0" rom-logging: false fpga-itrng: false @@ -90,6 +91,7 @@ jobs: artifact-suffix: -fpga-realtime-hw-1.0-itrng-log extra-features: slow_tests,itrng hw-version: "1.0" + rom-version: "1.0" rom-logging: true fpga-itrng: true @@ -102,6 +104,59 @@ jobs: artifact-suffix: -fpga-realtime-hw-1.0-itrng-nolog extra-features: slow_tests,itrng hw-version: "1.0" + rom-version: "1.0" + rom-logging: false + fpga-itrng: true + + fpga-1_1-full-suite-etrng-log: + name: FPGA Suite (1.1, etrng, log) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fpga.yml + with: + artifact-suffix: -fpga-realtime-rom-1.1-etrng-log + extra-features: slow_tests + hw-version: "latest" + rom-version: "1.1" + rom-logging: true + fpga-itrng: false + + fpga-1_1-full-suite-etrng-nolog: + name: FPGA Suite (1.1, etrng, nolog) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fpga.yml + with: + artifact-suffix: -fpga-realtime-rom-1.1-etrng-nolog + extra-features: slow_tests + hw-version: "latest" + rom-version: "1.1" + rom-logging: false + fpga-itrng: false + + fpga-1_1-full-suite-itrng-log: + name: FPGA Suite (1.1, itrng, log) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fpga.yml + with: + artifact-suffix: -fpga-realtime-rom-1.1-itrng-log + extra-features: slow_tests,itrng + hw-version: "latest" + rom-version: "1.1" + rom-logging: true + fpga-itrng: true + + fpga-1_1-full-suite-itrng-nolog: + name: FPGA Suite (1.1, itrng, nolog) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fpga.yml + with: + artifact-suffix: -fpga-realtime-rom-1.1-itrng-nolog + extra-features: slow_tests,itrng + hw-version: "latest" + rom-version: "1.1" rom-logging: false fpga-itrng: true @@ -149,7 +204,7 @@ jobs: with: artifact-suffix: -fpga-realtime-latest-itrng-nolog extra-features: slow_tests,itrng - hw-version: latest + hw-version: "latest" rom-logging: false fpga-itrng: true @@ -193,6 +248,50 @@ jobs: extra-features: slow_tests,itrng rom-logging: false + sw-emulator-rom-1_1-full-suite-etrng-log: + name: sw-emulator Suite (etrng, log) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fw-test-emu.yml + with: + artifact-suffix: -sw-emulator-hw-1.1-etrng-log + extra-features: slow_tests + rom-logging: true + rom-version: "1.1" + + sw-emulator-rom-1_1-full-suite-etrng-nolog: + name: sw-emulator Suite (etrng, nolog) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fw-test-emu.yml + with: + artifact-suffix: -sw-emulator-hw-1.1-etrng-nolog + extra-features: slow_tests + rom-logging: false + rom-version: "1.1" + + sw-emulator-rom-1_1-full-suite-itrng-log: + name: sw-emulator Suite (itrng, log) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fw-test-emu.yml + with: + artifact-suffix: -sw-emulator-hw-1.1-itrng-log + extra-features: slow_tests,itrng + rom-logging: true + rom-version: "1.1" + + sw-emulator-rom-1_1-full-suite-itrng-nolog: + name: sw-emulator Suite (itrng, nolog) + needs: find-latest-release + if: needs.find-latest-release.outputs.create_release + uses: ./.github/workflows/fw-test-emu.yml + with: + artifact-suffix: -sw-emulator-hw-1.1-itrng-nolog + extra-features: slow_tests,itrng + rom-logging: false + rom-version: "1.1" + sw-emulator-hw-1_0-full-suite-etrng-log: name: sw-emulator Suite (etrng, log) needs: find-latest-release @@ -202,6 +301,7 @@ jobs: artifact-suffix: -sw-emulator-hw-1.0-etrng-log extra-features: hw-1.0,slow_tests rom-logging: true + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-etrng-nolog: name: sw-emulator Suite (etrng, nolog) @@ -212,6 +312,7 @@ jobs: artifact-suffix: -sw-emulator-hw-1.0-etrng-nolog extra-features: hw-1.0,slow_tests rom-logging: false + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-itrng-log: name: sw-emulator Suite (itrng, log) @@ -222,6 +323,7 @@ jobs: artifact-suffix: -sw-emulator-hw-1.0-itrng-log extra-features: hw-1.0,slow_tests,itrng rom-logging: true + rom-version: "1.0" sw-emulator-hw-1_0-full-suite-itrng-nolog: name: sw-emulator Suite (itrng, nolog) @@ -232,6 +334,7 @@ jobs: artifact-suffix: -sw-emulator-hw-1.0-itrng-nolog extra-features: hw-1.0,slow_tests,itrng rom-logging: false + rom-version: "1.0" create-release: name: Create New Release diff --git a/builder/src/lib.rs b/builder/src/lib.rs index 17fbe0353f..8db888bb56 100644 --- a/builder/src/lib.rs +++ b/builder/src/lib.rs @@ -35,6 +35,13 @@ use once_cell::sync::Lazy; pub const THIS_WORKSPACE_DIR: &str = concat!(env!("CARGO_MANIFEST_DIR"), "/.."); +#[derive(Debug, PartialEq)] +pub enum CiRomVersion { + Rom1_0, + Rom1_1, + Latest, +} + fn other_err(e: impl Into>) -> io::Error { io::Error::new(ErrorKind::Other, e) } @@ -362,28 +369,60 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result>> { Ok(result) } +// Returns the ROM version to be used for CI testing specified in the environment variable "CPTRA_CI_ROM_VERSION" +// Default is Latest +pub fn get_ci_rom_version() -> CiRomVersion { + match std::env::var("CPTRA_CI_ROM_VERSION").as_deref() { + Ok("1.0") => CiRomVersion::Rom1_0, + Ok("1.1") => CiRomVersion::Rom1_1, + Ok(version) => panic!("Unknown CI ROM version \'{}\'", version), + Err(_) => CiRomVersion::Latest, + } +} + /// Returns the most appropriate ROM for use when testing non-ROM code against /// a particular hardware version. DO NOT USE this for ROM-only tests. pub fn rom_for_fw_integration_tests() -> io::Result> { let rom_from_env = firmware::rom_from_env(); - if cfg!(feature = "hw-1.0") { - if rom_from_env == &firmware::ROM { - Ok( - include_bytes!("../../hw/1.0/caliptra-rom-1.0.1-9342687.bin") - .as_slice() - .into(), - ) - } else if rom_from_env == &firmware::ROM_WITH_UART { - Ok( - include_bytes!("../../hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin") - .as_slice() - .into(), - ) - } else { - Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + if cfg!(feature = "hw-1.0") && get_ci_rom_version() != CiRomVersion::Rom1_0 { + panic!("CPTRA_CI_ROM_VERSION of \'1.0\' is expected for hw-1.0"); + } + match get_ci_rom_version() { + CiRomVersion::Rom1_0 => { + if rom_from_env == &firmware::ROM { + Ok( + include_bytes!("../../rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin") + .as_slice() + .into(), + ) + } else if rom_from_env == &firmware::ROM_WITH_UART { + Ok(include_bytes!( + "../../rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin" + ) + .as_slice() + .into()) + } else { + Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + } } - } else { - Ok(build_firmware_rom(rom_from_env)?.into()) + CiRomVersion::Rom1_1 => { + if rom_from_env == &firmware::ROM { + Ok( + include_bytes!("../../rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin") + .as_slice() + .into(), + ) + } else if rom_from_env == &firmware::ROM_WITH_UART { + Ok(include_bytes!( + "../../rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin" + ) + .as_slice() + .into()) + } else { + Err(other_err(format!("Unexpected ROM fwid {rom_from_env:?}"))) + } + } + CiRomVersion::Latest => Ok(build_firmware_rom(rom_from_env)?.into()), } } diff --git a/fmc/tests/fmc_integration_tests/test_rtalias.rs b/fmc/tests/fmc_integration_tests/test_rtalias.rs index 9b36fa00ad..498dba8462 100644 --- a/fmc/tests/fmc_integration_tests/test_rtalias.rs +++ b/fmc/tests/fmc_integration_tests/test_rtalias.rs @@ -1,7 +1,7 @@ // Licensed under the Apache-2.0 license use caliptra_builder::{ firmware::{self, runtime_tests::MOCK_RT_INTERACTIVE, FMC_WITH_UART}, - ImageOptions, + get_ci_rom_version, CiRomVersion, ImageOptions, }; use caliptra_common::RomBootStatus::*; @@ -91,7 +91,10 @@ fn test_fht_info() { let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - assert_eq!(fht.fmcalias_tbs_size, 753); + match get_ci_rom_version() { + CiRomVersion::Rom1_0 | CiRomVersion::Rom1_1 => assert_eq!(fht.fmcalias_tbs_size, 786), + _ => assert_eq!(fht.fmcalias_tbs_size, 753), + }; assert_eq!(fht.ldevid_tbs_addr, 0x50003C00); assert_eq!(fht.fmcalias_tbs_addr, 0x50004000); assert_eq!(fht.pcr_log_addr, 0x50004800); diff --git a/hw/1.0/caliptra-rom-1.0.1-9342687.bin b/hw/1.0/caliptra-rom-1.0.1-9342687.bin deleted file mode 100644 index abf52f1688..0000000000 Binary files a/hw/1.0/caliptra-rom-1.0.1-9342687.bin and /dev/null differ diff --git a/hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin b/hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin deleted file mode 100644 index 874e47aeb9..0000000000 Binary files a/hw/1.0/caliptra-rom-with-log-1.0.1-9342687.bin and /dev/null differ diff --git a/rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin b/rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin new file mode 100644 index 0000000000..5b2cb3b8cb Binary files /dev/null and b/rom/ci_frozen_rom/1.0/caliptra-rom-1.0.3-e8e23d9.bin differ diff --git a/rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin b/rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin new file mode 100644 index 0000000000..42a93e03c9 Binary files /dev/null and b/rom/ci_frozen_rom/1.0/caliptra-rom-with-log-1.0.3-e8e23d9.bin differ diff --git a/rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin b/rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin new file mode 100644 index 0000000000..74ba16f96a Binary files /dev/null and b/rom/ci_frozen_rom/1.1/caliptra-rom-1.1.0-51ff0a8.bin differ diff --git a/rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin b/rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin new file mode 100644 index 0000000000..00fa4a1b4e Binary files /dev/null and b/rom/ci_frozen_rom/1.1/caliptra-rom-with-log-1.1.0-51ff0a8.bin differ diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index bd8ec23e8c..2a70738d43 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -64,4 +64,4 @@ fips_self_test=[] no-cfi = ["caliptra-image-verify/no-cfi", "caliptra-drivers/no-cfi"] fpga_realtime = ["caliptra-drivers/fpga_realtime"] "hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-registers/hw-1.0", "caliptra-kat/hw-1.0","caliptra-cpu/hw-1.0"] -fips-test-hooks = ["caliptra-drivers/fips-test-hooks"] +fips-test-hooks = ["caliptra-drivers/fips-test-hooks"] \ No newline at end of file diff --git a/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs b/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs index 13078f7e60..43082c0817 100644 --- a/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs +++ b/runtime/tests/runtime_integration_tests/test_get_idev_csr.rs @@ -1,6 +1,7 @@ // Licensed under the Apache-2.0 license use caliptra_api::SocManager; +use caliptra_builder::{get_ci_rom_version, CiRomVersion}; use caliptra_common::mailbox_api::{CommandId, GetIdevCsrResp, MailboxReqHeader}; use caliptra_drivers::{IdevIdCsr, MfgFlags}; use caliptra_error::CaliptraError; @@ -25,20 +26,28 @@ fn test_get_csr() { chksum: caliptra_common::checksum::calc_checksum(u32::from(CommandId::GET_IDEV_CSR), &[]), }; - let response = model - .mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes()) - .unwrap() - .unwrap(); + let result = model.mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes()); + + match get_ci_rom_version() { + // 1.0 and 1.1 ROM do not support this feature + CiRomVersion::Rom1_0 | CiRomVersion::Rom1_1 => assert_eq!( + result.unwrap_err(), + ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into()) + ), + _ => { + let response = result.unwrap().unwrap(); - let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap(); + let get_idv_csr_resp = GetIdevCsrResp::read_from(response.as_bytes()).unwrap(); - assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size); - assert_ne!(0, get_idv_csr_resp.data_size); + assert_ne!(IdevIdCsr::UNPROVISIONED_CSR, get_idv_csr_resp.data_size); + assert_ne!(0, get_idv_csr_resp.data_size); - let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize]; - assert_ne!([0; 512], csr_bytes); + let csr_bytes = &get_idv_csr_resp.data[..get_idv_csr_resp.data_size as usize]; + assert_ne!([0; 512], csr_bytes); - assert!(X509Req::from_der(csr_bytes).is_ok()); + assert!(X509Req::from_der(csr_bytes).is_ok()); + } + }; } #[test] @@ -56,8 +65,16 @@ fn test_missing_csr() { let response = model .mailbox_execute(CommandId::GET_IDEV_CSR.into(), payload.as_bytes()) .unwrap_err(); - assert_eq!( - response, - ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNPROVISIONED.into()) - ); + + match get_ci_rom_version() { + // 1.0 and 1.1 ROM do not support this feature + CiRomVersion::Rom1_0 | CiRomVersion::Rom1_1 => assert_eq!( + response, + ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM.into()) + ), + _ => assert_eq!( + response, + ModelError::MailboxCmdFailed(CaliptraError::RUNTIME_GET_IDEV_ID_UNPROVISIONED.into()) + ), + }; } diff --git a/test/Cargo.toml b/test/Cargo.toml index cf97f91cfb..def56736ad 100644 --- a/test/Cargo.toml +++ b/test/Cargo.toml @@ -44,4 +44,4 @@ itrng = ["caliptra-hw-model/itrng"] verilator = ["caliptra-hw-model/verilator"] fips_self_test = ["caliptra-runtime/fips_self_test"] test_env_immutable_rom = [] -"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-hw-model/hw-1.0"] +"hw-1.0" = ["caliptra-builder/hw-1.0", "caliptra-drivers/hw-1.0", "caliptra-hw-model/hw-1.0"] \ No newline at end of file diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs index a13c8956ab..f5477f21fd 100644 --- a/test/tests/caliptra_integration_tests/smoke_test.rs +++ b/test/tests/caliptra_integration_tests/smoke_test.rs @@ -2,7 +2,7 @@ use caliptra_api::soc_mgr::SocManager; use caliptra_api_types::{DeviceLifecycle, Fuses}; use caliptra_builder::firmware::{APP_WITH_UART, FMC_WITH_UART}; -use caliptra_builder::{firmware, ImageOptions}; +use caliptra_builder::{firmware, get_ci_rom_version, CiRomVersion, ImageOptions}; use caliptra_common::mailbox_api::{ GetFmcAliasCertReq, GetLdevCertReq, GetRtAliasCertReq, ResponseVarSize, }; @@ -25,6 +25,59 @@ use regex::Regex; use std::mem; use zerocopy::AsBytes; +// Support testing against older versions of ROM in CI +// More constants may need to be added here as the ROMs further diverge +struct RomTestParams<'a> { + #[allow(dead_code)] + testdata_path: &'a str, + fmc_alias_cert_redacted_txt: &'a str, + fmc_alias_cert_redacted_der: &'a [u8], + tcb_info_vendor: Option<&'a str>, + tcb_device_info_model: Option<&'a str>, + tcb_fmc_info_model: Option<&'a str>, + tcb_info_flags: Option, +} +const ROM_1_0_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-1.0", + fmc_alias_cert_redacted_txt: include_str!("smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt"), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der" + ), + tcb_info_vendor: Some("Caliptra"), + tcb_device_info_model: Some("Device"), + tcb_fmc_info_model: Some("FMC"), + tcb_info_flags: Some(0x80000000), +}; +const ROM_1_1_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-1.1", + fmc_alias_cert_redacted_txt: include_str!("smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt"), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der" + ), + ..ROM_1_0_TEST_PARAMS +}; +const ROM_LATEST_TEST_PARAMS: RomTestParams = RomTestParams { + testdata_path: "tests/caliptra_integration_tests/smoke_testdata/rom-latest", + fmc_alias_cert_redacted_txt: include_str!( + "smoke_testdata/rom-latest/fmc_alias_cert_redacted.txt" + ), + fmc_alias_cert_redacted_der: include_bytes!( + "smoke_testdata/rom-latest/fmc_alias_cert_redacted.der" + ), + tcb_info_vendor: None, + tcb_device_info_model: None, + tcb_fmc_info_model: None, + tcb_info_flags: Some(0x00000001), +}; + +fn get_rom_test_params() -> RomTestParams<'static> { + match get_ci_rom_version() { + CiRomVersion::Rom1_0 => ROM_1_0_TEST_PARAMS, + CiRomVersion::Rom1_1 => ROM_1_1_TEST_PARAMS, + _ => ROM_LATEST_TEST_PARAMS, + } +} + #[track_caller] fn assert_output_contains(haystack: &str, needle: &str) { assert!( @@ -278,8 +331,10 @@ fn smoke_test() { dice_tcb_info, [ DiceTcbInfo { - vendor: None, - model: None, + vendor: get_rom_test_params().tcb_info_vendor.map(String::from), + model: get_rom_test_params() + .tcb_device_info_model + .map(String::from), // This is from the SVN in the fuses (7 bits set) svn: Some(0x107), fwids: vec![DiceFwid { @@ -287,13 +342,13 @@ fn smoke_test() { digest: device_info_hash.to_vec(), },], - flags: Some(0x00000001), + flags: get_rom_test_params().tcb_info_flags, ty: Some(b"DEVICE_INFO".to_vec()), ..Default::default() }, DiceTcbInfo { - vendor: None, - model: None, + vendor: get_rom_test_params().tcb_info_vendor.map(String::from), + model: get_rom_test_params().tcb_fmc_info_model.map(String::from), // This is from the SVN in the image (9) svn: Some(0x109), fwids: vec![DiceFwid { @@ -404,16 +459,16 @@ fn smoke_test() { String::from_utf8(fmc_alias_cert_redacted.to_text().unwrap()).unwrap(); // To update the alias-cert golden-data: - // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt", &fmc_alias_cert_redacted_txt).unwrap(); - // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der", &fmc_alias_cert_redacted_der).unwrap(); + // std::fs::write(format!("{}/fmc_alias_cert_redacted.txt", get_rom_test_params().testdata_path), &fmc_alias_cert_redacted_txt).unwrap(); + // std::fs::write(format!("{}/fmc_alias_cert_redacted.der", get_rom_test_params().testdata_path), &fmc_alias_cert_redacted_der).unwrap(); assert_eq!( fmc_alias_cert_redacted_txt.as_str(), - include_str!("smoke_testdata/fmc_alias_cert_redacted.txt") + get_rom_test_params().fmc_alias_cert_redacted_txt ); assert_eq!( fmc_alias_cert_redacted_der, - include_bytes!("smoke_testdata/fmc_alias_cert_redacted.der") + get_rom_test_params().fmc_alias_cert_redacted_der ); } diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der new file mode 100644 index 0000000000..84e7805d2c Binary files /dev/null and b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt new file mode 100644 index 0000000000..ef18969566 --- /dev/null +++ b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.0/fmc_alias_cert_redacted.txt @@ -0,0 +1,45 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Validity + Not Before: Jan 1 00:00:00 2023 GMT + Not After : Dec 31 23:59:59 9999 GMT + Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d1:7f:d2:78:d2:2e:75:eb:f0:ed:36:2d:f0:46: + 18:24:c4:54:5d:db:07:08:53:e8:a2:d3:a9:d0:a3: + ca:59:8d:86:06:08:4e:78:ab:c8:cf:13:5d:5d:1b: + bb:d7:6c:f2:64:49:0e:f4:a2:95:fa:8e:0f:0f:1f: + ee:22:fc:88:57:1a:55:9f:7c:e9:68:dc:67:c5:13: + d7:fc:bb:79:b6:09:da:23:1d:ef:b1:bf:96:72:3d: + fd:b2:8d:86:f1:6f:5d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Certificate Sign + 2.23.133.5.4.4: + 0.................... + 2.23.133.5.4.5: + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + X509v3 Subject Key Identifier: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 + X509v3 Authority Key Identifier: + 21:EE:EF:9A:4C:61:D4:B9:E3:D9:4B:EA:46:F9:A1:2A:C6:88:7C:E2 + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:64:02:30:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:02:30: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44 diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der new file mode 100644 index 0000000000..84e7805d2c Binary files /dev/null and b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt new file mode 100644 index 0000000000..ef18969566 --- /dev/null +++ b/test/tests/caliptra_integration_tests/smoke_testdata/rom-1.1/fmc_alias_cert_redacted.txt @@ -0,0 +1,45 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Validity + Not Before: Jan 1 00:00:00 2023 GMT + Not After : Dec 31 23:59:59 9999 GMT + Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d1:7f:d2:78:d2:2e:75:eb:f0:ed:36:2d:f0:46: + 18:24:c4:54:5d:db:07:08:53:e8:a2:d3:a9:d0:a3: + ca:59:8d:86:06:08:4e:78:ab:c8:cf:13:5d:5d:1b: + bb:d7:6c:f2:64:49:0e:f4:a2:95:fa:8e:0f:0f:1f: + ee:22:fc:88:57:1a:55:9f:7c:e9:68:dc:67:c5:13: + d7:fc:bb:79:b6:09:da:23:1d:ef:b1:bf:96:72:3d: + fd:b2:8d:86:f1:6f:5d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Certificate Sign + 2.23.133.5.4.4: + 0.................... + 2.23.133.5.4.5: + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + X509v3 Subject Key Identifier: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 + X509v3 Authority Key Identifier: + 21:EE:EF:9A:4C:61:D4:B9:E3:D9:4B:EA:46:F9:A1:2A:C6:88:7C:E2 + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:64:02:30:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:02:30: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44: + 44:44:44:44:44:44:44:44:44:44:44:44 diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/rom-latest/fmc_alias_cert_redacted.der similarity index 100% rename from test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der rename to test/tests/caliptra_integration_tests/smoke_testdata/rom-latest/fmc_alias_cert_redacted.der diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/rom-latest/fmc_alias_cert_redacted.txt similarity index 100% rename from test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt rename to test/tests/caliptra_integration_tests/smoke_testdata/rom-latest/fmc_alias_cert_redacted.txt diff --git a/test/tests/fips_test_suite/common.rs b/test/tests/fips_test_suite/common.rs index 5fb21e790a..ab6d76c8dd 100755 --- a/test/tests/fips_test_suite/common.rs +++ b/test/tests/fips_test_suite/common.rs @@ -2,7 +2,7 @@ use caliptra_api::SocManager; use caliptra_builder::firmware::{APP_WITH_UART, FMC_WITH_UART}; -use caliptra_builder::{version, ImageOptions}; +use caliptra_builder::{get_ci_rom_version, version, CiRomVersion, ImageOptions}; use caliptra_common::mailbox_api::*; use caliptra_drivers::FipsTestHook; use caliptra_hw_model::{BootParams, DefaultHwModel, HwModel, InitParams, ModelError, ShaAccMode}; @@ -51,9 +51,14 @@ const ROM_EXP_1_0_1: RomExpVals = RomExpVals { ], }; +const ROM_EXP_1_0_3: RomExpVals = RomExpVals { + rom_version: 0x803, // 1.0.3 + ..ROM_EXP_1_0_1 +}; + const ROM_EXP_1_1_0: RomExpVals = RomExpVals { rom_version: 0x840, // 1.1.0 - ..ROM_EXP_1_0_1 + ..ROM_EXP_1_0_3 }; const ROM_EXP_CURRENT: RomExpVals = RomExpVals { ..ROM_EXP_1_1_0 }; @@ -91,6 +96,8 @@ impl HwExpVals { version ), } + } else if cfg!(feature = "hw-1.0") { + HW_EXP_1_0_0 } else { HW_EXP_CURRENT } @@ -102,13 +109,18 @@ impl RomExpVals { match version.as_str() { // Add more versions here "1_0_1" => ROM_EXP_1_0_1, + "1_0_3" => ROM_EXP_1_0_3, _ => panic!( "FIPS Test: Unknown version for expected ROM values ({})", version ), } } else { - ROM_EXP_CURRENT + match get_ci_rom_version() { + CiRomVersion::Rom1_0 => ROM_EXP_1_0_3, + CiRomVersion::Rom1_1 => ROM_EXP_1_1_0, + _ => ROM_EXP_CURRENT, + } } } }