Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reinitialize RT CDI to an HMAC of a buffer of 0s in disable attestation #933

Merged
merged 1 commit into from
Oct 10, 2023
Merged

Reinitialize RT CDI to an HMAC of a buffer of 0s in disable attestation #933

merged 1 commit into from
Oct 10, 2023

Conversation

sree-revoori1
Copy link
Contributor

@sree-revoori1 sree-revoori1 commented Oct 9, 2023
edited
Loading

This is necessary so that we can use the RT CDI to generate a DICE key. We cannot simply erase a key vault slot and then reuse it.

fixes #932

jhand2
jhand2 reviewed Oct 10, 2023
View reviewed changes
Copy link
Collaborator

@jhand2 jhand2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Could you also update the PR description once this has been tested with the FPGA? (Just running the test_disable_attestation_cmd test should be sufficient)

@zhalvorsen
Copy link
Contributor

warm_reset_basic and test_disable_attestation both passed when run on an FPGA.

$ CPTRA_UIO_NUM=4 cargo nextest run --no-fail-fast --features=fpga_realtime,itrng -E 'test(warm_reset_basic)'
   Compiling caliptra-error v0.1.0 (/home/ubuntu/caliptra-sw/error)-fail-fast --features=fpga_realtime,itrng -E 'test(warm_reset_basic
   Compiling dpe v0.1.0 (/home/ubuntu/caliptra-sw/dpe/dpe)
   Compiling caliptra-image-types v0.1.0 (/home/ubuntu/caliptra-sw/image/types)
   Compiling caliptra-image-gen v0.1.0 (/home/ubuntu/caliptra-sw/image/gen)
   Compiling caliptra-rom v0.1.0 (/home/ubuntu/caliptra-sw/rom/dev)
   Compiling caliptra-image-openssl v0.1.0 (/home/ubuntu/caliptra-sw/image/openssl)
   Compiling caliptra-image-elf v0.1.0 (/home/ubuntu/caliptra-sw/image/elf)
   Compiling caliptra-image-fake-keys v0.1.0 (/home/ubuntu/caliptra-sw/image/fake-keys)
   Compiling caliptra-image-serde v0.1.0 (/home/ubuntu/caliptra-sw/image/serde)
   Compiling caliptra-builder v0.1.0 (/home/ubuntu/caliptra-sw/builder)
   Compiling caliptra-drivers v0.1.0 (/home/ubuntu/caliptra-sw/drivers)
   Compiling caliptra-size-history v0.1.0 (/home/ubuntu/caliptra-sw/ci-tools/size-history)
   Compiling caliptra-image-verify v0.1.0 (/home/ubuntu/caliptra-sw/image/verify)
   Compiling caliptra_common v0.1.0 (/home/ubuntu/caliptra-sw/common)
   Compiling caliptra-emu-cpu v0.1.0 (/home/ubuntu/caliptra-sw/sw-emulator/lib/cpu)
   Compiling caliptra-cpu v0.1.0 (/home/ubuntu/caliptra-sw/cpu)
   Compiling caliptra-gen-linker-scripts v0.1.0 (/home/ubuntu/caliptra-sw/cpu/gen)
   Compiling caliptra-kat v0.1.0 (/home/ubuntu/caliptra-sw/kat)
   Compiling caliptra-cfi-lib v0.1.0 (/home/ubuntu/caliptra-sw/cfi/lib)
   Compiling caliptra-emu-periph v0.1.0 (/home/ubuntu/caliptra-sw/sw-emulator/lib/periph)
   Compiling caliptra-x509 v0.1.0 (/home/ubuntu/caliptra-sw/x509)
   Compiling caliptra-runtime v0.1.0 (/home/ubuntu/caliptra-sw/runtime)
   Compiling caliptra-fmc v0.1.0 (/home/ubuntu/caliptra-sw/fmc)
   Compiling caliptra-test-harness v0.1.0 (/home/ubuntu/caliptra-sw/test-harness)
   Compiling caliptra-drivers-test-bin v0.1.0 (/home/ubuntu/caliptra-sw/drivers/test-fw)
   Compiling caliptra-image-app v0.5.0 (/home/ubuntu/caliptra-sw/image/app)
   Compiling caliptra-hw-model v0.1.0 (/home/ubuntu/caliptra-sw/hw-model)
   Compiling caliptra-test v0.1.0 (/home/ubuntu/caliptra-sw/test)
   Compiling caliptra-rom-test-fmc v0.1.0 (/home/ubuntu/caliptra-sw/rom/dev/tools/test-fmc)
   Compiling caliptra-fmc-mock-rt v0.1.0 (/home/ubuntu/caliptra-sw/fmc/test-fw/test-rt)
   Compiling compliance-test v0.1.0 (/home/ubuntu/caliptra-sw/sw-emulator/compliance-test)
   Compiling caliptra-rom-test-rt v0.1.0 (/home/ubuntu/caliptra-sw/rom/dev/tools/test-rt)
   Compiling caliptra-hw-model-c-binding v0.1.0 (/home/ubuntu/caliptra-sw/hw-model/c-binding)
   Compiling vector_gen v0.1.0 (/home/ubuntu/caliptra-sw/drivers/test-fw/scripts/vector_gen)
   Compiling caliptra-emu v0.1.0 (/home/ubuntu/caliptra-sw/sw-emulator/app)
   Compiling caliptra-file-header-fix v0.1.0 (/home/ubuntu/caliptra-sw/ci-tools/file-header-fix)
    Finished test [unoptimized + debuginfo] target(s) in 11m 17s
    Starting 1 test across 84 binaries (1207 skipped)
        SLOW [> 60.000s] caliptra-test::warm_reset warm_reset_basic
        PASS [ 112.742s] caliptra-test::warm_reset warm_reset_basic
------------                                                                                                                                                                                                                                                       
     Summary [ 112.755s] 1 test run: 1 passed (1 slow), 1207 skipped 

$ CPTRA_UIO_NUM=4 cargo nextest run --no-fail-fast --features=fpga_realtime,itrng -E 'test(test_disable_attestation)'

    Finished test [unoptimized + debuginfo] target(s) in 1.24s
    Starting 1 test across 84 binaries (1207 skipped)
        PASS [  23.462s] caliptra-runtime::integration_tests test_disable_attestation_cmd
------------
     Summary [  23.475s] 1 test run: 1 passed, 1207 skipped

@sree-revoori1 sree-revoori1 mentioned this pull request Oct 10, 2023
Closed
@sree-revoori1 @jhand2
Reinitialize RT CDI to an HMAC of a buffer of 0s in disable attestation
e24df1e 
This is necessary so that we can use the RT CDI to generate a DICE
key. We cannot simply erase a key vault slot and then reuse it.
@jhand2 jhand2 enabled auto-merge (rebase) October 10, 2023 17:34
@jhand2 jhand2 merged commit cbff71c into chipsalliance:main Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhand2 jhand2 jhand2 approved these changes

@fdamato fdamato Awaiting requested review from fdamato fdamato is a code owner

@rusty1968 rusty1968 Awaiting requested review from rusty1968 rusty1968 is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Test failure: warm_reset_basic
3 participants
@sree-revoori1 @zhalvorsen @jhand2