Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify that ROM_EXT rejects an OwnershipUnlock operation with the wrong key. #24466

Open
cfrantz opened this issue Aug 30, 2024 · 0 comments · May be fixed by #25715
Open

Verify that ROM_EXT rejects an OwnershipUnlock operation with the wrong key. #24466

cfrantz opened this issue Aug 30, 2024 · 0 comments · May be fixed by #25715
Assignees
Labels
Component:RomExt/E2e/Test ROM_EXT end-to-end test Priority:P1 Priority: high Type:Task Tasks, to-do list.

Comments

@cfrantz
Copy link
Contributor

cfrantz commented Aug 30, 2024

  • Start in an locked & owned state with the fake owner as owner.
  • Attempt to unlock the chip into the UnlockedAny state using the wrong key.
  • Confirm the unlock is rejected with an OwnershipInvalidSignature error.
@cfrantz cfrantz added Component:RomExt/E2e/Test ROM_EXT end-to-end test Priority:P1 Priority: high Type:Task Tasks, to-do list. labels Aug 30, 2024
@cfrantz cfrantz added this to the Earlgrey-PROD.ROM_EXT milestone Aug 30, 2024
@cfrantz cfrantz self-assigned this Aug 30, 2024
cfrantz added a commit to cfrantz/opentitan that referenced this issue Aug 30, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in lowRISC#24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes lowRISC#24466
- `bad_activate_test`; Fixes lowRISC#24467
- `bad_owner_block_test`; Fixes lowRISC#24468
- `bad_app_key_test`; Fixes lowRISC#24469
- `transfer_endorsed_test`; Fixes lowRISC#24470
- `bad_endorsee_test`; Fixes lowRISC#24471
- `locked_update_test`; Fixes lowRISC#24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes lowRISC#24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
cfrantz added a commit to cfrantz/opentitan that referenced this issue Sep 3, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in lowRISC#24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes lowRISC#24466
- `bad_activate_test`; Fixes lowRISC#24467
- `bad_owner_block_test`; Fixes lowRISC#24468
- `bad_app_key_test`; Fixes lowRISC#24469
- `transfer_endorsed_test`; Fixes lowRISC#24470
- `bad_endorsee_test`; Fixes lowRISC#24471
- `locked_update_test`; Fixes lowRISC#24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes lowRISC#24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
cfrantz added a commit that referenced this issue Sep 4, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in #24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes #24466
- `bad_activate_test`; Fixes #24467
- `bad_owner_block_test`; Fixes #24468
- `bad_app_key_test`; Fixes #24469
- `transfer_endorsed_test`; Fixes #24470
- `bad_endorsee_test`; Fixes #24471
- `locked_update_test`; Fixes #24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes #24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
github-actions bot pushed a commit that referenced this issue Oct 29, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in #24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes #24466
- `bad_activate_test`; Fixes #24467
- `bad_owner_block_test`; Fixes #24468
- `bad_app_key_test`; Fixes #24469
- `transfer_endorsed_test`; Fixes #24470
- `bad_endorsee_test`; Fixes #24471
- `locked_update_test`; Fixes #24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes #24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 4d520bd)
moidx pushed a commit that referenced this issue Oct 30, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in #24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes #24466
- `bad_activate_test`; Fixes #24467
- `bad_owner_block_test`; Fixes #24468
- `bad_app_key_test`; Fixes #24469
- `transfer_endorsed_test`; Fixes #24470
- `bad_endorsee_test`; Fixes #24471
- `locked_update_test`; Fixes #24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes #24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 4d520bd)
cfrantz added a commit to cfrantz/opentitan that referenced this issue Dec 19, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in lowRISC#24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes lowRISC#24466
- `bad_activate_test`; Fixes lowRISC#24467
- `bad_owner_block_test`; Fixes lowRISC#24468
- `bad_app_key_test`; Fixes lowRISC#24469
- `transfer_endorsed_test`; Fixes lowRISC#24470
- `bad_endorsee_test`; Fixes lowRISC#24471
- `locked_update_test`; Fixes lowRISC#24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes lowRISC#24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 4d520bd)
cfrantz added a commit to cfrantz/opentitan that referenced this issue Dec 20, 2024
The tests added by this change are all simple variations on
the ownership transfer test added in lowRISC#24419.  They involve verifying the
different modes and error conditions (e.g. using the wrong key).

Adds the following tests:
- `bad_unlock_test`; Fixes lowRISC#24466
- `bad_activate_test`; Fixes lowRISC#24467
- `bad_owner_block_test`; Fixes lowRISC#24468
- `bad_app_key_test`; Fixes lowRISC#24469
- `transfer_endorsed_test`; Fixes lowRISC#24470
- `bad_endorsee_test`; Fixes lowRISC#24471
- `locked_update_test`; Fixes lowRISC#24472
- `bad_locked_update_test` & `bad_locked_update_no_exec_test`; Fixes lowRISC#24473

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 4d520bd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component:RomExt/E2e/Test ROM_EXT end-to-end test Priority:P1 Priority: high Type:Task Tasks, to-do list.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant