[manuf] Preventing Re-execution of Perso Firmware

[anthonychen1251]

Description

Currently, the perso firmware remains executable even after personalization is complete. Moreover, the Perso firmware lacks an embedded immutable ROM extension, despite having a valid signature. If the immutable ROM extension feature is enabled and the corresponding hash is provisioned, running perso again may result in ROM self-shutdown due to an invalid immutable ROM extension hash. Consequently, ROM will not attempt to boot from an alternative slot, eliminating the possibility of booting into a valid ROM extension under these circumstances. This situation renders the device bricked until another image is bootstrapped. To mitigate this, we propose binding the creator manufacturing state within usage constraints, ensuring the perso firmware's signature is invalidated once the device is fully personalized, and thus preventing the perso firmware from being executed again.
More details described here

The goal is to implement the new FT flow below

1. Individualization:
   a. Skip the provisioning of CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN, CREATOR_SW_CFG_MANUF_STATE, CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG, OWNER_SW_CFG_ROM_BOOTSTRAP_DIS, and OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN.
2. Bootstrap Perso FW into flash slot A.
3. Personalization:
   a. Configure the secret1 (flash and SRAM scrambling seeds) and provision CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG.
   b. Reboot and re-bootstrap (required when flash scrambling is enabled); this time loading Perso FW in flash slot A and ROM_EXT + Owner FW in flash slot B.
   c. Personalize the device.
   d. Fully provision the SW_CFG partitions, including CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN, OWNER_SW_CFG_ROM_BOOTSTRAP_DIS, and OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN.
   e. Transitions the CREATOR_SW_CFG_MANUF_STATE to Personalized.
   f. Write-lock both OTP *_SW_CFG partitions.
4. Reset chip; ROM_EXT and Owner FW in flash slot B should boot.

Tasks

• Update the manuf lib to:
  Addressed in #24826 , #24783 , #24789 , and #24884
  • (Device side) Move the provisioning of CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN, CREATOR_SW_CFG_MANUF_STATE and OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN from FT individualization stage to the FT personalization stage
  • (Device side) Move the locking of CREATOR_SW_CFG and OWNER_SW_CFG partitions to the end of FT personalization stage
  • (Device side) Pre-calculate the measurement of CREATOR_SW_CFG and OWNER_SW_CFG partitions used in the UDS certificate generation process.
  • (Host side) Bootstrap Perso FW into flash slot A at the 1st bootstrap during perso flow; Bootstrap Perso FW in flash slot A and ROM_EXT + Owner FW in flash slot B at the 2nd bootstrap during perso flow.
• Update the bazel rules (potentially under //hw/ip/otp_ctrl/data) and the OTP tooling to:
  Addressed in #24789 , #24826
  • Define two manufacturing state transitions: Initial -> Personalized.
  • Calculate the OTP measurement during the build of perso Comment: Won't do.
  • Enable OWNER_SW_CFG_ROM_KEYMGR_OTP_MEAS_EN in the provisioning test flow Comment: Won't do.
  • Update the ROM_EXT immutable section OTP gen tooling
  • Calculate the actual value of Personalized state during the build of perso.
• Update the manifest to:
  Addressed in #24789
  • Set the binding_value field to pre-calculated OTP measurement on perso’s manifest Comment: Won't do.
  • Set the bit 8 of selector_bits (mapped to manuf_state_creator) field to 1 on perso/rom_ext's manifest.
  • Bind perso firmware with Initial CREATOR_MANUF_STATE
  • Bind ROM_EXT containing an immutable ROM_EXT section with modified Personalized CREATOR_MANUF_STATE