[fix] Move PCR extension after datavault persistence for Update Reset…

… flow This change moves persisting values to the data vault before extending to PCR. This is being done to be in sync with the Cold Reset flow. This fix addresses #738
chipsalliance · Sep 11, 2023 · 43fb6be · 43fb6be
1 parent 6fe750b
commit 43fb6be
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/common/src/boot_status.rs b/common/src/boot_status.rs
@@ -70,8 +70,8 @@ pub enum RomBootStatus {
     UpdateResetStarted = UPDATE_RESET_BOOT_STATUS_BASE,
     UpdateResetLoadManifestComplete = UPDATE_RESET_BOOT_STATUS_BASE + 1,
     UpdateResetImageVerificationComplete = UPDATE_RESET_BOOT_STATUS_BASE + 2,
-    UpdateResetExtendPcrComplete = UPDATE_RESET_BOOT_STATUS_BASE + 3,
-    UpdateResetPopulateDataVaultComplete = UPDATE_RESET_BOOT_STATUS_BASE + 4,
+    UpdateResetPopulateDataVaultComplete = UPDATE_RESET_BOOT_STATUS_BASE + 3,
+    UpdateResetExtendPcrComplete = UPDATE_RESET_BOOT_STATUS_BASE + 4,
     UpdateResetLoadImageComplete = UPDATE_RESET_BOOT_STATUS_BASE + 5,
     UpdateResetOverwriteManifestComplete = UPDATE_RESET_BOOT_STATUS_BASE + 6,
     UpdateResetComplete = UPDATE_RESET_BOOT_STATUS_BASE + 7,

diff --git a/rom/dev/src/flow/update_reset.rs b/rom/dev/src/flow/update_reset.rs
@@ -70,6 +70,9 @@ impl UpdateResetFlow {
         let info = okref(&info)?;
         report_boot_status(UpdateResetImageVerificationComplete.into());
 
+        // Populate data vault
+        Self::populate_data_vault(venv.data_vault, info);
+
         // Extend PCR0 and PCR1
         pcr::extend_pcrs(&mut venv, info, &mut env.persistent_data)?;
         report_boot_status(UpdateResetExtendPcrComplete.into());
@@ -79,9 +82,6 @@ impl UpdateResetFlow {
             info.vendor_ecc_pub_key_idx
         );
 
-        // Populate data vault
-        Self::populate_data_vault(venv.data_vault, info);
-
         Self::load_image(&manifest, &mut recv_txn)?;
 
         // Drop the transaction and release the Mailbox lock after the image

diff --git a/rom/dev/tests/test_update_reset.rs b/rom/dev/tests/test_update_reset.rs
@@ -299,8 +299,8 @@ fn test_update_reset_boot_status() {
 
     hw.step_until_boot_status(UpdateResetLoadManifestComplete.into(), false);
     hw.step_until_boot_status(UpdateResetImageVerificationComplete.into(), false);
-    hw.step_until_boot_status(UpdateResetExtendPcrComplete.into(), false);
     hw.step_until_boot_status(UpdateResetPopulateDataVaultComplete.into(), false);
+    hw.step_until_boot_status(UpdateResetExtendPcrComplete.into(), false);
     hw.step_until_boot_status(UpdateResetLoadImageComplete.into(), false);
     hw.step_until_boot_status(UpdateResetOverwriteManifestComplete.into(), false);
     hw.step_until_boot_status(UpdateResetComplete.into(), false);