From 43fb6be2b07ae9a0871f05b2c00bfc440f2be6c0 Mon Sep 17 00:00:00 2001 From: Vishal Mhatre Date: Mon, 11 Sep 2023 11:42:04 -0700 Subject: [PATCH] [fix] Move PCR extension after datavault persistence for Update Reset flow This change moves persisting values to the data vault before extending to PCR. This is being done to be in sync with the Cold Reset flow. This fix addresses https://github.com/chipsalliance/caliptra-sw/issues/738 --- common/src/boot_status.rs | 4 ++-- rom/dev/src/flow/update_reset.rs | 6 +++--- rom/dev/tests/test_update_reset.rs | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/common/src/boot_status.rs b/common/src/boot_status.rs index 90e0fe1784..3ceca4021f 100644 --- a/common/src/boot_status.rs +++ b/common/src/boot_status.rs @@ -70,8 +70,8 @@ pub enum RomBootStatus { UpdateResetStarted = UPDATE_RESET_BOOT_STATUS_BASE, UpdateResetLoadManifestComplete = UPDATE_RESET_BOOT_STATUS_BASE + 1, UpdateResetImageVerificationComplete = UPDATE_RESET_BOOT_STATUS_BASE + 2, - UpdateResetExtendPcrComplete = UPDATE_RESET_BOOT_STATUS_BASE + 3, - UpdateResetPopulateDataVaultComplete = UPDATE_RESET_BOOT_STATUS_BASE + 4, + UpdateResetPopulateDataVaultComplete = UPDATE_RESET_BOOT_STATUS_BASE + 3, + UpdateResetExtendPcrComplete = UPDATE_RESET_BOOT_STATUS_BASE + 4, UpdateResetLoadImageComplete = UPDATE_RESET_BOOT_STATUS_BASE + 5, UpdateResetOverwriteManifestComplete = UPDATE_RESET_BOOT_STATUS_BASE + 6, UpdateResetComplete = UPDATE_RESET_BOOT_STATUS_BASE + 7, diff --git a/rom/dev/src/flow/update_reset.rs b/rom/dev/src/flow/update_reset.rs index 0d0f741bed..6d7d04eba1 100644 --- a/rom/dev/src/flow/update_reset.rs +++ b/rom/dev/src/flow/update_reset.rs @@ -70,6 +70,9 @@ impl UpdateResetFlow { let info = okref(&info)?; report_boot_status(UpdateResetImageVerificationComplete.into()); + // Populate data vault + Self::populate_data_vault(venv.data_vault, info); + // Extend PCR0 and PCR1 pcr::extend_pcrs(&mut venv, info, &mut env.persistent_data)?; report_boot_status(UpdateResetExtendPcrComplete.into()); @@ -79,9 +82,6 @@ impl UpdateResetFlow { info.vendor_ecc_pub_key_idx ); - // Populate data vault - Self::populate_data_vault(venv.data_vault, info); - Self::load_image(&manifest, &mut recv_txn)?; // Drop the transaction and release the Mailbox lock after the image diff --git a/rom/dev/tests/test_update_reset.rs b/rom/dev/tests/test_update_reset.rs index 66288dd525..8ea4aaba75 100644 --- a/rom/dev/tests/test_update_reset.rs +++ b/rom/dev/tests/test_update_reset.rs @@ -299,8 +299,8 @@ fn test_update_reset_boot_status() { hw.step_until_boot_status(UpdateResetLoadManifestComplete.into(), false); hw.step_until_boot_status(UpdateResetImageVerificationComplete.into(), false); - hw.step_until_boot_status(UpdateResetExtendPcrComplete.into(), false); hw.step_until_boot_status(UpdateResetPopulateDataVaultComplete.into(), false); + hw.step_until_boot_status(UpdateResetExtendPcrComplete.into(), false); hw.step_until_boot_status(UpdateResetLoadImageComplete.into(), false); hw.step_until_boot_status(UpdateResetOverwriteManifestComplete.into(), false); hw.step_until_boot_status(UpdateResetComplete.into(), false);