From eef6aeba9723e9ca43298d0f9c91c866e124b025 Mon Sep 17 00:00:00 2001 From: Chris Frantz Date: Fri, 22 Nov 2024 07:58:41 -0800 Subject: [PATCH] [rom_ext] Initialize ownership in UDS Initialize ownership at the UDS stage so that the ownership seal is bound to the hardware rather than any mutable code. Signed-off-by: Chris Frantz --- sw/device/silicon_creator/rom_ext/rom_ext.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sw/device/silicon_creator/rom_ext/rom_ext.c b/sw/device/silicon_creator/rom_ext/rom_ext.c index 2766d5e334675..8e718bd818c4f 100644 --- a/sw/device/silicon_creator/rom_ext/rom_ext.c +++ b/sw/device/silicon_creator/rom_ext/rom_ext.c @@ -1286,8 +1286,6 @@ static rom_error_t rom_ext_start(boot_data_t *boot_data, boot_log_t *boot_log) { // Establish our identity. HARDENED_RETURN_IF_ERROR(dice_chain_init()); HARDENED_RETURN_IF_ERROR(dice_chain_attestation_silicon()); - HARDENED_RETURN_IF_ERROR( - dice_chain_attestation_creator(&boot_measurements.rom_ext, self)); // Initialize the boot_log in retention RAM. const chip_info_t *rom_chip_info = (const chip_info_t *)_chip_info_start; @@ -1312,6 +1310,9 @@ static rom_error_t rom_ext_start(boot_data_t *boot_data, boot_log_t *boot_log) { dbg_printf("ownership_init: %x\r\n", error); } + HARDENED_RETURN_IF_ERROR( + dice_chain_attestation_creator(&boot_measurements.rom_ext, self)); + // Configure SRAM execution as the owner requested. rom_ext_sram_exec(owner_config.sram_exec);