[keymgr_dpe] Port keymgr_dpe_key_derivation test from integrated_dev
#26350
+1,112
−33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jwnrt
requested review from
andreaskurth and
nbdd0121
and removed request for
HU90m
nbdd0121
requested changes
Feb 19, 2025
nbdd0121
reviewed
Feb 19, 2025
jwnrt
force-pushed
the
keymgr-dpe-key-derivation
branch
from
d77fef9 to
7214899
Compare
jwnrt
force-pushed
the
keymgr-dpe-key-derivation
branch
from
7214899 to
12a5e28
Compare
|
Rebased |
jwnrt
force-pushed
the
keymgr-dpe-key-derivation
branch
from
12a5e28 to
9505277
Compare
nbdd0121
reviewed
Feb 24, 2025
Ports the otp_ctrl DIF to support Darjeeling as well as Earlgrey by pulling in all the changes from the `integrated_dev` branch related to Darjeeling's new partitions, wrapping them in conditional compilation based on the current top being built for. In particular almost all of the code ported over from the `integrated_dev` branch can be traced back to commit bb4e9b0. Co-authored-by: Guillermo Maturana <[email protected]> Signed-off-by: Alex Jones <[email protected]>
This commit adds a top-level key derivation test, loosely derived from `chip_sw_keymgr_key_derivation` for the non-DPE `keymgr`. In a nutshell, the test goes through multiple key derivations from boot stage 0 to 3 and checks that `keymgr_dpe` correctly takes the various inputs from hardware (e.g., `otp_ctrl`, `rom_ctrl`) and software into account when deriving its internal keys as well as when generating versioned keys for SW or sideloading to HW (AES, OTBN, and KMAC). This commit is a squash of the following four commits which do not make sense individually on this branch: (cherry picked from commit 51622c5) (cherry picked from commit eafb436) (cherry picked from commit edef349) (cherry picked from commit 14bdf72) Co-authored-by: James Wainwright <[email protected]> Signed-off-by: Miguel Osorio <[email protected]> Signed-off-by: Andreas Kurth <[email protected]> Signed-off-by: Ravi Sahita <[email protected]> Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
Signed-off-by: James Wainwright <[email protected]>
jwnrt
force-pushed
the
keymgr-dpe-key-derivation
branch
from
9505277 to
5db622f
Compare
|
@nbdd0121 I have swapped my OTP dif patch for @AlexJones0's which is much more comprehensive. The |
nbdd0121
approved these changes
Feb 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have not yet ported to device tables, this is more or less a straight cherry pick with only superficial fixes to paths etc.
I have had to squash the four commits that added this test (and testutils) into one because individually they do not compile.
This PR also includes a partial fix to allow
dif_otp_ctrlto be used on Darjeeling. The real fix may involve generating parts of this DIF instead.edit: now includes the DT changes