From 4cde1fdc3e5d0fe15e846258cf90bc86f08fe42b Mon Sep 17 00:00:00 2001 From: Alex Jones Date: Thu, 20 Feb 2025 17:27:30 +0000 Subject: [PATCH 1/5] [dif,otp_ctrl] Port otp_ctrl DIF to support both EG & DJ Ports the otp_ctrl DIF to support Darjeeling as well as Earlgrey by pulling in all the changes from the `integrated_dev` branch related to Darjeeling's new partitions, wrapping them in conditional compilation based on the current top being built for. In particular almost all of the code ported over from the `integrated_dev` branch can be traced back to commit bb4e9b0. Co-authored-by: Guillermo Maturana Signed-off-by: Alex Jones --- sw/device/lib/dif/dif_otp_ctrl.c | 309 +++++++++++++++++++-- sw/device/lib/dif/dif_otp_ctrl.h | 160 +++++++++++ sw/device/lib/testing/otp_ctrl_testutils.c | 12 +- 3 files changed, 448 insertions(+), 33 deletions(-) diff --git a/sw/device/lib/dif/dif_otp_ctrl.c b/sw/device/lib/dif/dif_otp_ctrl.c index 1e546785e6d23..97f5894e2c9d0 100644 --- a/sw/device/lib/dif/dif_otp_ctrl.c +++ b/sw/device/lib/dif/dif_otp_ctrl.c @@ -170,6 +170,7 @@ static bool sw_read_lock_reg_offset(dif_otp_ctrl_partition_t partition, *reg_offset = OTP_CTRL_OWNER_SW_CFG_READ_LOCK_REG_OFFSET; *index = OTP_CTRL_OWNER_SW_CFG_READ_LOCK_OWNER_SW_CFG_READ_LOCK_BIT; break; +#if defined(OPENTITAN_IS_EARLGREY) case kDifOtpCtrlPartitionRotCreatorAuthCodesign: *reg_offset = OTP_CTRL_ROT_CREATOR_AUTH_CODESIGN_READ_LOCK_REG_OFFSET; *index = @@ -180,6 +181,68 @@ static bool sw_read_lock_reg_offset(dif_otp_ctrl_partition_t partition, *index = OTP_CTRL_ROT_CREATOR_AUTH_STATE_READ_LOCK_ROT_CREATOR_AUTH_STATE_READ_LOCK_BIT; break; +#elif defined(OPENTITAN_IS_DARJEELING) + case kDifOtpCtrlPartitionOwnershipSlotState: + *reg_offset = OTP_CTRL_OWNERSHIP_SLOT_STATE_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_OWNERSHIP_SLOT_STATE_READ_LOCK_OWNERSHIP_SLOT_STATE_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionRotCreatorAuth: + *reg_offset = OTP_CTRL_ROT_CREATOR_AUTH_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_ROT_CREATOR_AUTH_READ_LOCK_ROT_CREATOR_AUTH_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionRotOwnerAuthSlot0: + *reg_offset = OTP_CTRL_ROT_OWNER_AUTH_SLOT0_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_ROT_OWNER_AUTH_SLOT0_READ_LOCK_ROT_OWNER_AUTH_SLOT0_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionRotOwnerAuthSlot1: + *reg_offset = OTP_CTRL_ROT_OWNER_AUTH_SLOT1_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_ROT_OWNER_AUTH_SLOT1_READ_LOCK_ROT_OWNER_AUTH_SLOT1_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatIntegAuthSlot0: + *reg_offset = OTP_CTRL_PLAT_INTEG_AUTH_SLOT0_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_INTEG_AUTH_SLOT0_READ_LOCK_PLAT_INTEG_AUTH_SLOT0_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatIntegAuthSlot1: + *reg_offset = OTP_CTRL_PLAT_INTEG_AUTH_SLOT1_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_INTEG_AUTH_SLOT1_READ_LOCK_PLAT_INTEG_AUTH_SLOT1_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot0: + *reg_offset = OTP_CTRL_PLAT_OWNER_AUTH_SLOT0_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_OWNER_AUTH_SLOT0_READ_LOCK_PLAT_OWNER_AUTH_SLOT0_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot1: + *reg_offset = OTP_CTRL_PLAT_OWNER_AUTH_SLOT1_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_OWNER_AUTH_SLOT1_READ_LOCK_PLAT_OWNER_AUTH_SLOT1_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot2: + *reg_offset = OTP_CTRL_PLAT_OWNER_AUTH_SLOT2_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_OWNER_AUTH_SLOT2_READ_LOCK_PLAT_OWNER_AUTH_SLOT2_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot3: + *reg_offset = OTP_CTRL_PLAT_OWNER_AUTH_SLOT3_READ_LOCK_REG_OFFSET; + *index = + OTP_CTRL_PLAT_OWNER_AUTH_SLOT3_READ_LOCK_PLAT_OWNER_AUTH_SLOT3_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionExtNvm: + *reg_offset = OTP_CTRL_EXT_NVM_READ_LOCK_REG_OFFSET; + *index = OTP_CTRL_EXT_NVM_READ_LOCK_EXT_NVM_READ_LOCK_BIT; + break; + case kDifOtpCtrlPartitionRomPatch: + *reg_offset = OTP_CTRL_ROM_PATCH_READ_LOCK_REG_OFFSET; + *index = OTP_CTRL_ROM_PATCH_READ_LOCK_ROM_PATCH_READ_LOCK_BIT; + break; +#else +#error "dif_otp_ctrl does not support this top" +#endif default: return false; } @@ -229,34 +292,67 @@ dif_result_t dif_otp_ctrl_get_status(const dif_otp_ctrl_t *otp, } static const bitfield_bit32_index_t kIndices[] = { - [kDifOtpCtrlStatusCodeVendorTestError] = - OTP_CTRL_STATUS_VENDOR_TEST_ERROR_BIT, - [kDifOtpCtrlStatusCodeCreatorSwCfgError] = - OTP_CTRL_STATUS_CREATOR_SW_CFG_ERROR_BIT, - [kDifOtpCtrlStatusCodeOwnerSwCfgError] = - OTP_CTRL_STATUS_OWNER_SW_CFG_ERROR_BIT, - [kDifOtpCtrlStatusCodeRotCreatorAuthCodesignError] = - OTP_CTRL_STATUS_ROT_CREATOR_AUTH_CODESIGN_ERROR_BIT, - [kDifOtpCtrlStatusCodeRotCreatorAuthStateError] = - OTP_CTRL_STATUS_ROT_CREATOR_AUTH_STATE_ERROR_BIT, - [kDifOtpCtrlStatusCodeHwCfg0Error] = OTP_CTRL_STATUS_HW_CFG0_ERROR_BIT, - [kDifOtpCtrlStatusCodeHwCfg1Error] = OTP_CTRL_STATUS_HW_CFG1_ERROR_BIT, - [kDifOtpCtrlStatusCodeSecret0Error] = OTP_CTRL_STATUS_SECRET0_ERROR_BIT, - [kDifOtpCtrlStatusCodeSecret1Error] = OTP_CTRL_STATUS_SECRET1_ERROR_BIT, - [kDifOtpCtrlStatusCodeSecret2Error] = OTP_CTRL_STATUS_SECRET2_ERROR_BIT, - [kDifOtpCtrlStatusCodeLifeCycleError] = - OTP_CTRL_STATUS_LIFE_CYCLE_ERROR_BIT, - [kDifOtpCtrlStatusCodeDaiError] = OTP_CTRL_STATUS_DAI_ERROR_BIT, - [kDifOtpCtrlStatusCodeLciError] = OTP_CTRL_STATUS_LCI_ERROR_BIT, - [kDifOtpCtrlStatusCodeTimeoutError] = OTP_CTRL_STATUS_TIMEOUT_ERROR_BIT, - [kDifOtpCtrlStatusCodeLfsrError] = OTP_CTRL_STATUS_LFSR_FSM_ERROR_BIT, - [kDifOtpCtrlStatusCodeScramblingError] = - OTP_CTRL_STATUS_SCRAMBLING_FSM_ERROR_BIT, - [kDifOtpCtrlStatusCodeKdfError] = OTP_CTRL_STATUS_KEY_DERIV_FSM_ERROR_BIT, - [kDifOtpCtrlStatusCodeBusIntegError] = - OTP_CTRL_STATUS_BUS_INTEG_ERROR_BIT, - [kDifOtpCtrlStatusCodeDaiIdle] = OTP_CTRL_STATUS_DAI_IDLE_BIT, - [kDifOtpCtrlStatusCodeCheckPending] = OTP_CTRL_STATUS_CHECK_PENDING_BIT, + [kDifOtpCtrlStatusCodeVendorTestError] = + OTP_CTRL_STATUS_VENDOR_TEST_ERROR_BIT, + [kDifOtpCtrlStatusCodeCreatorSwCfgError] = + OTP_CTRL_STATUS_CREATOR_SW_CFG_ERROR_BIT, + [kDifOtpCtrlStatusCodeOwnerSwCfgError] = + OTP_CTRL_STATUS_OWNER_SW_CFG_ERROR_BIT, +#if defined(OPENTITAN_IS_EARLGREY) + [kDifOtpCtrlStatusCodeRotCreatorAuthCodesignError] = + OTP_CTRL_STATUS_ROT_CREATOR_AUTH_CODESIGN_ERROR_BIT, + [kDifOtpCtrlStatusCodeRotCreatorAuthStateError] = + OTP_CTRL_STATUS_ROT_CREATOR_AUTH_STATE_ERROR_BIT, +#elif defined(OPENTITAN_IS_DARJEELING) + [kDifOtpCtrlStatusCodeOwnershipSlotStateError] = + OTP_CTRL_STATUS_OWNERSHIP_SLOT_STATE_ERROR_BIT, + [kDifOtpCtrlStatusCodeRotCreatorAuthError] = + OTP_CTRL_STATUS_ROT_CREATOR_AUTH_ERROR_BIT, + [kDifOtpCtrlStatusCodeRotOwnerAuthSlot0Error] = + OTP_CTRL_STATUS_ROT_OWNER_AUTH_SLOT0_ERROR_BIT, + [kDifOtpCtrlStatusCodeRotOwnerAuthSlot1Error] = + OTP_CTRL_STATUS_ROT_OWNER_AUTH_SLOT1_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatIntegAuthSlot0Error] = + OTP_CTRL_STATUS_PLAT_INTEG_AUTH_SLOT0_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatIntegAuthSlot1Error] = + OTP_CTRL_STATUS_PLAT_INTEG_AUTH_SLOT1_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatOwnerAuthSlot0Error] = + OTP_CTRL_STATUS_PLAT_OWNER_AUTH_SLOT0_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatOwnerAuthSlot1Error] = + OTP_CTRL_STATUS_PLAT_OWNER_AUTH_SLOT1_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatOwnerAuthSlot2Error] = + OTP_CTRL_STATUS_PLAT_OWNER_AUTH_SLOT2_ERROR_BIT, + [kDifOtpCtrlStatusCodePlatOwnerAuthSlot3Error] = + OTP_CTRL_STATUS_PLAT_OWNER_AUTH_SLOT3_ERROR_BIT, + [kDifOtpCtrlStatusCodeExtNvmError] = OTP_CTRL_STATUS_EXT_NVM_ERROR_BIT, + [kDifOtpCtrlStatusCodeRomPatchError] = OTP_CTRL_STATUS_ROM_PATCH_ERROR_BIT, +#else +#error "dif_otp_ctrl does not support this top" +#endif + [kDifOtpCtrlStatusCodeHwCfg0Error] = OTP_CTRL_STATUS_HW_CFG0_ERROR_BIT, + [kDifOtpCtrlStatusCodeHwCfg1Error] = OTP_CTRL_STATUS_HW_CFG1_ERROR_BIT, + [kDifOtpCtrlStatusCodeSecret0Error] = OTP_CTRL_STATUS_SECRET0_ERROR_BIT, + [kDifOtpCtrlStatusCodeSecret1Error] = OTP_CTRL_STATUS_SECRET1_ERROR_BIT, + [kDifOtpCtrlStatusCodeSecret2Error] = OTP_CTRL_STATUS_SECRET2_ERROR_BIT, +#if defined(OPENTITAN_IS_DARJEELING) + [kDifOtpCtrlStatusCodeSecret3Error] = OTP_CTRL_STATUS_SECRET3_ERROR_BIT, +#elif defined(OPENTITAN_IS_EARLGREY) +// Earlgrey only has 3 secret partitions. +#else +#error "dif_otp_ctrl does not support this top" +#endif + [kDifOtpCtrlStatusCodeLifeCycleError] = + OTP_CTRL_STATUS_LIFE_CYCLE_ERROR_BIT, + [kDifOtpCtrlStatusCodeDaiError] = OTP_CTRL_STATUS_DAI_ERROR_BIT, + [kDifOtpCtrlStatusCodeLciError] = OTP_CTRL_STATUS_LCI_ERROR_BIT, + [kDifOtpCtrlStatusCodeTimeoutError] = OTP_CTRL_STATUS_TIMEOUT_ERROR_BIT, + [kDifOtpCtrlStatusCodeLfsrError] = OTP_CTRL_STATUS_LFSR_FSM_ERROR_BIT, + [kDifOtpCtrlStatusCodeScramblingError] = + OTP_CTRL_STATUS_SCRAMBLING_FSM_ERROR_BIT, + [kDifOtpCtrlStatusCodeKdfError] = OTP_CTRL_STATUS_KEY_DERIV_FSM_ERROR_BIT, + [kDifOtpCtrlStatusCodeBusIntegError] = OTP_CTRL_STATUS_BUS_INTEG_ERROR_BIT, + [kDifOtpCtrlStatusCodeDaiIdle] = OTP_CTRL_STATUS_DAI_IDLE_BIT, + [kDifOtpCtrlStatusCodeCheckPending] = OTP_CTRL_STATUS_CHECK_PENDING_BIT, }; status->codes = 0; @@ -384,6 +480,7 @@ static const partition_info_t kPartitions[] = { .is_software = true, .has_digest = true, .is_lifecycle = false}, +#if defined(OPENTITAN_IS_EARLGREY) [kDifOtpCtrlPartitionRotCreatorAuthCodesign] = { .start_addr = OTP_CTRL_PARAM_ROT_CREATOR_AUTH_CODESIGN_OFFSET, .len = OTP_CTRL_PARAM_ROT_CREATOR_AUTH_CODESIGN_SIZE, @@ -398,6 +495,94 @@ static const partition_info_t kPartitions[] = { .is_software = true, .has_digest = true, .is_lifecycle = false}, +#elif defined(OPENTITAN_IS_DARJEELING) + [kDifOtpCtrlPartitionOwnershipSlotState] = { + .start_addr = OTP_CTRL_PARAM_OWNERSHIP_SLOT_STATE_OFFSET, + .len = OTP_CTRL_PARAM_OWNERSHIP_SLOT_STATE_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = false, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionRotCreatorAuth] = { + .start_addr = OTP_CTRL_PARAM_ROT_CREATOR_AUTH_OFFSET, + .len = OTP_CTRL_PARAM_ROT_CREATOR_AUTH_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionRotOwnerAuthSlot0] = { + .start_addr = OTP_CTRL_PARAM_ROT_OWNER_AUTH_SLOT0_OFFSET, + .len = OTP_CTRL_PARAM_ROT_OWNER_AUTH_SLOT0_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionRotOwnerAuthSlot1] = { + .start_addr = OTP_CTRL_PARAM_ROT_OWNER_AUTH_SLOT1_OFFSET, + .len = OTP_CTRL_PARAM_ROT_OWNER_AUTH_SLOT1_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatIntegAuthSlot0] = { + .start_addr = OTP_CTRL_PARAM_PLAT_INTEG_AUTH_SLOT0_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_INTEG_AUTH_SLOT0_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatIntegAuthSlot1] = { + .start_addr = OTP_CTRL_PARAM_PLAT_INTEG_AUTH_SLOT1_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_INTEG_AUTH_SLOT1_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatOwnerAuthSlot0] = { + .start_addr = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT0_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT0_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatOwnerAuthSlot1] = { + .start_addr = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT1_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT1_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatOwnerAuthSlot2] = { + .start_addr = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT2_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT2_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionPlatOwnerAuthSlot3] = { + .start_addr = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT3_OFFSET, + .len = OTP_CTRL_PARAM_PLAT_OWNER_AUTH_SLOT3_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionExtNvm] = { + .start_addr = OTP_CTRL_PARAM_EXT_NVM_OFFSET, + .len = OTP_CTRL_PARAM_EXT_NVM_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = false, + .is_lifecycle = false}, + [kDifOtpCtrlPartitionRomPatch] = { + .start_addr = OTP_CTRL_PARAM_ROM_PATCH_OFFSET, + .len = OTP_CTRL_PARAM_ROM_PATCH_SIZE, + .align_mask = 0x3, + .is_software = true, + .has_digest = true, + .is_lifecycle = false}, +#else +#error "dif_otp_ctrl does not support this top" +#endif [kDifOtpCtrlPartitionHwCfg0] = { .start_addr = OTP_CTRL_PARAM_HW_CFG0_OFFSET, .len = OTP_CTRL_PARAM_HW_CFG0_SIZE, @@ -433,6 +618,19 @@ static const partition_info_t kPartitions[] = { .is_software = false, .has_digest = true, .is_lifecycle = false}, +#if defined(OPENTITAN_IS_DARJEELING) + [kDifOtpCtrlPartitionSecret3] = { + .start_addr = OTP_CTRL_PARAM_SECRET3_OFFSET, + .len = OTP_CTRL_PARAM_SECRET3_SIZE, + .align_mask = 0x7, + .is_software = false, + .has_digest = true, + .is_lifecycle = false}, +#elif defined(OPENTITAN_IS_EARLGREY) +// Earlgrey only has 3 secret partitions. +#else +#error "dif_otp_ctrl does not support this top" +#endif [kDifOtpCtrlPartitionLifeCycle] = { .start_addr = OTP_CTRL_PARAM_LIFE_CYCLE_OFFSET, .len = OTP_CTRL_PARAM_LIFE_CYCLE_SIZE, @@ -666,6 +864,7 @@ static bool get_digest_regs(dif_otp_ctrl_partition_t partition, ptrdiff_t *reg0, *reg0 = OTP_CTRL_OWNER_SW_CFG_DIGEST_0_REG_OFFSET; *reg1 = OTP_CTRL_OWNER_SW_CFG_DIGEST_1_REG_OFFSET; break; +#if defined(OPENTITAN_IS_EARLGREY) case kDifOtpCtrlPartitionRotCreatorAuthCodesign: *reg0 = OTP_CTRL_ROT_CREATOR_AUTH_CODESIGN_DIGEST_0_REG_OFFSET; *reg1 = OTP_CTRL_ROT_CREATOR_AUTH_CODESIGN_DIGEST_1_REG_OFFSET; @@ -674,6 +873,50 @@ static bool get_digest_regs(dif_otp_ctrl_partition_t partition, ptrdiff_t *reg0, *reg0 = OTP_CTRL_ROT_CREATOR_AUTH_STATE_DIGEST_0_REG_OFFSET; *reg1 = OTP_CTRL_ROT_CREATOR_AUTH_STATE_DIGEST_1_REG_OFFSET; break; +#elif defined(OPENTITAN_IS_DARJEELING) + case kDifOtpCtrlPartitionRotCreatorAuth: + *reg0 = OTP_CTRL_ROT_CREATOR_AUTH_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_ROT_CREATOR_AUTH_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionRotOwnerAuthSlot0: + *reg0 = OTP_CTRL_ROT_OWNER_AUTH_SLOT0_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_ROT_OWNER_AUTH_SLOT0_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionRotOwnerAuthSlot1: + *reg0 = OTP_CTRL_ROT_OWNER_AUTH_SLOT1_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_ROT_OWNER_AUTH_SLOT1_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatIntegAuthSlot0: + *reg0 = OTP_CTRL_PLAT_INTEG_AUTH_SLOT0_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_INTEG_AUTH_SLOT0_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatIntegAuthSlot1: + *reg0 = OTP_CTRL_PLAT_INTEG_AUTH_SLOT1_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_INTEG_AUTH_SLOT1_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot0: + *reg0 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT0_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT0_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot1: + *reg0 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT1_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT1_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot2: + *reg0 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT2_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT2_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionPlatOwnerAuthSlot3: + *reg0 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT3_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_PLAT_OWNER_AUTH_SLOT3_DIGEST_1_REG_OFFSET; + break; + case kDifOtpCtrlPartitionRomPatch: + *reg0 = OTP_CTRL_ROM_PATCH_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_ROM_PATCH_DIGEST_1_REG_OFFSET; + break; +#else +#error "dif_otp_ctrl does not support this top" +#endif case kDifOtpCtrlPartitionHwCfg0: *reg0 = OTP_CTRL_HW_CFG0_DIGEST_0_REG_OFFSET; *reg1 = OTP_CTRL_HW_CFG0_DIGEST_1_REG_OFFSET; @@ -694,6 +937,16 @@ static bool get_digest_regs(dif_otp_ctrl_partition_t partition, ptrdiff_t *reg0, *reg0 = OTP_CTRL_SECRET2_DIGEST_0_REG_OFFSET; *reg1 = OTP_CTRL_SECRET2_DIGEST_1_REG_OFFSET; break; +#if defined(OPENTITAN_IS_DARJEELING) + case kDifOtpCtrlPartitionSecret3: + *reg0 = OTP_CTRL_SECRET3_DIGEST_0_REG_OFFSET; + *reg1 = OTP_CTRL_SECRET3_DIGEST_1_REG_OFFSET; + break; +#elif defined(OPENTITAN_IS_EARLGREY) +// Earlgrey only has 3 secret partitions. +#else +#error "dif_otp_ctrl does not support this top" +#endif default: return false; } diff --git a/sw/device/lib/dif/dif_otp_ctrl.h b/sw/device/lib/dif/dif_otp_ctrl.h index 7894ddf3e4e78..ccc6f9b350d2e 100644 --- a/sw/device/lib/dif/dif_otp_ctrl.h +++ b/sw/device/lib/dif/dif_otp_ctrl.h @@ -52,6 +52,7 @@ typedef enum dif_otp_ctrl_partition { * modes if verification fails. */ kDifOtpCtrlPartitionOwnerSwCfg, +#if defined(OPENTITAN_IS_EARLGREY) /** * This OTP partition is used to store four P-256 keys and four Sphincs+ keys. * @@ -78,6 +79,90 @@ typedef enum dif_otp_ctrl_partition { * EarlGrey. */ kDifOtpCtrlPartitionRotCreatorAuthState, +#elif defined(OPENTITAN_IS_DARJEELING) + /** + * SW managed asset ownership states partition. + * + * Multibit enable value for the tracking the asset ownership states. + * Note that the states can be written multiple times in a device lifetime. + * The values to be written are engineered in the same way as the LC_CTRL + * state encoding words so that the ECC encoding remains valid even after + * updating the values. + * + * The constants can be found in the lc_ctrl_state_pkg.sv package. + * + * The programming order has to adhere to: + * + * OWNERSHIP_ST_RAW (factory all-zero state) -> + * OWNERSHIP_ST_LOCKED0 -> + * OWNERSHIP_ST_RELEASED0 -> + * ... + * OWNERSHIP_ST_SCRAPPED + * + * Note that if there are less than 4 slots available the higher slot states + * become logically equivalent to OWNERSHIP_SCRAPPED (firmware has to handle + * this correctly). + */ + kDifOtpCtrlPartitionOwnershipSlotState, + /** + * Software managed creator partition. + * + */ + kDifOtpCtrlPartitionRotCreatorAuth, + /** + * Software managed owner slot 0 partition. + * + */ + kDifOtpCtrlPartitionRotOwnerAuthSlot0, + /** + * Software managed owner slot 1 partition. + * + */ + kDifOtpCtrlPartitionRotOwnerAuthSlot1, + /** + * Software managed platform integrator slot 0 partition. + * + */ + kDifOtpCtrlPartitionPlatIntegAuthSlot0, + /** + * Software managed platform integrator slot 1 partition. + * + */ + kDifOtpCtrlPartitionPlatIntegAuthSlot1, + /** + * Software managed platform owner slot 0 partition. + * + */ + kDifOtpCtrlPartitionPlatOwnerAuthSlot0, + /** + * Software managed platform owner slot 1 partition. + * + */ + kDifOtpCtrlPartitionPlatOwnerAuthSlot1, + /** + * Software managed platform owner slot 2 partition. + * + */ + kDifOtpCtrlPartitionPlatOwnerAuthSlot2, + /** + * Software managed platform owner slot 3 partition. + * + */ + kDifOtpCtrlPartitionPlatOwnerAuthSlot3, + /** + * Anti-replay protection Strike Counters partition. + * + */ + kDifOtpCtrlPartitionExtNvm, + /** + * ROM Patch Code section. + * + * May contain multiple signed ROM2 patches. + */ + kDifOtpCtrlPartitionRomPatch, +#else +#error "dif_otp_ctrl does not support this top" +#endif /** * Hardware configuration 0 partition. * @@ -108,6 +193,18 @@ typedef enum dif_otp_ctrl_partition { * This contains RMA unlock token, creator root key, and creator seed. */ kDifOtpCtrlPartitionSecret2, +#if defined(OPENTITAN_IS_DARJEELING) + /** + * Secret partition 3. + * + * This contains the owner seed. + */ + kDifOtpCtrlPartitionSecret3, +#elif defined(OPENTITAN_IS_EARLGREY) +// Earlgrey only has 3 secret partitions. +#else +#error "dif_otp_ctrl does not support this top" +#endif /** * Lifecycle partition. * @@ -182,6 +279,7 @@ typedef enum dif_otp_ctrl_status_code { * Indicates an error occurred in the `OwnerSwCfg` partition. */ kDifOtpCtrlStatusCodeOwnerSwCfgError, +#if defined(OPENTITAN_IS_EARLGREY) /** * Indicates an error occurred in the `RotCreatorAuthCodesign` partition. */ @@ -190,6 +288,58 @@ typedef enum dif_otp_ctrl_status_code { * Indicates an error occurred in the `RotCreatorAuthState` partition. */ kDifOtpCtrlStatusCodeRotCreatorAuthStateError, +#elif defined(OPENTITAN_IS_DARJEELING) + /** + * Indicates an error occurred in the `OwnershipSlotState` partition. + */ + kDifOtpCtrlStatusCodeOwnershipSlotStateError, + /** + * Indicates an error occurred in the `RotCreatorAuth` partition. + */ + kDifOtpCtrlStatusCodeRotCreatorAuthError, + /** + * Indicates an error occurred in the `RotOwnerAuthSlot0` partition. + */ + kDifOtpCtrlStatusCodeRotOwnerAuthSlot0Error, + /** + * Indicates an error occurred in the `RotOwnerAuthSlot1` partition. + */ + kDifOtpCtrlStatusCodeRotOwnerAuthSlot1Error, + /** + * Indicates an error occurred in the `PlatIntegAuthSlot0` partition. + */ + kDifOtpCtrlStatusCodePlatIntegAuthSlot0Error, + /** + * Indicates an error occurred in the `PlatIntegAuthSlot1` partition. + */ + kDifOtpCtrlStatusCodePlatIntegAuthSlot1Error, + /** + * Indicates an error occurred in the `PlatOwnerAuthSlot0` partition. + */ + kDifOtpCtrlStatusCodePlatOwnerAuthSlot0Error, + /** + * Indicates an error occurred in the `PlatOwnerAuthSlot1` partition. + */ + kDifOtpCtrlStatusCodePlatOwnerAuthSlot1Error, + /** + * Indicates an error occurred in the `PlatOwnerAuthSlot2` partition. + */ + kDifOtpCtrlStatusCodePlatOwnerAuthSlot2Error, + /** + * Indicates an error occurred in the `PlatOwnerAuthSlot3` partition. + */ + kDifOtpCtrlStatusCodePlatOwnerAuthSlot3Error, + /** + * Indicates an error occurred in the `ExtNvm` partition. + */ + kDifOtpCtrlStatusCodeExtNvmError, + /** + * Indicates an error occurred in the `RomPatch` partition. + */ + kDifOtpCtrlStatusCodeRomPatchError, +#else +#error "dif_otp_ctrl does not support this top" +#endif /** * Indicates an error occurred in the `HwCfg0` partition. */ @@ -210,6 +360,16 @@ typedef enum dif_otp_ctrl_status_code { * Indicates an error occurred in the `Secret2` partition. */ kDifOtpCtrlStatusCodeSecret2Error, +#if defined(OPENTITAN_IS_DARJEELING) + /** + * Indicates an error occurred in the `Secret3` partition. + */ + kDifOtpCtrlStatusCodeSecret3Error, +#elif defined(OPENTITAN_IS_EARLGREY) +// Earlgrey only has 3 secret partitions. +#else +#error "dif_otp_ctrl does not support this top" +#endif /** * Indicates an error occurred in the `LifeCycle` partition. */ diff --git a/sw/device/lib/testing/otp_ctrl_testutils.c b/sw/device/lib/testing/otp_ctrl_testutils.c index fda2322e4c8a0..0af36baccfc58 100644 --- a/sw/device/lib/testing/otp_ctrl_testutils.c +++ b/sw/device/lib/testing/otp_ctrl_testutils.c @@ -143,11 +143,13 @@ status_t otp_ctrl_testutils_dai_write32(const dif_otp_ctrl_t *otp, // Software partitions don't have scrambling or ECC enabled, so it is possible // to read the value and compare it against the expected value before // performing the write. - bool check_before_write = - (partition == kDifOtpCtrlPartitionCreatorSwCfg || - partition == kDifOtpCtrlPartitionOwnerSwCfg || - partition == kDifOtpCtrlPartitionRotCreatorAuthCodesign || - partition == kDifOtpCtrlPartitionRotCreatorAuthState); + bool check_before_write = ( +#ifdef OPENTITAN_IS_EARLGREY + partition == kDifOtpCtrlPartitionRotCreatorAuthCodesign || + partition == kDifOtpCtrlPartitionRotCreatorAuthState || +#endif // OPENTITAN_IS_EARLGREY + partition == kDifOtpCtrlPartitionCreatorSwCfg || + partition == kDifOtpCtrlPartitionOwnerSwCfg); uint32_t stop_address = start_address + (len * sizeof(uint32_t)); for (uint32_t addr = start_address, i = 0; addr < stop_address; addr += sizeof(uint32_t), ++i) { From a795cb2e06756755e259e54ce02b9970a11087fa Mon Sep 17 00:00:00 2001 From: Miguel Osorio Date: Fri, 1 Dec 2023 11:58:11 -0800 Subject: [PATCH 2/5] [top] Add keymgr_dpe_derivation_test This commit adds a top-level key derivation test, loosely derived from `chip_sw_keymgr_key_derivation` for the non-DPE `keymgr`. In a nutshell, the test goes through multiple key derivations from boot stage 0 to 3 and checks that `keymgr_dpe` correctly takes the various inputs from hardware (e.g., `otp_ctrl`, `rom_ctrl`) and software into account when deriving its internal keys as well as when generating versioned keys for SW or sideloading to HW (AES, OTBN, and KMAC). This commit is a squash of the following four commits which do not make sense individually on this branch: (cherry picked from commit 51622c5aff4f08ed2b60c21704e872d06b16f722) (cherry picked from commit eafb43633b3b557a28d5af6986a46c493547dd0b) (cherry picked from commit edef349082f135b92f6722abbbd48d6a073aa46c) (cherry picked from commit 14bdf72dfbd50422e92ac16f855fa9b31184c02f) Co-authored-by: James Wainwright Signed-off-by: Miguel Osorio Signed-off-by: Andreas Kurth Signed-off-by: Ravi Sahita Signed-off-by: James Wainwright --- sw/device/lib/testing/BUILD | 23 + sw/device/lib/testing/keymgr_dpe_testutils.c | 115 +++++ sw/device/lib/testing/keymgr_dpe_testutils.h | 96 ++++ sw/device/tests/BUILD | 22 + .../tests/keymgr_dpe_key_derivation_test.c | 418 ++++++++++++++++++ 5 files changed, 674 insertions(+) create mode 100644 sw/device/lib/testing/keymgr_dpe_testutils.c create mode 100644 sw/device/lib/testing/keymgr_dpe_testutils.h create mode 100644 sw/device/tests/keymgr_dpe_key_derivation_test.c diff --git a/sw/device/lib/testing/BUILD b/sw/device/lib/testing/BUILD index 80b9009c54ade..0d0495aa84735 100644 --- a/sw/device/lib/testing/BUILD +++ b/sw/device/lib/testing/BUILD @@ -588,3 +588,26 @@ cc_library( "//sw/device/lib/testing/test_framework:check", ], ) + +cc_library( + name = "keymgr_dpe_testutils", + srcs = ["keymgr_dpe_testutils.c"], + hdrs = ["keymgr_dpe_testutils.h"], + target_compatible_with = [OPENTITAN_CPU], + deps = [ + ":entropy_testutils", + ":kmac_testutils", + ":otp_ctrl_testutils", + ":rstmgr_testutils", + "//hw/top:keymgr_dpe_c_regs", + "//hw/top_darjeeling/sw/autogen:top_darjeeling", + "//sw/device/lib/arch:boot_stage", + "//sw/device/lib/base:mmio", + "//sw/device/lib/dif:keymgr_dpe", + "//sw/device/lib/dif:otp_ctrl", + "//sw/device/lib/dif:rstmgr", + "//sw/device/lib/runtime:ibex", + "//sw/device/lib/testing/test_framework:check", + "//sw/device/silicon_creator/lib/base:chip", + ], +) diff --git a/sw/device/lib/testing/keymgr_dpe_testutils.c b/sw/device/lib/testing/keymgr_dpe_testutils.c new file mode 100644 index 0000000000000..3152f07ae8a62 --- /dev/null +++ b/sw/device/lib/testing/keymgr_dpe_testutils.c @@ -0,0 +1,115 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +#include "sw/device/lib/testing/keymgr_dpe_testutils.h" + +#include "sw/device/lib/dif/dif_keymgr_dpe.h" +#include "sw/device/lib/dif/dif_otp_ctrl.h" +#include "sw/device/lib/dif/dif_rstmgr.h" +#include "sw/device/lib/runtime/ibex.h" +#include "sw/device/lib/runtime/log.h" +#include "sw/device/lib/testing/otp_ctrl_testutils.h" +#include "sw/device/lib/testing/rstmgr_testutils.h" +#include "sw/device/lib/testing/test_framework/check.h" +#include "sw/device/silicon_creator/lib/base/chip.h" + +#include "hw/top_darjeeling/sw/autogen/top_darjeeling.h" + +status_t keymgr_dpe_testutils_startup(dif_keymgr_dpe_t *keymgr_dpe, + uint32_t slot_dst_sel) { + dif_rstmgr_t rstmgr; + dif_rstmgr_reset_info_bitfield_t info; + + TRY(dif_rstmgr_init( + mmio_region_from_addr(TOP_DARJEELING_RSTMGR_AON_BASE_ADDR), &rstmgr)); + info = rstmgr_testutils_reason_get(); + + // POR reset. + if (info == kDifRstmgrResetInfoPor) { + LOG_INFO( + "Powered up for the first time, lock SECRET2 and SECRET3 partitions"); + dif_otp_ctrl_t otp; + TRY(dif_otp_ctrl_init( + mmio_region_from_addr(TOP_DARJEELING_OTP_CTRL_CORE_BASE_ADDR), &otp)); + TRY(otp_ctrl_testutils_lock_partition(&otp, kDifOtpCtrlPartitionSecret2, + 0)); + TRY(otp_ctrl_testutils_lock_partition(&otp, kDifOtpCtrlPartitionSecret3, + 0)); + + // Reboot device. + rstmgr_testutils_reason_clear(); + LOG_INFO("Triggering software reset"); + TRY(dif_rstmgr_software_device_reset(&rstmgr)); + + // Wait here until device reset. + wait_for_interrupt(); + + } else { + TRY_CHECK(info == kDifRstmgrResetInfoSw, "Unexpected reset reason: %08x", + info); + LOG_INFO( + "Powered up for the second time, actuate keymgr_dpe and perform test."); + + // Initialize keymgr_dpe context. + TRY(dif_keymgr_dpe_init( + mmio_region_from_addr(TOP_DARJEELING_KEYMGR_DPE_BASE_ADDR), + keymgr_dpe)); + + // Advance to Initialized state. + TRY(keymgr_dpe_testutils_check_state(keymgr_dpe, kDifKeymgrDpeStateReset)); + TRY(dif_keymgr_dpe_initialize(keymgr_dpe, slot_dst_sel)); + TRY(keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe)); + TRY(keymgr_dpe_testutils_check_state(keymgr_dpe, + kDifKeymgrDpeStateAvailable)); + LOG_INFO("UDS is latched."); + } + return OK_STATUS(); +} + +status_t keymgr_dpe_testutils_advance_state( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_advance_params_t *params) { + TRY(dif_keymgr_dpe_advance_state(keymgr_dpe, params)); + return keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe); +} + +status_t keymgr_dpe_testutils_erase_slot( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_erase_params_t *params) { + TRY(dif_keymgr_dpe_erase_slot(keymgr_dpe, params)); + return keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe); +} + +status_t keymgr_dpe_testutils_generate( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_generate_params_t *params, + dif_keymgr_dpe_output_t *key) { + TRY(dif_keymgr_dpe_generate(keymgr_dpe, params)); + TRY(keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe)); + TRY(dif_keymgr_dpe_read_output(keymgr_dpe, key)); + return OK_STATUS(); +} + +status_t keymgr_dpe_testutils_check_state( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_state_t exp_state) { + dif_keymgr_dpe_state_t act_state; + TRY(dif_keymgr_dpe_get_state(keymgr_dpe, &act_state)); + TRY_CHECK(act_state == exp_state, + "KeymgrDPE in unexpected state: %x, expected to be %x", act_state, + exp_state); + return OK_STATUS(); +} + +status_t keymgr_dpe_testutils_wait_for_operation_done( + const dif_keymgr_dpe_t *keymgr_dpe) { + dif_keymgr_dpe_status_codes_t status; + do { + TRY(dif_keymgr_dpe_get_status_codes(keymgr_dpe, &status)); + } while (status == 0); + LOG_INFO("keymgr_dpe_status_code: 0x%x", status); + TRY_CHECK(status == kDifKeymgrDpeStatusCodeIdle, "Unexpected status: %x", + status); + return OK_STATUS(); +} diff --git a/sw/device/lib/testing/keymgr_dpe_testutils.h b/sw/device/lib/testing/keymgr_dpe_testutils.h new file mode 100644 index 0000000000000..f480c3fae46ea --- /dev/null +++ b/sw/device/lib/testing/keymgr_dpe_testutils.h @@ -0,0 +1,96 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +#ifndef OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_DPE_TESTUTILS_H_ +#define OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_DPE_TESTUTILS_H_ + +#include "sw/device/lib/base/status.h" +#include "sw/device/lib/dif/dif_keymgr_dpe.h" + +/** + * Locks OTP, restarts and initializes keymgr_dpe with UDS (a.k.a. the OTP + * root key). + * + * This procedure essentially gets the keymgr_dpe into the stage where it + * can be used for tests. An example is given below: + * ``` + * void test_main(void) { + * // The following sets up keymgr_dpe and asks it to latch UDS. + * dif_keymgr_dpe_t keymgr_dpe; + * keymgr_dpe_testutils_startup(&keymgr_dpe); + * + * // Remainder of test; optionally advance to CreatorRootKey state, generate + * // keys and identities. + * ... + * } + * ``` + * + * @param[out] keymgr_dpe A key manager handle, may be uninitialized. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_startup(dif_keymgr_dpe_t *keymgr_dpe, + uint32_t slot_dst_sel); + +/** + * Issues a keymgr_dpe advance operation and wait for it to complete. + * + * @param keymgr_dpe A key manager handle. + * @param params Inputs that are consumed by HW during advance operation. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_advance_state( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_advance_params_t *params); + +/** + * Issues a keymgr_dpe key generation operation and wait for it to complete. + * + * @param keymgr_dpe A key manager handle. + * @param params Inputs that are consumed by HW during generate operation. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_generate( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_generate_params_t *params, + dif_keymgr_dpe_output_t *key); + +/** + * Erase a keymgr_dpe slot. + * + * @param keymgr_dpe A key manager handle. + * @param params A wrapper struct that contains the destination slot to be + * erased. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_erase_slot( + const dif_keymgr_dpe_t *keymgr_dpe, + const dif_keymgr_dpe_erase_params_t *params); + +/** + * Checks if the current keymgr_dpe state matches the expected state + * + * @param keymgr_dpe A key manager handle. + * @param exp_state The expected key manager state. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_check_state( + const dif_keymgr_dpe_t *keymgr_dpe, const dif_keymgr_dpe_state_t exp_state); + +/** + * Polling keymgr_dpe status until it becomes idle. + * Fail the test if the status code indicates any error. + * + * @param keymgr_dpe A key manager handle. + * @return The result of the operation. + */ +OT_WARN_UNUSED_RESULT +status_t keymgr_dpe_testutils_wait_for_operation_done( + const dif_keymgr_dpe_t *keymgr_dpe); + +#endif // OPENTITAN_SW_DEVICE_LIB_TESTING_KEYMGR_DPE_TESTUTILS_H_ diff --git a/sw/device/tests/BUILD b/sw/device/tests/BUILD index de1072ce88bc5..42b36656557c7 100644 --- a/sw/device/tests/BUILD +++ b/sw/device/tests/BUILD @@ -7481,3 +7481,25 @@ opentitan_test( "//sw/device/lib/testing/test_framework:ottf_main", ], ) + +opentitan_test( + name = "keymgr_dpe_key_derivation_test", + srcs = ["keymgr_dpe_key_derivation_test.c"], + exec_env = { + "//hw/top_darjeeling:sim_dv": None, + }, + deps = [ + "//hw/top:keymgr_dpe_c_regs", + "//hw/top:kmac_c_regs", + "//hw/top_darjeeling/sw/autogen:top_darjeeling", + "//sw/device/lib/arch:device", + "//sw/device/lib/base:macros", + "//sw/device/lib/dif:keymgr_dpe", + "//sw/device/lib/dif:kmac", + "//sw/device/lib/runtime:hart", + "//sw/device/lib/runtime:log", + "//sw/device/lib/runtime:print", + "//sw/device/lib/testing:keymgr_dpe_testutils", + "//sw/device/lib/testing/test_framework:ottf_main", + ], +) diff --git a/sw/device/tests/keymgr_dpe_key_derivation_test.c b/sw/device/tests/keymgr_dpe_key_derivation_test.c new file mode 100644 index 0000000000000..ffed6972c0f3f --- /dev/null +++ b/sw/device/tests/keymgr_dpe_key_derivation_test.c @@ -0,0 +1,418 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +#include +#include + +#include "sw/device/lib/arch/device.h" +#include "sw/device/lib/base/macros.h" +#include "sw/device/lib/dif/dif_keymgr_dpe.h" +#include "sw/device/lib/dif/dif_kmac.h" +#include "sw/device/lib/dif/dif_otp_ctrl.h" +#include "sw/device/lib/dif/dif_rstmgr.h" +#include "sw/device/lib/runtime/hart.h" +#include "sw/device/lib/runtime/log.h" +#include "sw/device/lib/runtime/print.h" +#include "sw/device/lib/testing/keymgr_dpe_testutils.h" +#include "sw/device/lib/testing/rstmgr_testutils.h" +#include "sw/device/lib/testing/test_framework/check.h" +#include "sw/device/lib/testing/test_framework/ottf_main.h" + +#include "hw/top_darjeeling/sw/autogen/top_darjeeling.h" +#include "keymgr_dpe_regs.h" // Generated. +#include "kmac_regs.h" // Generated. + +OTTF_DEFINE_TEST_CONFIG(); + +static void init_kmac_for_keymgr(void) { + dif_kmac_t kmac; + CHECK_DIF_OK(dif_kmac_init( + mmio_region_from_addr(TOP_DARJEELING_KMAC_BASE_ADDR), &kmac)); + + // Configure KMAC hardware using software entropy. + dif_kmac_config_t config = (dif_kmac_config_t){ + .entropy_mode = kDifKmacEntropyModeSoftware, + .entropy_fast_process = false, + .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, + 0x70410fef}, + .sideload = true, + .msg_mask = true, + }; + CHECK_DIF_OK(dif_kmac_configure(&kmac, config)); +} + +// Perform an advance operation with the given parameters, check that all DIF +// statuses are OK, and await completion of the operation. +void advance(dif_keymgr_dpe_t *keymgr_dpe, + dif_keymgr_dpe_advance_params_t *params) { + CHECK_STATUS_OK(keymgr_dpe_testutils_advance_state(keymgr_dpe, params)); + CHECK_STATUS_OK(keymgr_dpe_testutils_check_state( + keymgr_dpe, kDifKeymgrDpeStateAvailable)); + CHECK_STATUS_OK(keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe)); +} + +// Perform a generate operation with the given parameters, check that all DIF +// statuses are OK, and await completion of the operation. +void generate(dif_keymgr_dpe_t *keymgr_dpe, + dif_keymgr_dpe_generate_params_t *params) { + CHECK_DIF_OK(dif_keymgr_dpe_generate(keymgr_dpe, params)); + CHECK_STATUS_OK(keymgr_dpe_testutils_wait_for_operation_done(keymgr_dpe)); +} + +bool test_main(void) { + dif_keymgr_dpe_t keymgr_dpe; + dif_keymgr_dpe_advance_params_t adv_params; + dif_keymgr_dpe_generate_params_t gen_params; + + // Start keymgr_dpe, letting it derive the boot stage 0 key into slot 1. + CHECK_STATUS_OK(keymgr_dpe_testutils_startup(&keymgr_dpe, + /*slot_dst_sel=*/1)); + CHECK_STATUS_OK(keymgr_dpe_testutils_check_state( + &keymgr_dpe, kDifKeymgrDpeStateAvailable)); + LOG_INFO("KeymgrDpe derived boot stage 0 key"); + + init_kmac_for_keymgr(); + + // Generate OTBN output from the boot stage 0 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestOtbn; + gen_params.version = 0; + gen_params.salt[7] = 0x49379059; + gen_params.salt[6] = 0xff523992; + gen_params.salt[5] = 0x75666880; + gen_params.salt[4] = 0xc0e44716; + gen_params.salt[3] = 0x999612df; + gen_params.salt[2] = 0x80f1a9de; + gen_params.salt[1] = 0x481eae40; + gen_params.salt[0] = 0x45e2c7f0; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated OTBN output from boot stage 0"); + + // Generate SW output from boot stage 0 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = false; // SW key + gen_params.key_dest = kDifKeymgrDpeKeyDestNone; + gen_params.version = 0; + gen_params.salt[7] = 0x72d5886b; + gen_params.salt[6] = 0x4e359e52; + gen_params.salt[5] = 0x0d7ff336; + gen_params.salt[4] = 0x267773cf; + gen_params.salt[3] = 0x00c7d10c; + gen_params.salt[2] = 0x6dea4fb9; + gen_params.salt[1] = 0x77fa328a; + gen_params.salt[0] = 0x15779805; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated SW output from boot stage 0"); + + // Generate KMAC output from the boot stage 0 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestKmac; + gen_params.version = 0; + gen_params.salt[7] = 0x78ad5715; + gen_params.salt[6] = 0x508680d4; + gen_params.salt[5] = 0xc7f825b2; + gen_params.salt[4] = 0xa7924b8d; + gen_params.salt[3] = 0x0906825f; + gen_params.salt[2] = 0x77cf81a3; + gen_params.salt[1] = 0xd63d89bd; + gen_params.salt[0] = 0x88fd3697; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated KMAC output from boot stage 0"); + + // Generate AES output from the boot stage 0 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestAes; + gen_params.version = 0; + gen_params.salt[7] = 0x945642d9; + gen_params.salt[6] = 0xfbcbc925; + gen_params.salt[5] = 0xdb7b0691; + gen_params.salt[4] = 0xcd973f4d; + gen_params.salt[3] = 0x278e051d; + gen_params.salt[2] = 0x0d9f1f0d; + gen_params.salt[1] = 0x45eff95b; + gen_params.salt[0] = 0xb1ad6ba7; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated AES output from boot stage 0"); + + // Derive a boot stage 1 key from the boot stage 0 key. + adv_params.slot_src_sel = 1; + adv_params.slot_dst_sel = 1; + adv_params.max_key_version = 0x100; + adv_params.binding_value[7] = 0x4ec9c6d6; + adv_params.binding_value[6] = 0x19f5cff7; + adv_params.binding_value[5] = 0x426dc745; + adv_params.binding_value[4] = 0xb8a8379d; + adv_params.binding_value[3] = 0xe92f76e2; + adv_params.binding_value[2] = 0xcb68ff71; + adv_params.binding_value[1] = 0xaf36e268; + adv_params.binding_value[0] = 0xdc96c23d; + // Set policy to *Allow Child* and *Retain Parent* (*Exportable* not + // implemented yet). + adv_params.slot_policy = 0x5; + advance(&keymgr_dpe, &adv_params); + LOG_INFO("KeymgrDpe derived boot stage 1 key"); + + // Generate KMAC output from the boot stage 1 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestKmac; + gen_params.version = 0; + gen_params.salt[7] = 0x6b21d5da; + gen_params.salt[6] = 0x929ea4f4; + gen_params.salt[5] = 0xeb06038b; + gen_params.salt[4] = 0xcecba4ea; + gen_params.salt[3] = 0x8c8e756a; + gen_params.salt[2] = 0x26691553; + gen_params.salt[1] = 0x7189202b; + gen_params.salt[0] = 0x5e560c86; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated KMAC output from boot stage 1"); + + // Generate AES output from the boot stage 1 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestAes; + gen_params.version = 1; + gen_params.salt[7] = 0xcd887c60; + gen_params.salt[6] = 0xcc40f919; + gen_params.salt[5] = 0xdd2972b7; + gen_params.salt[4] = 0x09cdc35f; + gen_params.salt[3] = 0x3a10980c; + gen_params.salt[2] = 0x4b38fdec; + gen_params.salt[1] = 0x3d56d980; + gen_params.salt[0] = 0x25314e07; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated AES output from boot stage 1"); + + // Generate SW output from the boot stage 1 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = false; // SW key + gen_params.key_dest = kDifKeymgrDpeKeyDestNone; + gen_params.version = 2; + gen_params.salt[7] = 0x72d5886b; + gen_params.salt[6] = 0x4e359e52; + gen_params.salt[5] = 0x0d7ff336; + gen_params.salt[4] = 0x267773cf; + gen_params.salt[3] = 0x00c7d10c; + gen_params.salt[2] = 0x6dea4fb9; + gen_params.salt[1] = 0x77fa328a; + gen_params.salt[0] = 0x15779805; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated SW output from boot stage 1"); + + // Generate OTBN output from the boot stage 1 key. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestOtbn; + gen_params.version = 3; + gen_params.salt[7] = 0x564712d4; + gen_params.salt[6] = 0x7ab745f5; + gen_params.salt[5] = 0x5fa8faa9; + gen_params.salt[4] = 0x77fce728; + gen_params.salt[3] = 0xffa3fd3c; + gen_params.salt[2] = 0x876930f2; + gen_params.salt[1] = 0x593b54d4; + gen_params.salt[0] = 0xa75e231b; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated OTBN output from boot stage 1"); + + // Derive a boot stage 2 key from the boot stage 1 key. + adv_params.slot_dst_sel = 2; + adv_params.binding_value[7] = 0x17eae937; + adv_params.binding_value[6] = 0x73008c5a; + adv_params.binding_value[5] = 0x181b7a2c; + adv_params.binding_value[4] = 0x605c8d2f; + adv_params.binding_value[3] = 0x99f93c05; + adv_params.binding_value[2] = 0x064b6b7d; + adv_params.binding_value[1] = 0x766be38a; + adv_params.binding_value[0] = 0xfe7c4f9b; + advance(&keymgr_dpe, &adv_params); + LOG_INFO("KeymgrDpe derived boot stage 2 key"); + + // Generate SW output from the boot stage 2 key. + gen_params.slot_src_sel = 2; + gen_params.sideload_key = false; // SW key + gen_params.key_dest = kDifKeymgrDpeKeyDestNone; + gen_params.version = 0; + gen_params.salt[7] = 0xe1b3f29c; + gen_params.salt[6] = 0xa3bc4d2a; + gen_params.salt[5] = 0x458fdc76; + gen_params.salt[4] = 0x1b1c0c2e; + gen_params.salt[3] = 0x1a128785; + gen_params.salt[2] = 0x69ce2d2f; + gen_params.salt[1] = 0x8a60fd60; + gen_params.salt[0] = 0x5307745c; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated SW output from boot stage 2"); + + dif_keymgr_dpe_output_t key; + CHECK_DIF_OK(dif_keymgr_dpe_read_output(&keymgr_dpe, &key)); + for (size_t i = 0; i < ARRAYSIZE(key.value); i++) { + for (size_t j = 0; j < ARRAYSIZE(key.value[0]); j++) { + LOG_INFO("%x ", key.value[i][j]); + } + } + + // Generate AES output from the boot stage 2 key. + gen_params.slot_src_sel = 2; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestAes; + gen_params.version = 1; + gen_params.salt[7] = 0x0f20f37e; + gen_params.salt[6] = 0xb951b619; + gen_params.salt[5] = 0xcb815e8d; + gen_params.salt[4] = 0x77e17fa4; + gen_params.salt[3] = 0x3074e3db; + gen_params.salt[2] = 0xe7482b04; + gen_params.salt[1] = 0xed12d4ee; + gen_params.salt[0] = 0xa34fba3c; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated AES output from boot stage 2"); + + // Generate KMAC output from the boot stage 2 key. + gen_params.slot_src_sel = 2; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestKmac; + gen_params.version = 2; + gen_params.salt[7] = 0xb31031a3; + gen_params.salt[6] = 0x59fe6e8e; + gen_params.salt[5] = 0x4171de6b; + gen_params.salt[4] = 0xa3f3d397; + gen_params.salt[3] = 0x7bb7800b; + gen_params.salt[2] = 0x8f8f8cda; + gen_params.salt[1] = 0xb697609d; + gen_params.salt[0] = 0x122eb3b7; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated KMAC output from boot stage 2"); + + // Generate OTBN output from the boot stage 2 key. + gen_params.slot_src_sel = 2; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestOtbn; + gen_params.version = 3; + gen_params.salt[7] = 0x3f184f9b; + gen_params.salt[6] = 0xd4af6765; + gen_params.salt[5] = 0x8abeb221; + gen_params.salt[4] = 0xaae3ca52; + gen_params.salt[3] = 0x29f7114f; + gen_params.salt[2] = 0xf5bf3e01; + gen_params.salt[1] = 0x6a961bc2; + gen_params.salt[0] = 0xec932d64; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated OTBN output from boot stage 2"); + + // Derive a boot stage 3 key from the boot stage 2 key. + adv_params.slot_src_sel = 2; + adv_params.slot_dst_sel = 3; + adv_params.binding_value[7] = 0x952b5a35; + adv_params.binding_value[6] = 0x28b4520e; + adv_params.binding_value[5] = 0x1f310db2; + adv_params.binding_value[4] = 0x832b8477; + adv_params.binding_value[3] = 0x75b81191; + adv_params.binding_value[2] = 0x0668dc27; + adv_params.binding_value[1] = 0xa226160d; + adv_params.binding_value[0] = 0x45790409; + advance(&keymgr_dpe, &adv_params); + LOG_INFO("KeymgrDpe derived boot stage 3 key"); + + // Generate AES output from the boot stage 3 key. + gen_params.slot_src_sel = 3; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestAes; + gen_params.version = 0x10; + gen_params.salt[7] = 0x30059d96; + gen_params.salt[6] = 0x97436d9c; + gen_params.salt[5] = 0xf539a20a; + gen_params.salt[4] = 0x6838564e; + gen_params.salt[3] = 0x74ad4bb7; + gen_params.salt[2] = 0x78000277; + gen_params.salt[1] = 0x423025af; + gen_params.salt[0] = 0x732e53a9; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated AES output from boot stage 3"); + + // Generate OTBN output from the boot stage 3 key. + gen_params.slot_src_sel = 3; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestOtbn; + gen_params.version = 0x20; + gen_params.salt[7] = 0x2cd82d66; + gen_params.salt[6] = 0x24275e98; + gen_params.salt[5] = 0xe0344ab2; + gen_params.salt[4] = 0xc048d59e; + gen_params.salt[3] = 0x139694c3; + gen_params.salt[2] = 0x0043f9b4; + gen_params.salt[1] = 0x413a2212; + gen_params.salt[0] = 0xc2dcfbc8; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated OTBN output from boot stage 3"); + + // Generate SW output from the boot stage 3 key. + gen_params.slot_src_sel = 3; + gen_params.sideload_key = false; // SW key + gen_params.key_dest = kDifKeymgrDpeKeyDestNone; + gen_params.version = 0x30; + gen_params.salt[7] = 0x23c20696; + gen_params.salt[6] = 0xebaf62f0; + gen_params.salt[5] = 0xa2ff413f; + gen_params.salt[4] = 0x22d65603; + gen_params.salt[3] = 0x91155c24; + gen_params.salt[2] = 0xda1269fc; + gen_params.salt[1] = 0xc8611986; + gen_params.salt[0] = 0xf129041f; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated SW output from boot stage 3"); + + // Generate KMAC output from the boot stage 3 key. + gen_params.slot_src_sel = 3; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestKmac; + gen_params.version = 0x40; + gen_params.salt[7] = 0x06896da3; + gen_params.salt[6] = 0x9ce2c0da; + gen_params.salt[5] = 0xaa23a965; + gen_params.salt[4] = 0x108e57ca; + gen_params.salt[3] = 0xd926d474; + gen_params.salt[2] = 0xb6ae40fc; + gen_params.salt[1] = 0xa65d1375; + gen_params.salt[0] = 0x6ee7be64; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated KMAC output from boot stage 3"); + + // Generate some additional outputs from the boot stage 1 and 2 keys, which + // should still be available. + gen_params.slot_src_sel = 1; + gen_params.sideload_key = false; // SW key + gen_params.key_dest = kDifKeymgrDpeKeyDestNone; + gen_params.version = 42; + gen_params.salt[7] = 0x2488d617; + gen_params.salt[6] = 0x99227306; + gen_params.salt[5] = 0xcd789bc0; + gen_params.salt[4] = 0x9787039b; + gen_params.salt[3] = 0x9869544a; + gen_params.salt[2] = 0xb28b9fc7; + gen_params.salt[1] = 0x69ab6f9d; + gen_params.salt[0] = 0xfb11f188; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated SW output from boot stage 1"); + gen_params.slot_src_sel = 2; + gen_params.sideload_key = true; // HW key + gen_params.key_dest = kDifKeymgrDpeKeyDestOtbn; + gen_params.version = 7; + gen_params.salt[7] = 0xfa94162c; + gen_params.salt[6] = 0xd039a40f; + gen_params.salt[5] = 0xc2b81d98; + gen_params.salt[4] = 0x999ce18d; + gen_params.salt[3] = 0xbf8fb838; + gen_params.salt[2] = 0x589544ce; + gen_params.salt[1] = 0xee7790c4; + gen_params.salt[0] = 0x0de6bdcf; + generate(&keymgr_dpe, &gen_params); + LOG_INFO("KeymgrDpe generated OTBN output from boot stage 2"); + + return true; +} From efa187000d250570c15d06cbda6d20edde818c70 Mon Sep 17 00:00:00 2001 From: James Wainwright Date: Thu, 20 Feb 2025 15:37:15 +0000 Subject: [PATCH 3/5] [keymgr_dpe] Port testutils to DT Signed-off-by: James Wainwright --- sw/device/lib/testing/BUILD | 2 +- sw/device/lib/testing/keymgr_dpe_testutils.c | 15 ++++++--------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/sw/device/lib/testing/BUILD b/sw/device/lib/testing/BUILD index 0d0495aa84735..c9521803686a0 100644 --- a/sw/device/lib/testing/BUILD +++ b/sw/device/lib/testing/BUILD @@ -599,8 +599,8 @@ cc_library( ":kmac_testutils", ":otp_ctrl_testutils", ":rstmgr_testutils", + "//hw/top:dt", "//hw/top:keymgr_dpe_c_regs", - "//hw/top_darjeeling/sw/autogen:top_darjeeling", "//sw/device/lib/arch:boot_stage", "//sw/device/lib/base:mmio", "//sw/device/lib/dif:keymgr_dpe", diff --git a/sw/device/lib/testing/keymgr_dpe_testutils.c b/sw/device/lib/testing/keymgr_dpe_testutils.c index 3152f07ae8a62..88737001a3deb 100644 --- a/sw/device/lib/testing/keymgr_dpe_testutils.c +++ b/sw/device/lib/testing/keymgr_dpe_testutils.c @@ -4,6 +4,9 @@ #include "sw/device/lib/testing/keymgr_dpe_testutils.h" +#include "dt/dt_keymgr_dpe.h" +#include "dt/dt_otp_ctrl.h" +#include "dt/dt_rstmgr.h" #include "sw/device/lib/dif/dif_keymgr_dpe.h" #include "sw/device/lib/dif/dif_otp_ctrl.h" #include "sw/device/lib/dif/dif_rstmgr.h" @@ -14,15 +17,12 @@ #include "sw/device/lib/testing/test_framework/check.h" #include "sw/device/silicon_creator/lib/base/chip.h" -#include "hw/top_darjeeling/sw/autogen/top_darjeeling.h" - status_t keymgr_dpe_testutils_startup(dif_keymgr_dpe_t *keymgr_dpe, uint32_t slot_dst_sel) { dif_rstmgr_t rstmgr; dif_rstmgr_reset_info_bitfield_t info; - TRY(dif_rstmgr_init( - mmio_region_from_addr(TOP_DARJEELING_RSTMGR_AON_BASE_ADDR), &rstmgr)); + TRY(dif_rstmgr_init_from_dt(kDtRstmgrAon, &rstmgr)); info = rstmgr_testutils_reason_get(); // POR reset. @@ -30,8 +30,7 @@ status_t keymgr_dpe_testutils_startup(dif_keymgr_dpe_t *keymgr_dpe, LOG_INFO( "Powered up for the first time, lock SECRET2 and SECRET3 partitions"); dif_otp_ctrl_t otp; - TRY(dif_otp_ctrl_init( - mmio_region_from_addr(TOP_DARJEELING_OTP_CTRL_CORE_BASE_ADDR), &otp)); + TRY(dif_otp_ctrl_init_from_dt(kDtOtpCtrl, &otp)); TRY(otp_ctrl_testutils_lock_partition(&otp, kDifOtpCtrlPartitionSecret2, 0)); TRY(otp_ctrl_testutils_lock_partition(&otp, kDifOtpCtrlPartitionSecret3, @@ -52,9 +51,7 @@ status_t keymgr_dpe_testutils_startup(dif_keymgr_dpe_t *keymgr_dpe, "Powered up for the second time, actuate keymgr_dpe and perform test."); // Initialize keymgr_dpe context. - TRY(dif_keymgr_dpe_init( - mmio_region_from_addr(TOP_DARJEELING_KEYMGR_DPE_BASE_ADDR), - keymgr_dpe)); + TRY(dif_keymgr_dpe_init_from_dt(kDtKeymgrDpe, keymgr_dpe)); // Advance to Initialized state. TRY(keymgr_dpe_testutils_check_state(keymgr_dpe, kDifKeymgrDpeStateReset)); From 6aafdaa9370111d5ac9f4e2e5069c2c6448e7047 Mon Sep 17 00:00:00 2001 From: James Wainwright Date: Thu, 20 Feb 2025 15:39:14 +0000 Subject: [PATCH 4/5] [keymgr_dpe] Port `key_derivation_test` to DT Signed-off-by: James Wainwright --- sw/device/tests/BUILD | 4 +--- sw/device/tests/keymgr_dpe_key_derivation_test.c | 8 ++------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/sw/device/tests/BUILD b/sw/device/tests/BUILD index 42b36656557c7..0a8a2f67dc1ce 100644 --- a/sw/device/tests/BUILD +++ b/sw/device/tests/BUILD @@ -7489,9 +7489,7 @@ opentitan_test( "//hw/top_darjeeling:sim_dv": None, }, deps = [ - "//hw/top:keymgr_dpe_c_regs", - "//hw/top:kmac_c_regs", - "//hw/top_darjeeling/sw/autogen:top_darjeeling", + "//hw/top:dt", "//sw/device/lib/arch:device", "//sw/device/lib/base:macros", "//sw/device/lib/dif:keymgr_dpe", diff --git a/sw/device/tests/keymgr_dpe_key_derivation_test.c b/sw/device/tests/keymgr_dpe_key_derivation_test.c index ffed6972c0f3f..03d084d1f795d 100644 --- a/sw/device/tests/keymgr_dpe_key_derivation_test.c +++ b/sw/device/tests/keymgr_dpe_key_derivation_test.c @@ -5,6 +5,7 @@ #include #include +#include "dt/dt_kmac.h" #include "sw/device/lib/arch/device.h" #include "sw/device/lib/base/macros.h" #include "sw/device/lib/dif/dif_keymgr_dpe.h" @@ -19,16 +20,11 @@ #include "sw/device/lib/testing/test_framework/check.h" #include "sw/device/lib/testing/test_framework/ottf_main.h" -#include "hw/top_darjeeling/sw/autogen/top_darjeeling.h" -#include "keymgr_dpe_regs.h" // Generated. -#include "kmac_regs.h" // Generated. - OTTF_DEFINE_TEST_CONFIG(); static void init_kmac_for_keymgr(void) { dif_kmac_t kmac; - CHECK_DIF_OK(dif_kmac_init( - mmio_region_from_addr(TOP_DARJEELING_KMAC_BASE_ADDR), &kmac)); + CHECK_DIF_OK(dif_kmac_init_from_dt(kDtKmac, &kmac)); // Configure KMAC hardware using software entropy. dif_kmac_config_t config = (dif_kmac_config_t){ From 5db622f77e14fdb07c9959c488dba11c57325457 Mon Sep 17 00:00:00 2001 From: James Wainwright Date: Thu, 20 Feb 2025 15:44:41 +0000 Subject: [PATCH 5/5] [keymgr_dpe] Remove redundant log from testutils Signed-off-by: James Wainwright --- sw/device/lib/testing/keymgr_dpe_testutils.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sw/device/lib/testing/keymgr_dpe_testutils.c b/sw/device/lib/testing/keymgr_dpe_testutils.c index 88737001a3deb..e9090760f8c69 100644 --- a/sw/device/lib/testing/keymgr_dpe_testutils.c +++ b/sw/device/lib/testing/keymgr_dpe_testutils.c @@ -105,7 +105,6 @@ status_t keymgr_dpe_testutils_wait_for_operation_done( do { TRY(dif_keymgr_dpe_get_status_codes(keymgr_dpe, &status)); } while (status == 0); - LOG_INFO("keymgr_dpe_status_code: 0x%x", status); TRY_CHECK(status == kDifKeymgrDpeStatusCodeIdle, "Unexpected status: %x", status); return OK_STATUS();