Merge branch 'main' into ArthurHeymans/Authorize_Stash_test

chipsalliance · Nov 13, 2024 · 0ba7364 · 0ba7364
2 parents 932d842 + adeff0c
commit 0ba7364
Show file tree

Hide file tree

Showing 99 changed files with 1,210 additions and 583 deletions.
diff --git a/.github/workflows/versioned-full-build-test.yml b/.github/workflows/versioned-full-build-test.yml
@@ -0,0 +1,59 @@
+name: Versioned Build Test
+
+on:
+  workflow_dispatch:
+    inputs:
+      hw-version:
+        default: "latest"
+        type: string
+      rom-ref:
+        default: "main"
+        type: string
+      firmware-version:
+        default: "main"
+        type: string
+
+  pull_request:
+    inputs:
+      todo-remove-before-merging:
+        default: ""
+        type: string
+      hw-version:
+        default: "latest"
+        type: string
+      rom-ref:
+        default: "main"
+        type: string
+      firmware-version:
+        default: "main"
+        type: string
+
+jobs:
+  fpga-full-suite-etrng-log:
+    name: FPGA Suite (etrng, log)
+
+  fpga-full-suite-etrng-nolog:
+    name: FPGA Suite (etrng, nolog)
+
+  fpga-full-suite-itrng-log:
+    name: FPGA Suite (itrng, log)
+
+  fpga-full-suite-itrng-nolog:
+    name: FPGA Suite (itrng, nolog)
+
+  sw-emulator-full-suite-etrng-log:
+    name: sw-emulator Suite (etrng, log)
+
+  sw-emulator-full-suite-etrng-nolog:
+    name: sw-emulator Suite (etrng, nolog)
+
+  sw-emulator-full-suite-itrng-log:
+    name: sw-emulator Suite (itrng, log)
+
+  sw-emulator-full-suite-itrng-nolog:
+    name: sw-emulator Suite (itrng, nolog)
+
+  build-release:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum
@@ -1,3 +1,3 @@
 # WARNING: Do not update this file without the approval of the Caliptra TAC
-91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3  caliptra-rom-no-log.bin
-105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03  caliptra-rom-with-log.bin
+133bf3969893178e041b61001d75bfb504be3b3676cac608a40877f1e4b46b4855f86c1859cfc3e22745327102fba4b0  caliptra-rom-no-log.bin
+44f5bbbc4b71d7f0926f85b7d81ef7e17f721557b38379b650497eb8dd19d0a74ab5a1e2177c7e99653a878d2daed3b3  caliptra-rom-with-log.bin
diff --git a/api/src/mailbox.rs b/api/src/mailbox.rs
@@ -51,6 +51,9 @@ impl CommandId {
 
     // The authorize and stash command.
     pub const AUTHORIZE_AND_STASH: Self = Self(0x4154_5348); // "ATSH"
+
+    // The get IDevID CSR command.
+    pub const GET_IDEV_CSR: Self = Self(0x4944_4352); // "IDCR"
 }
 
 impl From<u32> for CommandId {
@@ -151,6 +154,7 @@ pub enum MailboxResp {
     QuotePcrs(QuotePcrsResp),
     CertifyKeyExtended(CertifyKeyExtendedResp),
     AuthorizeAndStash(AuthorizeAndStashResp),
+    GetIdevIdCsr(GetIdevIdCsrResp),
 }
 
 impl MailboxResp {
@@ -171,6 +175,7 @@ impl MailboxResp {
             MailboxResp::QuotePcrs(resp) => Ok(resp.as_bytes()),
             MailboxResp::CertifyKeyExtended(resp) => Ok(resp.as_bytes()),
             MailboxResp::AuthorizeAndStash(resp) => Ok(resp.as_bytes()),
+            MailboxResp::GetIdevIdCsr(resp) => Ok(resp.as_bytes()),
         }
     }
 
@@ -191,6 +196,7 @@ impl MailboxResp {
             MailboxResp::QuotePcrs(resp) => Ok(resp.as_bytes_mut()),
             MailboxResp::CertifyKeyExtended(resp) => Ok(resp.as_bytes_mut()),
             MailboxResp::AuthorizeAndStash(resp) => Ok(resp.as_bytes_mut()),
+            MailboxResp::GetIdevIdCsr(resp) => Ok(resp.as_bytes_mut()),
         }
     }
 
@@ -458,6 +464,7 @@ pub struct GetIdevInfoResp {
 pub struct GetLdevCertReq {
     header: MailboxReqHeader,
 }
+
 impl Request for GetLdevCertReq {
     const ID: CommandId = CommandId::GET_LDEV_CERT;
     type Resp = GetLdevCertResp;
@@ -948,7 +955,7 @@ pub struct SetAuthManifestReq {
     pub manifest: [u8; SetAuthManifestReq::MAX_MAN_SIZE],
 }
 impl SetAuthManifestReq {
-    pub const MAX_MAN_SIZE: usize = 8192;
+    pub const MAX_MAN_SIZE: usize = 14 * 1024;
 
     pub fn as_bytes_partial(&self) -> CaliptraResult<&[u8]> {
         if self.manifest_size as usize > Self::MAX_MAN_SIZE {
@@ -976,6 +983,40 @@ impl Default for SetAuthManifestReq {
     }
 }
 
+// GET_IDEVID_CSR
+#[repr(C)]
+#[derive(Default, Debug, AsBytes, FromBytes, PartialEq, Eq)]
+pub struct GetIdevIdCsrReq {
+    pub hdr: MailboxReqHeader,
+}
+
+impl Request for GetIdevIdCsrReq {
+    const ID: CommandId = CommandId::GET_IDEV_CSR;
+    type Resp = GetIdevIdCsrResp;
+}
+
+#[repr(C)]
+#[derive(Debug, AsBytes, FromBytes, PartialEq, Eq)]
+pub struct GetIdevIdCsrResp {
+    pub hdr: MailboxRespHeader,
+    pub data_size: u32,
+    pub data: [u8; Self::DATA_MAX_SIZE],
+}
+impl GetIdevIdCsrResp {
+    pub const DATA_MAX_SIZE: usize = 512;
+}
+impl ResponseVarSize for GetIdevIdCsrResp {}
+
+impl Default for GetIdevIdCsrResp {
+    fn default() -> Self {
+        Self {
+            hdr: MailboxRespHeader::default(),
+            data_size: 0,
+            data: [0u8; Self::DATA_MAX_SIZE],
+        }
+    }
+}
+
 #[repr(u32)]
 #[derive(Debug, PartialEq, Eq)]
 pub enum ImageHashSource {

diff --git a/auth-manifest/app/src/config.rs b/auth-manifest/app/src/config.rs
@@ -38,7 +38,7 @@ pub(crate) struct AuthManifestKeyConfigFromFile {
 }
 
 #[derive(Serialize, Deserialize)]
-pub struct ImageMetadata {
+pub struct ImageMetadataConfigFromFile {
     digest: String,
     source: u32,
 }
@@ -54,7 +54,7 @@ pub(crate) struct AuthManifestConfigFromFile {
 
     pub owner_man_key_config: Option<AuthManifestKeyConfigFromFile>,
 
-    pub image_metadata_list: Vec<ImageMetadata>,
+    pub image_metadata_list: Vec<ImageMetadataConfigFromFile>,
 }
 
 /// Load Authorization Manifest Key Configuration from file
@@ -116,7 +116,7 @@ pub(crate) fn owner_config_from_file(
 }
 
 pub(crate) fn image_metadata_config_from_file(
-    config: &Vec<ImageMetadata>,
+    config: &Vec<ImageMetadataConfigFromFile>,
 ) -> anyhow::Result<Vec<AuthManifestImageMetadata>> {
     let mut image_metadata_list = Vec::new();
 

diff --git a/auth-manifest/gen/src/generator.rs b/auth-manifest/gen/src/generator.rs
@@ -47,9 +47,7 @@ impl<Crypto: ImageGeneratorCrypto> AuthManifestGenerator<Crypto> {
         let slice = config.image_metadata_list.as_slice();
         auth_manifest.image_metadata_col.image_metadata_list[..slice.len()].copy_from_slice(slice);
 
-        auth_manifest.image_metadata_col.header.entry_count =
-            config.image_metadata_list.len() as u32;
-        auth_manifest.image_metadata_col.header.revision = 0; // [TODO] Need to update this.
+        auth_manifest.image_metadata_col.entry_count = config.image_metadata_list.len() as u32;
 
         // Generate the preamble.
         auth_manifest.preamble.marker = AUTH_MANIFEST_MARKER;
@@ -118,7 +116,7 @@ impl<Crypto: ImageGeneratorCrypto> AuthManifestGenerator<Crypto> {
         // Sign the IMC with the vendor manifest public keys if indicated in the flags.
         if config
             .flags
-            .contains(AuthManifestFlags::VENDOR_SIGNATURE_REQURIED)
+            .contains(AuthManifestFlags::VENDOR_SIGNATURE_REQUIRED)
         {
             if let Some(vendor_man_priv_keys) = config.vendor_man_key_info.priv_keys {
                 let sig = self.crypto.ecdsa384_sign(

diff --git a/auth-manifest/types/src/lib.rs b/auth-manifest/types/src/lib.rs
@@ -23,12 +23,12 @@ use zerocopy::{AsBytes, FromBytes};
 use zeroize::Zeroize;
 
 pub const AUTH_MANIFEST_MARKER: u32 = 0x4154_4D4E;
-pub const AUTH_MANIFEST_IMAGE_METADATA_MAX_COUNT: usize = 16;
+pub const AUTH_MANIFEST_IMAGE_METADATA_MAX_COUNT: usize = 128;
 
 bitflags::bitflags! {
     #[derive(Default, Copy, Clone, Debug)]
     pub struct AuthManifestFlags : u32 {
-        const VENDOR_SIGNATURE_REQURIED = 0b1;
+        const VENDOR_SIGNATURE_REQUIRED = 0b1;
     }
 }
 
@@ -139,18 +139,6 @@ pub struct AuthManifestImageMetadata {
     pub image_source: u32,
 }
 
-/// Caliptra Authorization Manifest Image Metadata Collection Header
-#[repr(C)]
-#[derive(AsBytes, FromBytes, Clone, Copy, Debug, Zeroize, Default)]
-#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
-pub struct AuthManifestImageMetadataCollectionHeader {
-    pub revision: u32,
-
-    pub reserved: [u8; 12],
-
-    pub entry_count: u32,
-}
-
 impl Default for AuthManifestImageMetadata {
     fn default() -> Self {
         AuthManifestImageMetadata {
@@ -162,14 +150,24 @@ impl Default for AuthManifestImageMetadata {
 
 /// Caliptra Authorization Manifest Image Metadata Collection
 #[repr(C)]
-#[derive(AsBytes, FromBytes, Clone, Copy, Debug, Zeroize, Default)]
+#[derive(AsBytes, FromBytes, Clone, Copy, Debug, Zeroize)]
 #[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 pub struct AuthManifestImageMetadataCollection {
-    pub header: AuthManifestImageMetadataCollectionHeader,
+    pub entry_count: u32,
 
     pub image_metadata_list: [AuthManifestImageMetadata; AUTH_MANIFEST_IMAGE_METADATA_MAX_COUNT],
 }
 
+impl Default for AuthManifestImageMetadataCollection {
+    fn default() -> Self {
+        AuthManifestImageMetadataCollection {
+            entry_count: 0,
+            image_metadata_list: [AuthManifestImageMetadata::default();
+                AUTH_MANIFEST_IMAGE_METADATA_MAX_COUNT],
+        }
+    }
+}
+
 /// Caliptra Image Authorization Manifest
 #[repr(C)]
 #[derive(AsBytes, FromBytes, Clone, Copy, Debug, Zeroize, Default)]

diff --git a/cfi/derive/src/cfi_asm_test.rs b/cfi/derive/src/cfi_asm_test.rs
@@ -0,0 +1,78 @@
+// Licensed under the Apache-2.0 license
+
+// These tests are here so that they are excluded in FPGA tests.
+
+// These tests don't directly import the CFI code. If they fail,
+// this likely indicates that the CFI laundering code may not
+// be doing what we want, and we need to investigate.
+
+#[cfg(test)]
+mod test {
+
+    const START: &str = "
+#![no_std]
+
+pub fn add(mut a: u32, mut b: u32) -> u32 {
+    launder(a) + launder(a) + launder(b) + launder(b)
+}
+";
+
+    const LAUNDER: &str = "
+#[inline(always)]
+fn launder(mut val: u32) -> u32 {
+    // Safety: this is a no-op, since we don't modify the input.
+    unsafe {
+        core::arch::asm!(
+            \"/* {t} */\",
+            t = inout(reg) val,
+        );
+    }
+    val
+}";
+
+    const NO_LAUNDER: &str = "
+#[inline(always)]
+fn launder(mut val: u32) -> u32 {
+    val
+}
+";
+
+    fn compile_to_riscv32_asm(src: String) -> String {
+        let dir = std::env::temp_dir();
+        let src_path = dir.join("asm.rs");
+        let dst_path = dir.join("asm.s");
+
+        std::fs::write(src_path.clone(), src).expect("could not write asm file");
+
+        let p = std::process::Command::new("rustc")
+            .args([
+                "--crate-type=lib",
+                "--target",
+                "riscv32imc-unknown-none-elf",
+                "-C",
+                "opt-level=s",
+                "--emit",
+                "asm",
+                src_path.to_str().expect("could not convert path"),
+                "-o",
+                dst_path.to_str().expect("could not convert path"),
+            ])
+            .output()
+            .expect("failed to compile");
+        assert!(p.status.success());
+        std::fs::read_to_string(dst_path).expect("could not read asm file")
+    }
+
+    #[test]
+    fn test_launder() {
+        // With no laundering, LLVM can simplify the double add to a shift left.
+        let src = format!("{}{}", START, NO_LAUNDER);
+        let asm = compile_to_riscv32_asm(src);
+        assert!(asm.contains("sll"));
+
+        // With laundering, LLVM cannot simplify the double add and has to use the register twice.
+        let src = format!("{}{}", START, LAUNDER);
+        let asm = compile_to_riscv32_asm(src);
+        assert!(!asm.contains("sll"));
+    }
+}
diff --git a/cfi/derive/src/lib.rs b/cfi/derive/src/lib.rs
@@ -16,11 +16,14 @@ References:
 
 --*/
 
+mod cfi_asm_test;
+
 use proc_macro::TokenStream;
 use quote::{format_ident, quote, ToTokens};
 use syn::__private::TokenStream2;
 use syn::parse_macro_input;
 use syn::parse_quote;
+use syn::DeriveInput;
 use syn::FnArg;
 use syn::ItemFn;
 
@@ -94,3 +97,15 @@ fn cfi_fn(mod_fn: bool, input: TokenStream) -> TokenStream {
 
     code.into()
 }
+
+#[proc_macro_derive(Launder)]
+pub fn derive_launder_trait(input: TokenStream) -> TokenStream {
+    let input = parse_macro_input!(input as DeriveInput);
+    let name = input.ident;
+    let (impl_generics, ty_generics, _) = input.generics.split_for_impl();
+    let expanded = quote! {
+        impl #impl_generics caliptra_cfi_lib::LaunderTrait<#name #ty_generics> for caliptra_cfi_lib::Launder<#name #ty_generics> {}
+        impl #impl_generics caliptra_cfi_lib::LaunderTrait<&#name #ty_generics> for caliptra_cfi_lib::Launder<&#name #ty_generics> {}
+    };
+    TokenStream::from(expanded)
+}