Use env acc

chipsalliance · Feb 28, 2025 · 29dd5bc · 29dd5bc
1 parent 5be34b9
commit 29dd5bc
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 23 deletions.
diff --git a/common/src/verifier.rs b/common/src/verifier.rs
@@ -15,7 +15,6 @@ Abstract:
 use caliptra_drivers::*;
 use caliptra_image_types::*;
 use caliptra_image_verify::ImageVerificationEnv;
-use caliptra_registers::sha512_acc::Sha512AccCsr;
 use core::ops::Range;
 use zerocopy::{FromBytes, IntoBytes};
 
@@ -25,6 +24,7 @@ use caliptra_drivers::memory_layout::ICCM_RANGE;
 pub struct FirmwareImageVerificationEnv<'a, 'b> {
     pub sha256: &'a mut Sha256,
     pub sha2_512_384: &'a mut Sha2_512_384,
+    pub sha2_512_384_acc: &'a mut Sha2_512_384Acc,
     pub soc_ifc: &'a mut SocIfc,
     pub ecc384: &'a mut Ecc384,
     pub mldsa87: &'a mut Mldsa87,
@@ -66,10 +66,12 @@ impl ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'_, '_> {
         len: u32,
         digest_failure: CaliptraError,
     ) -> CaliptraResult<ImageDigest384> {
-        let mut sha_acc = unsafe { Sha2_512_384Acc::new(Sha512AccCsr::new()) };
         let mut digest = Array4x12::default();
 
-        if let Some(mut sha_acc_op) = sha_acc.try_start_operation(ShaAccLockState::NotAcquired)? {
+        if let Some(mut sha_acc_op) = self
+            .sha2_512_384_acc
+            .try_start_operation(ShaAccLockState::NotAcquired)?
+        {
             sha_acc_op
                 .digest_384(len, offset, false, &mut digest)
                 .map_err(|_| digest_failure)?;
@@ -86,10 +88,12 @@ impl ImageVerificationEnv for &mut FirmwareImageVerificationEnv<'_, '_> {
         len: u32,
         digest_failure: CaliptraError,
     ) -> CaliptraResult<ImageDigest512> {
-        let mut sha_acc = unsafe { Sha2_512_384Acc::new(Sha512AccCsr::new()) };
         let mut digest = Array4x16::default();
 
-        if let Some(mut sha_acc_op) = sha_acc.try_start_operation(ShaAccLockState::NotAcquired)? {
+        if let Some(mut sha_acc_op) = self
+            .sha2_512_384_acc
+            .try_start_operation(ShaAccLockState::NotAcquired)?
+        {
             sha_acc_op
                 .digest_512(len, offset, false, &mut digest)
                 .map_err(|_| digest_failure)?;

diff --git a/drivers/src/sha2_512_384acc.rs b/drivers/src/sha2_512_384acc.rs
@@ -1,3 +1,5 @@
+// Licensed under the Apache-2.0 license
+
 use crate::mailbox::MAX_MAILBOX_LEN;
 /*++
 

diff --git a/image/verify/src/verifier.rs b/image/verify/src/verifier.rs
@@ -696,27 +696,13 @@ impl<Env: ImageVerificationEnv> ImageVerifier<Env> {
 
         // Update vendor_digest_holder and owner_digest_holder with SHA512 digests if MLDSA validation i required.
         if let PqcKeyInfo::Mldsa(_, _) = info.vendor_pqc_info {
-            // vendor_digest_512 = self
-            //     .env
-            //     .sha512_digest(range.start, vendor_header_len as u32)
-            //     .map_err(|err| {
-            //         self.env.set_fw_extended_error(err.into());
-            //         CaliptraError::IMAGE_VERIFIER_ERR_HEADER_DIGEST_FAILURE
-            //     })?;
             vendor_digest_512 = self.env.sha512_acc_digest(
                 range.start,
                 vendor_header_len as u32,
                 CaliptraError::IMAGE_VERIFIER_ERR_HEADER_DIGEST_FAILURE,
             )?;
             vendor_digest_holder.digest_512 = Some(&vendor_digest_512);
 
-            // owner_digest_512 = self
-            //     .env
-            //     .sha512_digest(range.start, range.len() as u32)
-            //     .map_err(|err| {
-            //         self.env.set_fw_extended_error(err.into());
-            //         CaliptraError::IMAGE_VERIFIER_ERR_HEADER_DIGEST_FAILURE
-            //     })?;
             owner_digest_512 = self.env.sha512_acc_digest(
                 range.start,
                 range.len() as u32,

diff --git a/rom/dev/src/flow/cold_reset/fw_processor.rs b/rom/dev/src/flow/cold_reset/fw_processor.rs
@@ -120,6 +120,7 @@ impl FirmwareProcessor {
         let mut venv = FirmwareImageVerificationEnv {
             sha256: &mut env.sha256,
             sha2_512_384: &mut env.sha2_512_384,
+            sha2_512_384_acc: &mut env.sha2_512_384_acc,
             soc_ifc: &mut env.soc_ifc,
             ecc384: &mut env.ecc384,
             mldsa87: &mut env.mldsa87,
@@ -448,6 +449,7 @@ impl FirmwareProcessor {
         let venv = &mut FakeRomImageVerificationEnv {
             sha256: venv.sha256,
             sha2_512_384: venv.sha2_512_384,
+            sha2_512_384_acc: venv.sha2_512_384_acc,
             soc_ifc: venv.soc_ifc,
             data_vault: venv.data_vault,
             ecc384: venv.ecc384,

diff --git a/rom/dev/src/flow/fake.rs b/rom/dev/src/flow/fake.rs
@@ -248,6 +248,7 @@ pub fn copy_canned_fmc_alias_cert(env: &mut RomEnv) -> CaliptraResult<()> {
 pub(crate) struct FakeRomImageVerificationEnv<'a, 'b> {
     pub(crate) sha256: &'a mut Sha256,
     pub(crate) sha2_512_384: &'a mut Sha2_512_384,
+    pub(crate) sha2_512_384_acc: &'a mut Sha2_512_384Acc,
     pub(crate) soc_ifc: &'a mut SocIfc,
     pub(crate) data_vault: &'a DataVault,
     pub(crate) ecc384: &'a mut Ecc384,
@@ -287,10 +288,12 @@ impl ImageVerificationEnv for &mut FakeRomImageVerificationEnv<'_, '_> {
         len: u32,
         digest_failure: CaliptraError,
     ) -> CaliptraResult<ImageDigest384> {
-        let mut sha_acc = unsafe { Sha2_512_384Acc::new(Sha512AccCsr::new()) };
         let mut digest = Array4x12::default();
 
-        if let Some(mut sha_acc_op) = sha_acc.try_start_operation(ShaAccLockState::NotAcquired)? {
+        if let Some(mut sha_acc_op) = self
+            .sha2_512_384_acc
+            .try_start_operation(ShaAccLockState::NotAcquired)?
+        {
             sha_acc_op
                 .digest_384(len, offset, false, &mut digest)
                 .map_err(|_| digest_failure)?;
@@ -307,10 +310,12 @@ impl ImageVerificationEnv for &mut FakeRomImageVerificationEnv<'_, '_> {
         len: u32,
         digest_failure: CaliptraError,
     ) -> CaliptraResult<ImageDigest512> {
-        let mut sha_acc = unsafe { Sha2_512_384Acc::new(Sha512AccCsr::new()) };
         let mut digest = Array4x16::default();
 
-        if let Some(mut sha_acc_op) = sha_acc.try_start_operation(ShaAccLockState::NotAcquired)? {
+        if let Some(mut sha_acc_op) = self
+            .sha2_512_384_acc
+            .try_start_operation(ShaAccLockState::NotAcquired)?
+        {
             sha_acc_op
                 .digest_512(len, offset, false, &mut digest)
                 .map_err(|_| digest_failure)?;

diff --git a/rom/dev/src/flow/update_reset.rs b/rom/dev/src/flow/update_reset.rs
@@ -66,6 +66,7 @@ impl UpdateResetFlow {
             let mut venv = FirmwareImageVerificationEnv {
                 sha256: &mut env.sha256,
                 sha2_512_384: &mut env.sha2_512_384,
+                sha2_512_384_acc: &mut env.sha2_512_384_acc,
                 soc_ifc: &mut env.soc_ifc,
                 ecc384: &mut env.ecc384,
                 mldsa87: &mut env.mldsa87,
@@ -153,6 +154,7 @@ impl UpdateResetFlow {
         let env = &mut FakeRomImageVerificationEnv {
             sha256: env.sha256,
             sha2_512_384: env.sha2_512_384,
+            sha2_512_384_acc: env.sha2_512_384_acc,
             soc_ifc: env.soc_ifc,
             data_vault: env.data_vault,
             ecc384: env.ecc384,

diff --git a/runtime/src/fips.rs b/runtime/src/fips.rs
@@ -113,6 +113,7 @@ pub mod fips_self_test_cmd {
         let mut venv = FirmwareImageVerificationEnv {
             sha256: &mut env.sha256,
             sha2_512_384: &mut env.sha2_512_384,
+            sha2_512_384_acc: &mut env.sha2_512_384_acc,
             soc_ifc: &mut env.soc_ifc,
             ecc384: &mut env.ecc384,
             mldsa87: &mut env.mldsa87,