diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum index 6b4d5d9475..30edda047b 100644 --- a/FROZEN_IMAGES.sha384sum +++ b/FROZEN_IMAGES.sha384sum @@ -1,3 +1,3 @@ # WARNING: Do not update this file without the approval of the Caliptra TAC -91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3 caliptra-rom-no-log.bin -105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03 caliptra-rom-with-log.bin +e4a45236589f76070b0e6eb09995693a49579c4ca8949078f2f007c93e1e423a90e9fa719ac593df1d98174ab448502d caliptra-rom-no-log.bin +b5e10dcbc719846cb1e4b72857dcf1c25395de0ba7f297e3296eadd8893440e3d72e4f98f6167d327baeb6b2c7c9a1dc caliptra-rom-with-log.bin diff --git a/fmc/tests/fmc_integration_tests/test_rtalias.rs b/fmc/tests/fmc_integration_tests/test_rtalias.rs index a36abc35ab..fa209f71c0 100644 --- a/fmc/tests/fmc_integration_tests/test_rtalias.rs +++ b/fmc/tests/fmc_integration_tests/test_rtalias.rs @@ -91,7 +91,7 @@ fn test_fht_info() { let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - assert_eq!(fht.fmcalias_tbs_size, 786); + assert_eq!(fht.fmcalias_tbs_size, 771); assert_eq!(fht.ldevid_tbs_addr, 0x50003C00); assert_eq!(fht.fmcalias_tbs_addr, 0x50004000); assert_eq!(fht.pcr_log_addr, 0x50004800); diff --git a/rom/dev/build.rs b/rom/dev/build.rs index 3c51a3601e..30bc1d097b 100644 --- a/rom/dev/build.rs +++ b/rom/dev/build.rs @@ -86,10 +86,13 @@ fn main() { use x509_parser::signature_value::EcdsaSigValue; let ws_dir = workspace_dir(); - let ldev_file = std::fs::read( - ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"), - ) - .unwrap(); + let ldev_file_path = + ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"); + println!( + "cargo:rerun-if-changed={}", + ldev_file_path.to_str().unwrap() + ); + let ldev_file = std::fs::read(ldev_file_path).unwrap(); let mut parser = X509CertificateParser::new(); let (_, cert) = parser.parse(&ldev_file).unwrap(); diff --git a/rom/dev/src/flow/cold_reset/fmc_alias.rs b/rom/dev/src/flow/cold_reset/fmc_alias.rs index 6f0c59604d..f6e8d50ccf 100644 --- a/rom/dev/src/flow/cold_reset/fmc_alias.rs +++ b/rom/dev/src/flow/cold_reset/fmc_alias.rs @@ -252,6 +252,6 @@ impl FmcAliasLayer { flags |= dice::FLAG_BIT_DEBUG; } - flags.to_be_bytes() + flags.reverse_bits().to_be_bytes() } } diff --git a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs index e2cd0f096a..1e5c19df69 100644 --- a/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs +++ b/rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs @@ -743,7 +743,7 @@ fn test_fht_info() { let data = hw.mailbox_execute(0x1000_0003, &[]).unwrap().unwrap(); let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap(); assert_eq!(fht.ldevid_tbs_size, 552); - assert_eq!(fht.fmcalias_tbs_size, 786); + assert_eq!(fht.fmcalias_tbs_size, 771); assert_eq!(fht.ldevid_tbs_addr, LDEVID_TBS_ORG); assert_eq!(fht.fmcalias_tbs_addr, FMCALIAS_TBS_ORG); assert_eq!(fht.pcr_log_addr, PCR_LOG_ORG); diff --git a/rom/dev/tools/test-fmc/src/main.rs b/rom/dev/tools/test-fmc/src/main.rs index a75f87ee9b..55f1aca3ad 100644 --- a/rom/dev/tools/test-fmc/src/main.rs +++ b/rom/dev/tools/test-fmc/src/main.rs @@ -43,11 +43,11 @@ pub fn main() {} // Dummy RO data to max out FMC image size to 16K. // Note: Adjust this value to account for new changes in this FMC image. #[cfg(all(feature = "interactive_test_fmc", not(feature = "fake-fmc")))] -const PAD_LEN: usize = 4988; // TEST_FMC_INTERACTIVE +const PAD_LEN: usize = 4996; // TEST_FMC_INTERACTIVE #[cfg(all(feature = "fake-fmc", not(feature = "interactive_test_fmc")))] const PAD_LEN: usize = 5224; // FAKE_TEST_FMC_WITH_UART #[cfg(all(feature = "interactive_test_fmc", feature = "fake-fmc"))] -const PAD_LEN: usize = 5452; // FAKE_TEST_FMC_INTERACTIVE +const PAD_LEN: usize = 5460; // FAKE_TEST_FMC_INTERACTIVE #[cfg(not(any(feature = "interactive_test_fmc", feature = "fake-fmc")))] const PAD_LEN: usize = 0; diff --git a/runtime/src/dpe_platform.rs b/runtime/src/dpe_platform.rs index ab53d6122f..daeee3ad2d 100644 --- a/runtime/src/dpe_platform.rs +++ b/runtime/src/dpe_platform.rs @@ -108,7 +108,7 @@ impl Platform for DpePlatform<'_> { &mut self, out: &mut [u8; MAX_ISSUER_NAME_SIZE], ) -> Result { - const CALIPTRA_CN: &[u8] = b"Caliptra 1.0 Rt Alias"; + const CALIPTRA_CN: &[u8] = b"Caliptra 1.x Rt Alias"; let mut issuer_writer = CertWriter::new(out, true); // Caliptra RDN SerialNumber field is always a Sha256 hash diff --git a/test/src/x509.rs b/test/src/x509.rs index 6c5954223c..09ac3374f1 100644 --- a/test/src/x509.rs +++ b/test/src/x509.rs @@ -68,7 +68,10 @@ impl DiceTcbInfo { }) .transpose()? .unwrap_or_default(), - flags: d.read_optional_implicit_element(7)?, + flags: d + .read_optional_implicit_element::(7)? + .and_then(|b| b.as_bytes().try_into().ok()) + .map(u32::from_be_bytes), vendor_info: d .read_optional_implicit_element::<&[u8]>(8)? .map(|s| s.to_vec()), diff --git a/test/tests/caliptra_integration_tests/smoke_test.rs b/test/tests/caliptra_integration_tests/smoke_test.rs index 0376c1dcd5..6f23a71359 100644 --- a/test/tests/caliptra_integration_tests/smoke_test.rs +++ b/test/tests/caliptra_integration_tests/smoke_test.rs @@ -67,8 +67,8 @@ fn retrieve_csr_test() { let csr_txt = String::from_utf8(csr.to_text().unwrap()).unwrap(); // To update the CSR testdata: - // std::fs::write("tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap(); - // std::fs::write("tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap(); println!("csr: {}", csr_txt); @@ -215,8 +215,8 @@ fn smoke_test() { let ldev_cert_txt = String::from_utf8(ldev_cert.to_text().unwrap()).unwrap(); // To update the ldev cert testdata: - // std::fs::write("tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap(); - // std::fs::write("tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap(); + // std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap(); assert_eq!( ldev_cert_txt.as_str(), @@ -287,13 +287,13 @@ fn smoke_test() { digest: device_info_hash.to_vec(), },], - flags: Some(0x80000000), + flags: Some(0x00000001), ty: Some(b"DEVICE_INFO".to_vec()), ..Default::default() }, DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("FMC".into()), + vendor: None, + model: None, // This is from the SVN in the image (9) svn: Some(0x109), fwids: vec![DiceFwid { @@ -459,8 +459,8 @@ fn smoke_test() { assert_eq!( rt_dice_tcb_info, Some(DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("RT".into()), + vendor: None, + model: None, svn: Some(0x100), fwids: vec![DiceFwid { // RT @@ -609,8 +609,8 @@ fn smoke_test() { assert_eq!( rt_dice_tcb_info2, Some(DiceTcbInfo { - vendor: Some("Caliptra".into()), - model: Some("RT".into()), + vendor: None, + model: None, svn: Some(0x100), fwids: vec![DiceFwid { // FMC diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der index 84e7805d2c..232076c23d 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der and b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt index ef18969566..1cc851f9c6 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Issuer: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -30,7 +30,7 @@ Certificate: 2.23.133.5.4.4: 0.................... 2.23.133.5.4.5: - DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD X509v3 Subject Key Identifier: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 X509v3 Authority Key Identifier: diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der index 78cb24f88e..f5af843189 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der and b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt index 340d92ab9f..7831436342 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt @@ -1,7 +1,7 @@ Certificate Request: Data: Version: 1 (0x0) - Subject: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 + Subject: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -25,9 +25,9 @@ Certificate Request: 0.................... Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:64:02:30:7c:74:fd:28:ce:0f:f9:e9:da:ef:90:84:a5:af: - c0:42:d1:e2:08:84:67:d6:6a:e8:dc:46:cc:02:1d:80:da:37: - 50:91:ee:75:09:ed:15:55:0f:31:15:23:c9:bb:e6:e1:02:30: - 24:fd:1b:5b:47:cc:14:4a:66:a5:bb:e7:04:74:f0:21:36:37: - f4:9e:5d:cd:a1:42:bf:f6:82:5c:a1:f4:51:43:e2:97:fc:95: - ce:56:b1:67:e1:bf:e1:26:3a:ce:a1:f3 + 30:65:02:31:00:ed:8e:44:4e:3c:7f:6f:96:4a:5d:cb:e1:ea: + 08:a0:57:f5:d7:b5:6d:ce:72:9e:b8:8c:88:38:f6:50:35:90: + bd:6b:59:db:29:52:13:2e:fc:a8:b6:8d:8a:33:d3:2a:cf:02: + 30:6d:40:6a:1f:7c:9e:74:8f:28:dc:14:73:e0:96:92:d8:74: + fa:30:58:04:54:84:77:e9:52:3a:0d:63:fa:f3:1a:68:c3:88: + 07:50:a7:5d:6f:f7:a9:da:98:f7:8c:48:2a diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der index d7bee137f1..cafa027823 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der and b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt index 1c301b51c3..30930111d4 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 25:ee:ef:9a:4c:61:d4:b9:e3:d9:4b:ea:46:f9:a1:2a:c6:88:7c:e2 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 + Issuer: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 + Subject: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -35,9 +35,9 @@ Certificate: 42:4F:3A:C7:45:DD:BD:50:15:05:7F:5B:F8:3E:9C:D6:48:10:B0:41 Signature Algorithm: ecdsa-with-SHA384 Signature Value: - 30:66:02:31:00:9b:0e:19:91:81:f6:90:a7:43:34:60:d8:1d: - 69:c4:a5:63:52:a3:c8:93:cf:4c:11:be:e1:a1:8d:47:a6:b5: - 63:78:42:3f:8a:85:f2:34:b4:ab:5a:18:01:f6:e7:ff:92:02: - 31:00:e1:21:cf:21:fe:44:09:81:95:01:fd:29:ad:f5:29:a9: - 01:6a:2e:a3:15:bf:65:ab:2a:e5:82:7c:ef:f1:b8:59:bd:7e: - 60:cf:15:c7:2a:64:ea:cf:2b:7b:9b:ff:42:d3 + 30:65:02:30:27:24:23:0f:77:0a:b4:a9:95:dc:a1:96:e0:cd: + 5d:f9:29:08:eb:80:7d:74:55:05:7a:22:b9:62:08:96:a2:7a: + 08:21:3d:8a:c6:1f:3c:71:e0:8d:48:83:ab:9c:64:1a:02:31: + 00:ad:8a:98:ea:e7:33:13:bb:02:b6:12:fa:24:ef:ae:f4:5b: + 73:57:97:37:82:56:a8:e9:c8:b6:87:d9:2d:7d:43:bc:be:cd: + 82:d3:0f:85:5a:15:56:8e:a2:08:f9:ec:ce diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der index b9a2e8f33c..9e6aeef81d 100644 Binary files a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der and b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der differ diff --git a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt index fabcc6718f..52d55db979 100644 --- a/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt +++ b/test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt @@ -4,11 +4,11 @@ Certificate: Serial Number: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Issuer: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Dec 31 23:59:59 9999 GMT - Subject: CN=Caliptra 1.0 Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + Subject: CN=Caliptra 1.x Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) @@ -30,7 +30,7 @@ Certificate: 2.23.133.5.4.4: 0.................... 2.23.133.5.4.1: - DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD + DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD X509v3 Subject Key Identifier: 44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44 X509v3 Authority Key Identifier: diff --git a/x509/build/build.rs b/x509/build/build.rs index aa728c6eaa..dc116c3505 100644 --- a/x509/build/build.rs +++ b/x509/build/build.rs @@ -54,7 +54,7 @@ fn gen_init_devid_csr(out_dir: &str) { .add_basic_constraints_ext(true, 5) .add_key_usage_ext(usage) .add_ueid_ext(&[0xFF; 17]); - let template = bldr.tbs_template("Caliptra 1.0 IDevID"); + let template = bldr.tbs_template("Caliptra 1.x IDevID"); CodeGen::gen_code("InitDevIdCsrTbs", template, out_dir); } @@ -67,7 +67,7 @@ fn gen_local_devid_cert(out_dir: &str) { .add_basic_constraints_ext(true, 4) .add_key_usage_ext(usage) .add_ueid_ext(&[0xFF; 17]); - let template = bldr.tbs_template("Caliptra 1.0 LDevID", "Caliptra 1.0 IDevID"); + let template = bldr.tbs_template("Caliptra 1.x LDevID", "Caliptra 1.x IDevID"); CodeGen::gen_code("LocalDevIdCertTbs", template, out_dir); } @@ -98,7 +98,7 @@ fn gen_fmc_alias_cert(out_dir: &str) { }, }], ); - let template = bldr.tbs_template("Caliptra 1.0 FMC Alias", "Caliptra 1.0 LDevID"); + let template = bldr.tbs_template("Caliptra 1.x FMC Alias", "Caliptra 1.x LDevID"); CodeGen::gen_code("FmcAliasCertTbs", template, out_dir); } @@ -122,6 +122,6 @@ fn gen_rt_alias_cert(out_dir: &str) { digest: &[0xCD; 48], }, }]); - let template = bldr.tbs_template("Caliptra 1.0 Rt Alias", "Caliptra 1.0 FMC Alias"); + let template = bldr.tbs_template("Caliptra 1.x Rt Alias", "Caliptra 1.x FMC Alias"); CodeGen::gen_code("RtAliasCertTbs", template, out_dir); } diff --git a/x509/build/cert.rs b/x509/build/cert.rs index 966a6412bd..3ad2afd090 100644 --- a/x509/build/cert.rs +++ b/x509/build/cert.rs @@ -90,9 +90,11 @@ impl CertTemplateBuilder { device_fwids: &[FwidParam], fmc_fwids: &[FwidParam], ) -> Self { + // This method of finding the offsets is fragile. Especially for the 1 byte values. + // These may need to be updated to stay unique when the cert template is updated. let flags: u32 = 0xC0C1C2C3; let svn: u8 = 0xC4; - let svn_fuses: u8 = 0xC5; + let svn_fuses: u8 = 0xC6; self.exts .push(x509::make_fmc_dice_tcb_info_ext( diff --git a/x509/build/fmc_alias_cert_tbs.rs b/x509/build/fmc_alias_cert_tbs.rs index dfda357ba1..29a0d1e645 100644 --- a/x509/build/fmc_alias_cert_tbs.rs +++ b/x509/build/fmc_alias_cert_tbs.rs @@ -47,15 +47,15 @@ impl FmcAliasCertTbs { const SUBJECT_SN_OFFSET: usize = 232usize; const ISSUER_SN_OFFSET: usize = 86usize; const TCB_INFO_DEVICE_INFO_HASH_OFFSET: usize = 551usize; - const TCB_INFO_FMC_TCI_OFFSET: usize = 664usize; + const TCB_INFO_FMC_TCI_OFFSET: usize = 649usize; const SERIAL_NUMBER_OFFSET: usize = 11usize; - const SUBJECT_KEY_ID_OFFSET: usize = 733usize; - const AUTHORITY_KEY_ID_OFFSET: usize = 766usize; + const SUBJECT_KEY_ID_OFFSET: usize = 718usize; + const AUTHORITY_KEY_ID_OFFSET: usize = 751usize; const UEID_OFFSET: usize = 476usize; const NOT_BEFORE_OFFSET: usize = 154usize; const NOT_AFTER_OFFSET: usize = 171usize; const TCB_INFO_FLAGS_OFFSET: usize = 602usize; - const TCB_INFO_FMC_SVN_OFFSET: usize = 646usize; + const TCB_INFO_FMC_SVN_OFFSET: usize = 631usize; const TCB_INFO_FMC_SVN_FUSES_OFFSET: usize = 533usize; const PUBLIC_KEY_LEN: usize = 97usize; const SUBJECT_SN_LEN: usize = 64usize; @@ -71,42 +71,42 @@ impl FmcAliasCertTbs { const TCB_INFO_FLAGS_LEN: usize = 4usize; const TCB_INFO_FMC_SVN_LEN: usize = 1usize; const TCB_INFO_FMC_SVN_FUSES_LEN: usize = 1usize; - pub const TBS_TEMPLATE_LEN: usize = 786usize; + pub const TBS_TEMPLATE_LEN: usize = 771usize; const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ - 48u8, 130u8, 3u8, 14u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 130u8, 2u8, 255u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, 49u8, - 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, - 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, - 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, + 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, + 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, + 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, - 34u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, 4u8, - 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, - 48u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, - 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 34u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, + 4u8, 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, + 46u8, 120u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, + 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 118u8, 48u8, 16u8, - 6u8, 7u8, 42u8, 134u8, 72u8, 206u8, 61u8, 2u8, 1u8, 6u8, 5u8, 43u8, 129u8, 4u8, 0u8, 34u8, - 3u8, 98u8, 0u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 118u8, 48u8, + 16u8, 6u8, 7u8, 42u8, 134u8, 72u8, 206u8, 61u8, 2u8, 1u8, 6u8, 5u8, 43u8, 129u8, 4u8, 0u8, + 34u8, 3u8, 98u8, 0u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, 130u8, 1u8, 110u8, 48u8, - 130u8, 1u8, 106u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, 48u8, - 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 3u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, 1u8, - 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 4u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, 4u8, - 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 129u8, 226u8, 6u8, 6u8, 103u8, - 129u8, 5u8, 5u8, 4u8, 5u8, 4u8, 129u8, 215u8, 48u8, 129u8, 212u8, 48u8, 114u8, 128u8, 8u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, 130u8, 1u8, 95u8, + 48u8, 130u8, 1u8, 91u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, + 48u8, 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 3u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, + 1u8, 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 4u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, + 4u8, 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 129u8, 211u8, 6u8, 6u8, 103u8, + 129u8, 5u8, 5u8, 4u8, 5u8, 4u8, 129u8, 200u8, 48u8, 129u8, 197u8, 48u8, 114u8, 128u8, 8u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 129u8, 6u8, 68u8, 101u8, 118u8, 105u8, 99u8, 101u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -114,14 +114,13 @@ impl FmcAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 135u8, 5u8, 0u8, 95u8, 95u8, 95u8, 95u8, 137u8, 11u8, 68u8, 69u8, 86u8, 73u8, 67u8, 69u8, 95u8, 73u8, 78u8, 70u8, 79u8, - 138u8, 5u8, 0u8, 128u8, 0u8, 0u8, 11u8, 48u8, 94u8, 128u8, 8u8, 67u8, 97u8, 108u8, 105u8, - 112u8, 116u8, 114u8, 97u8, 129u8, 3u8, 70u8, 77u8, 67u8, 131u8, 2u8, 1u8, 95u8, 166u8, - 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, + 138u8, 5u8, 0u8, 208u8, 0u8, 0u8, 1u8, 48u8, 79u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, + 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 137u8, 8u8, 70u8, 77u8, 67u8, 95u8, 73u8, 78u8, 70u8, 79u8, 48u8, 29u8, - 6u8, 3u8, 85u8, 29u8, 14u8, 4u8, 22u8, 4u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, + 95u8, 95u8, 137u8, 8u8, 70u8, 77u8, 67u8, 95u8, 73u8, 78u8, 70u8, 79u8, 48u8, 29u8, 6u8, + 3u8, 85u8, 29u8, 14u8, 4u8, 22u8, 4u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 31u8, 6u8, 3u8, 85u8, 29u8, 35u8, 4u8, 24u8, 48u8, 22u8, 128u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -146,7 +145,7 @@ impl FmcAliasCertTbs { fn apply(&mut self, params: &FmcAliasCertTbsParams) { #[inline(always)] fn apply_slice( - buf: &mut [u8; 786usize], + buf: &mut [u8; 771usize], val: &[u8; LEN], ) { buf[OFFSET..OFFSET + LEN].copy_from_slice(val); diff --git a/x509/build/init_dev_id_csr_tbs.rs b/x509/build/init_dev_id_csr_tbs.rs index c989be7267..e4139c01ad 100644 --- a/x509/build/init_dev_id_csr_tbs.rs +++ b/x509/build/init_dev_id_csr_tbs.rs @@ -31,7 +31,7 @@ impl InitDevIdCsrTbs { const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ 48u8, 130u8, 1u8, 62u8, 2u8, 1u8, 0u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, - 46u8, 48u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, + 46u8, 120u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, diff --git a/x509/build/local_dev_id_cert_tbs.rs b/x509/build/local_dev_id_cert_tbs.rs index adb180a84c..b9b0fcdf77 100644 --- a/x509/build/local_dev_id_cert_tbs.rs +++ b/x509/build/local_dev_id_cert_tbs.rs @@ -57,7 +57,7 @@ impl LocalDevIdCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, - 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, + 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 73u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -67,7 +67,7 @@ impl LocalDevIdCertTbs { 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 105u8, 49u8, 28u8, 48u8, 26u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 19u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, - 48u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, + 120u8, 32u8, 76u8, 68u8, 101u8, 118u8, 73u8, 68u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, diff --git a/x509/build/rt_alias_cert_tbs.rs b/x509/build/rt_alias_cert_tbs.rs index 6d07b86bbc..0e2b75eb2d 100644 --- a/x509/build/rt_alias_cert_tbs.rs +++ b/x509/build/rt_alias_cert_tbs.rs @@ -40,14 +40,14 @@ impl RtAliasCertTbs { const PUBLIC_KEY_OFFSET: usize = 321usize; const SUBJECT_SN_OFFSET: usize = 234usize; const ISSUER_SN_OFFSET: usize = 89usize; - const TCB_INFO_RT_TCI_OFFSET: usize = 542usize; + const TCB_INFO_RT_TCI_OFFSET: usize = 528usize; const SERIAL_NUMBER_OFFSET: usize = 11usize; - const SUBJECT_KEY_ID_OFFSET: usize = 610usize; - const AUTHORITY_KEY_ID_OFFSET: usize = 643usize; + const SUBJECT_KEY_ID_OFFSET: usize = 596usize; + const AUTHORITY_KEY_ID_OFFSET: usize = 629usize; const UEID_OFFSET: usize = 476usize; const NOT_BEFORE_OFFSET: usize = 157usize; const NOT_AFTER_OFFSET: usize = 174usize; - const TCB_INFO_RT_SVN_OFFSET: usize = 524usize; + const TCB_INFO_RT_SVN_OFFSET: usize = 510usize; const PUBLIC_KEY_LEN: usize = 97usize; const SUBJECT_SN_LEN: usize = 64usize; const ISSUER_SN_LEN: usize = 64usize; @@ -59,13 +59,13 @@ impl RtAliasCertTbs { const NOT_BEFORE_LEN: usize = 15usize; const NOT_AFTER_LEN: usize = 15usize; const TCB_INFO_RT_SVN_LEN: usize = 1usize; - pub const TBS_TEMPLATE_LEN: usize = 663usize; + pub const TBS_TEMPLATE_LEN: usize = 649usize; const TBS_TEMPLATE: [u8; Self::TBS_TEMPLATE_LEN] = [ - 48u8, 130u8, 2u8, 147u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, + 48u8, 130u8, 2u8, 133u8, 160u8, 3u8, 2u8, 1u8, 2u8, 2u8, 20u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 10u8, 6u8, 8u8, 42u8, 134u8, 72u8, 206u8, 61u8, 4u8, 3u8, 3u8, 48u8, 108u8, 49u8, 31u8, 48u8, 29u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 22u8, 67u8, 97u8, 108u8, 105u8, - 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, + 112u8, 116u8, 114u8, 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 70u8, 77u8, 67u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -75,7 +75,7 @@ impl RtAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 24u8, 15u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 107u8, 49u8, 30u8, 48u8, 28u8, 6u8, 3u8, 85u8, 4u8, 3u8, 12u8, 21u8, 67u8, 97u8, 108u8, 105u8, 112u8, 116u8, 114u8, - 97u8, 32u8, 49u8, 46u8, 48u8, 32u8, 82u8, 116u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, + 97u8, 32u8, 49u8, 46u8, 120u8, 32u8, 82u8, 116u8, 32u8, 65u8, 108u8, 105u8, 97u8, 115u8, 49u8, 73u8, 48u8, 71u8, 6u8, 3u8, 85u8, 4u8, 5u8, 19u8, 64u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -89,13 +89,12 @@ impl RtAliasCertTbs { 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 163u8, - 129u8, 242u8, 48u8, 129u8, 239u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, + 129u8, 228u8, 48u8, 129u8, 225u8, 48u8, 18u8, 6u8, 3u8, 85u8, 29u8, 19u8, 1u8, 1u8, 255u8, 4u8, 8u8, 48u8, 6u8, 1u8, 1u8, 255u8, 2u8, 1u8, 2u8, 48u8, 14u8, 6u8, 3u8, 85u8, 29u8, 15u8, 1u8, 1u8, 255u8, 4u8, 4u8, 3u8, 2u8, 2u8, 132u8, 48u8, 31u8, 6u8, 6u8, 103u8, 129u8, 5u8, 5u8, 4u8, 4u8, 4u8, 21u8, 48u8, 19u8, 4u8, 17u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, - 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 104u8, 6u8, 6u8, - 103u8, 129u8, 5u8, 5u8, 4u8, 1u8, 4u8, 94u8, 48u8, 92u8, 128u8, 8u8, 67u8, 97u8, 108u8, - 105u8, 112u8, 116u8, 114u8, 97u8, 129u8, 2u8, 82u8, 84u8, 131u8, 2u8, 1u8, 95u8, 166u8, + 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 48u8, 90u8, 6u8, 6u8, + 103u8, 129u8, 5u8, 5u8, 4u8, 1u8, 4u8, 80u8, 48u8, 78u8, 131u8, 2u8, 1u8, 95u8, 166u8, 63u8, 48u8, 61u8, 6u8, 9u8, 96u8, 134u8, 72u8, 1u8, 101u8, 3u8, 4u8, 2u8, 2u8, 4u8, 48u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, 95u8, @@ -126,7 +125,7 @@ impl RtAliasCertTbs { fn apply(&mut self, params: &RtAliasCertTbsParams) { #[inline(always)] fn apply_slice( - buf: &mut [u8; 663usize], + buf: &mut [u8; 649usize], val: &[u8; LEN], ) { buf[OFFSET..OFFSET + LEN].copy_from_slice(val); diff --git a/x509/build/x509.rs b/x509/build/x509.rs index ba71ebdac1..9c2bbdea46 100644 --- a/x509/build/x509.rs +++ b/x509/build/x509.rs @@ -316,7 +316,7 @@ pub fn make_fmc_dice_tcb_info_ext( let wide_svn_fuses = fixed_width_svn(svn_fuses); let be_flags = flags.to_be_bytes(); - let be_flags_mask = FLAG_MASK.to_be_bytes(); + let be_flags_mask = FLAG_MASK.reverse_bits().to_be_bytes(); let device_asn1_fwids: Vec<&Fwid> = device_fwids.iter().map(|f| &f.fwid).collect(); let device_info = TcbInfo { @@ -335,8 +335,8 @@ pub fn make_fmc_dice_tcb_info_ext( let fmc_asn1_fwids: Vec<&Fwid> = fmc_fwids.iter().map(|f| &f.fwid).collect(); let fmc_info = TcbInfo { - vendor: Some(asn1::Utf8String::new("Caliptra")), - model: Some(asn1::Utf8String::new("FMC")), + vendor: None, + model: None, version: None, svn: Some(wide_svn.into()), layer: None, @@ -362,8 +362,8 @@ pub fn make_rt_dice_tcb_info_ext(svn: u8, fwids: &[FwidParam]) -> X509Extension let asn1_fwids: Vec<&Fwid> = fwids.iter().map(|f| &f.fwid).collect(); let rt_info = TcbInfo { - vendor: Some(asn1::Utf8String::new("Caliptra")), - model: Some(asn1::Utf8String::new("RT")), + vendor: None, + model: None, version: None, svn: Some(wide_svn.into()), layer: None, @@ -421,6 +421,16 @@ pub fn get_tbs(der: Vec) -> Vec { pub fn init_param(needle: &[u8], haystack: &[u8], param: TbsParam) -> TbsParam { assert_eq!(needle.len(), param.len); eprintln!("{}", param.name); + // Throw an error if there are multiple instances of our "needle" + // This could lead to incorrect offsets in the cert template + if haystack.windows(param.len).filter(|w| *w == needle).count() > 1 { + panic!( + "Multiple instances of needle '{}' with value\n\n{}\n\nin haystack\n\n{}", + param.name, + needle.encode_hex::(), + haystack.encode_hex::() + ); + } let pos = haystack.windows(param.len).position(|w| w == needle); match pos {