From ce4e673a261c6dab0a097180a4aa378afbc67c04 Mon Sep 17 00:00:00 2001 From: Sree Revoori Date: Tue, 13 Feb 2024 18:43:24 +0000 Subject: [PATCH] Finalize RT test coverage doc --- api/src/capabilities.rs | 5 ++- runtime/doc/test-coverage.md | 75 ++++++++++++++++++++++++------------ runtime/src/main.rs | 10 +---- 3 files changed, 56 insertions(+), 34 deletions(-) diff --git a/api/src/capabilities.rs b/api/src/capabilities.rs index db5bdf185c..391dc1759f 100644 --- a/api/src/capabilities.rs +++ b/api/src/capabilities.rs @@ -13,12 +13,13 @@ Abstract: --*/ bitflags::bitflags! { + /// First 64 bits are reserved for RT, next 32 bits are reserved for FMC, and final 32 bits are reserved for ROM #[derive(Default, Copy, Clone, Debug)] pub struct Capabilities : u128 { // Represents base capabilities present in Caliptra ROM v1.0 - const ROM_BASE = 0b0001; + const ROM_BASE = 0b1; // Represents base capabilities present in Caliptra Runtime v1.0 - const RT_BASE = 0b0001; + const RT_BASE = 0b1 << 64; } } diff --git a/runtime/doc/test-coverage.md b/runtime/doc/test-coverage.md index 9ff47f9a5d..90b5b3769a 100644 --- a/runtime/doc/test-coverage.md +++ b/runtime/doc/test-coverage.md @@ -11,6 +11,9 @@ Boots Caliptra from ROM -> FMC -> Runtime | **test_standard** | N/A Updates Caliptra with a new firmware image and tests that runtime boots | **test_update** | N/A Boots runtime using the Caliptra runtime test binary | **test_boot** | N/A Boots Caliptra and validates the firmware version | **test_fw_version** | N/A +Tests the persistent data layout on a RISC-V CPU with the runtime flag enabled| **test_persistent_data** | N/A +Checks that DPE contains the correct measurements upon booting runtime | **test_boot_tci_data** | N/A +Checks that measurements in the measurement log are added to DPE upon booting runtime | **test_measurement_in_measurement_log_added_to_dpe** | N/A

# **Certificate Tests** @@ -21,6 +24,7 @@ Checks that the get_idev_cert mailbox command fails if the tbs_size is greater t Validates the LDevId cert by checking that it is signed by the IDevId public key and verifies that it is a valid X.509 | **test_ldev_cert** | N/A Validates the FMC alias cert by checking that it is signed by the LDevId public key and verifies that it is a valid X.509 | **test_fmc_alias_cert** | N/A Validates the RT alias cert by checking that it is signed by the FMC alias public key and verifies that it is a valid X.509 | **test_rt_alias_cert** | N/A +Validates the DPE leaf cert by checking that it is signed by the RT alias public key and verifies that it is a valid X.509 | **test_dpe_leaf_cert** | N/A Validates the full certificate chain | **test_full_cert_chain** | N/A Checks if the owner and vendor cert validity dates are present in RT Alias cert | **test_rt_cert_with_custom_dates** | N/A @@ -28,13 +32,15 @@ Checks if the owner and vendor cert validity dates are present in RT Alias cert # **Disable Attestation Tests** Test Scenario| Test Name | Runtime Error Code ---|---|--- -Checks that the disable_attestation mailbox command succeeds | **test_disable_attestation_cmd** | N/A +Checks that the disable_attestation mailbox command succeeds and that attestation gets disabled | **test_disable_attestation_cmd** | N/A +Calls the disable_attestation mailbox command, triggers an update reset, and checks that attestation is still disabled | **test_attestation_disabled_flag_after_update_reset** | N/A

# **Stash Measurement Tests** Test Scenario| Test Name | Runtime Error Code ---|---|--- -Checks that the stash_measurement mailbox command succeeds | **test_stash_measurement** | N/A +Checks that the stash_measurement mailbox command succeeds and that measurements are added to DPE | **test_stash_measurement** | N/A +Test that PCR31 is extended with the measurement upon calling stash_measurement | **test_pcr31_extended_upon_stash_measurement** | N/A

# **Mailbox Tests** @@ -85,21 +91,31 @@ Calls the DPE command get_certificate_chain via the invoke_dpe mailbox command a Calls the DPE commands sign and certify_key via the invoke_dpe mailbox command and verifies the signature resulting from the sign command with the public key resulting from the certify_key command | **test_invoke_dpe_sign_and_certify_key_cmds** | N/A Calls the DPE command sign with the symmetric flag set via the invoke_dpe mailbox command and checks that the resulting HMAC value is non-zero | **test_invoke_dpe_symmetric_sign** | N/A Tests that failed DPE command populates mbox header with correct error code | **test_dpe_header_error_code** | N/A +Calls the DPE command certify_key with the CSR format via the invoke_dpe mailbox command and validates the fields of the CSR | **test_invoke_dpe_certify_key_csr** | N/A

# **PAUSER Privilege Level Tests** Test Scenario| Test Name | Runtime Error Code ---|---|--- -Checks the limit on the number of active DPE contexts belonging to PL0 by calling derive_child via the invoke_dpe mailbox command with the RETAINS_PARENT flag set | **test_pl0_derive_child_dpe_context_thresholds** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED -Checks the limit on the number of active DPE contexts belonging to PL1 by calling derive_child via the invoke_dpe mailbox command with the RETAINS_PARENT flag set | **test_pl1_derive_child_dpe_context_thresholds** | RUNTIME_PL1_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED +Checks the limit on the number of active DPE contexts belonging to PL0 by calling derive_context via the invoke_dpe mailbox command with the RETAINS_PARENT flag set | **test_pl0_derive_context_dpe_context_thresholds** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED +Checks the limit on the number of active DPE contexts belonging to PL1 by calling derive_context via the invoke_dpe mailbox command with the RETAINS_PARENT flag set | **test_pl1_derive_context_dpe_context_thresholds** | RUNTIME_PL1_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED Checks the limit on the number of active DPE contexts belonging to PL0 by calling initialize_context via the invoke_dpe mailbox command with the SIMULATION flag set | **test_pl0_init_ctx_dpe_context_thresholds** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED Checks the limit on the number of active DPE contexts belonging to PL1 by calling initialize_context via the invoke_dpe mailbox command with the SIMULATION flag set | **test_pl1_init_ctx_dpe_context_thresholds** | RUNTIME_PL1_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED Checks that PopulateIdevIdCert cannot be called from PL1 | **test_populate_idev_cannot_be_called_from_pl1** | RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL -Checks that InvokeDpe::DeriveChild cannot be called from PL1 if it attempts to change locality to P0 | **test_derive_child_cannot_be_called_from_pl1_if_changes_locality_to_pl0** | RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL +Checks that InvokeDpe::DeriveContext cannot be called from PL1 if it attempts to change locality to P0 | **test_derive_context_cannot_be_called_from_pl1_if_changes_locality_to_pl0** | RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL Checks that InvokeDpe::CertifyKey cannot be called from PL1 if it requests X509 | **test_certify_key_x509_cannot_be_called_from_pl1** | RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL Checks the limit on the number of active DPE contexts belonging to PL0 by calling the stash_measurement mailbox command | **test_stash_measurement_pl_context_thresholds** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED Checks the limit on the number of active DPE contexts belonging to PL0 by adding measurements to the measurement log | **test_measurement_log_pl_context_threshold** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED +

+# **PCR Tests** +Test Scenario| Test Name | Runtime Error Code +---|---|--- +Increments the PCR reset counter, calls the quote_pcr mailbox command, and verifies the response | **test_pcr_quote** | N/A +Calls the extend_pcr mailbox command on various PCRs and checks that the PCR values are updated correctly | **test_extend_pcr_cmd_multiple_extensions** | N/A +Checks that extending an invalid PCR index throws an error | **test_extend_pcr_cmd_invalid_pcr_index** | RUNTIME_PCR_INVALID_INDEX +Checks that extending a reserved PCR throws an error | **test_extend_pcr_cmd_reserved_range** | RUNTIME_PCR_RESERVED +

# **Tagging Tests** Test Scenario| Test Name | Runtime Error Code @@ -112,18 +128,35 @@ Attempts to tag an inactive context and verifies that it fails | **test_tagging_ Tags the default context, destroys the default context, and checks that the dpe_get_tagged_tci mailbox command fails on the default context | **test_tagging_destroyed_context** | RUNTIME_TAGGING_FAILURE Tags the default context, retires the default context, and checks that the dpe_get_tagged_tci mailbox command fails on the default context | **test_tagging_retired_context** | RUNTIME_TAGGING_FAILURE +

+# **Update Reset Tests** +Test Scenario| Test Name | Runtime Error Code +---|---|--- +Checks that the DPE root measurement is set to the RT_FW_JOURNEY_PCR upon update reset | **test_rt_journey_pcr_updated_in_dpe** | N/A +Checks that context tags are persisted across update resets | **test_tags_persistence** | N/A +Corrupts the context tags and checks that an error is thrown upon update reset | **test_context_tags_validation** | RUNTIME_CONTEXT_TAGS_VALIDATION_FAILED +Corrupts the shape of the DPE context tree and checks that an error is thrown upon update reset | **test_dpe_validation_deformed_structure** | RUNTIME_DPE_VALIDATION_FAILED +Corrupts DPE state and checks that an error is thrown upon update reset | **test_dpe_validation_illegal_state** | RUNTIME_DPE_VALIDATION_FAILED +Corrupts DPE by adding contexts past the threshold and checks that an error is thrown upon update reset | **test_dpe_validation_used_context_threshold_exceeded** | RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_EXCEEDED +Checks that the pcr reset counter is persisted across update resets | **test_pcr_reset_counter_persistence** | N/A + +

+# **Warm Reset Tests** +Test Scenario| Test Name | Runtime Error Code +---|---|--- +Corrupts the DPE root measurement, triggers a warm reset, and checks that RT journey PCR validation fails | **test_rt_journey_pcr_validation** | RUNTIME_RT_JOURNEY_PCR_VALIDATION_FAILED +Tests that there is a non-fatal error if runtime is executing a mailbox command during warm reset | **test_mbox_busy_during_warm_reset** | RUNTIME_CMD_BUSY_DURING_WARM_RESET +

# **DPE Verification Tests** These tests are implemented in Go and test end-to-end DPE attestation behavior. The DPE commands are called via a transport. -Test Scenario | Test Name | Go Error Code +Test Scenario | Test Name | DPE Error Code ---|---|--- Calls and tests behavior of the DPE command InitializeContext | **TestInitializeContext** | N/A Calls and tests behavior of the DPE command InitializeContext with simulation contexts | **TestInitializeSimulation** | N/A Calls the DPE command CertifyKey, verifies the structure of the resulting certificate by parsing and linting it, and checks that the desired extensions are present | **TestCertifyKey** | N/A Calls the DPE command CertifyKey with a simulation context handle, verifies the structure of the resulting certificate by parsing and linting it, and checks that the desired extensions are present | **TestCertifyKeySimulation** | N/A Calls the DPE command GetCertificateChain and verifies the structure of each certificate in the chain by parsing and linting them | **TestGetCertificateChain** | N/A -Calls the DPE command ExtendTci and verifies the resulting TCI | **TestExtendTCI** | N/A -Calls the DPE command ExtendTci with a derived child context and verifies the resulting TCI | **TestExtendTciOnDerivedContexts** | N/A Calls the DPE command GetProfile and verifies the DPE profile | **TestGetProfile** | N/A Checks whether an error is reported when non-existent handle is passed as input to DPE commands | **TestInvalidHandle** | StatusInvalidHandle Checks whether an error is reported when caller from one locality issues DPE commands in another locality | **TestWrongLocality** | StatusInvalidLocality @@ -134,6 +167,15 @@ Calls and tests behavior of the DPE command RotateContext with simulation contex Check whether the digital signature returned by Sign command can be verified using public key in signing key certificate returned by CertifyKey command | **TestAsymmetricSigning** | N/A Check that the Sign command fails on simulated contexts as simulation context do not allow signing | **TestSignSimulation** | StatusInvalidArgument Calls and tests behavior of the DPE command Sign with the Symmetric flag set | **TestSignSymmetric** | N/A +Tests using DPE to satisfy TPM PolicySigned | **TestTpmPolicySigning** | N/A +Calls and tests behavior of the DPE command DeriveContext | **TestDeriveContext** | N/A +Calls and tests behavior of the DPE command DeriveContext with the simulation flag | **TestDeriveContextSimulation** | N/A +Checks whether the number of derived contexts is limited by MAX_TCI_NODES attribute of the profile | **TestMaxTCIs** | StatusMaxTcis +Calls and tests behavior of the DPE command DeriveContext with the changes_locality flag | **TestChangeLocality** | N/A +Tests that commands trying to use features that are unsupported by child context fail | **TestPrivilegesEscalation** | StatusInvalidArgument +Calls and tests behavior of the DPE command DeriveContext with the internal_input_info and internal_input_dice flags | **TestInternalInputFlags** | N/A +Calls and tests behavior of the DPE command DeriveContext with the recursive flag | **TestDeriveContextRecursive** | N/A +Calls and tests behavior of the DPE command DeriveContext with the recursive flag on derived contexts | **TestDeriveContextRecursiveOnDerivedContexts** | N/A

# **Stress Tests** @@ -145,20 +187,5 @@ Run impactless update repeatedly for 500 times | **test_stress_update** | N/A # **Test Gaps** Test Scenario| Test Name | Runtime Error Code ---|---|--- -Test DPE structure validation upon update reset | N/A | N/A -Trigger warm reset and check that DPE structure is valid upon RT initialization | N/A | N/A -Verify the RT Journey PCR on a warm reset | N/A | N/A -Check that the RT Journey PCR was updated correctly on update reset | N/A | N/A -Check that attestation is disabled if mbox_busy during a warm reset | N/A | N/A -Check that measurements in the measurement log are added to DPE upon initializing drivers | N/A | N/A -Check that PCR31 is updated in StashMeasurement | N/A | N/A -Test GetIdevCert cmd fails if provided bad signature or tbs | N/A | N/A Add higher fidelity HMAC test that verifies correctness of HMAC tag based on UDS | N/A | N/A -Check that measurements are stored in DPE when StashMeasurement is called | N/A | N/A -Verify that DPE attestation flow fails after DisableAttestation is called | N/A | N/A -Check that mailbox valid pausers are measured into DPE upon RT startup | N/A | N/A -Check that the RT alias key is different from the key signing DPE certs | N/A | N/A -Test context tag validity upon warm/update reset | N/A | N/A -Check that the pcr extension for multiple data sets works as expected | test_extend_pcr_cmd_multiple_extensions | N/A -Check that accessing an invalid index is caught | test_extend_pcr_cmd_invalid_pcr_index | RUNTIME_PCR_INVALID_INDEX -Check that accessing reserved indices is caught | test_extend_pcr_cmd_reserved_range | RUNTIME_PCR_RESERVED +Triggers a CPU fault and checks that extended error info is populated correctly | N/A | RUNTIME_GLOBAL_EXCEPTION diff --git a/runtime/src/main.rs b/runtime/src/main.rs index 5fb9c3dfbb..c69aa1635c 100644 --- a/runtime/src/main.rs +++ b/runtime/src/main.rs @@ -57,14 +57,8 @@ pub extern "C" fn entry_point() -> ! { let mut drivers = unsafe { Drivers::new_from_registers().unwrap_or_else(|e| { - // treat global exception as a fatal error - match e { - CaliptraError::RUNTIME_GLOBAL_EXCEPTION => handle_fatal_error(e.into()), - _ => { - cprintln!("[rt] Runtime can't load drivers"); - handle_fatal_error(e.into()); - } - } + cprintln!("[rt] Runtime can't load drivers"); + handle_fatal_error(e.into()); }) }; caliptra_common::stop_wdt(&mut drivers.soc_ifc);