Skip to content

Commit

Permalink
Merge branch 'main-2.x' into mtimkovich/subj_key
Browse files Browse the repository at this point in the history
  • Loading branch information
@mhatrevi
mhatrevi authored Jan 3, 2025
2 parents 75b6b18 + b79c7a9 commit 5d131a7
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 0 deletions.
3 changes: 3 additions & 0 deletions api/src/soc_mgr.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,9 @@ pub trait SocManager {
self.soc_ifc()
.fuse_lms_revocation()
.write(|_| fuses.fuse_lms_revocation);
self.soc_ifc()
.fuse_mldsa_revocation()
.write(|_| fuses.fuse_mldsa_revocation.into());
self.soc_ifc()
.fuse_soc_stepping_id()
.write(|w| w.soc_stepping_id(fuses.soc_stepping_id.into()));
Expand Down
1 change: 1 addition & 0 deletions hw-model/types/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ impl std::fmt::Debug for FusesWrapper {
)
.field("life_cycle", &self.0.life_cycle)
.field("fuse_lms_revocation", &self.0.fuse_lms_revocation)
.field("fuse_mldsa_revocation", &self.0.fuse_mldsa_revocation)
.field("soc_stepping_id", &self.0.soc_stepping_id)
.finish()
}
Expand Down
57 changes: 57 additions & 0 deletions rom/dev/tests/rom_integration_tests/test_image_validation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,63 @@ fn test_preamble_vendor_lms_pubkey_revocation() {
}
}

#[test]
fn test_preamble_vendor_mldsa_pubkey_revocation() {
let rom = caliptra_builder::build_firmware_rom(firmware::rom_from_env()).unwrap();
const LAST_KEY_IDX: u32 = VENDOR_MLDSA_MAX_KEY_COUNT - 1;

for idx in 0..VENDOR_MLDSA_MAX_KEY_COUNT {
let vendor_config = ImageGeneratorVendorConfig {
pqc_key_idx: idx,
..VENDOR_CONFIG_KEY_0
};

let image_options = ImageOptions {
vendor_config,
pqc_key_type: FwVerificationPqcKeyType::MLDSA,
..Default::default()
};

let key_idx = image_options.vendor_config.pqc_key_idx;

let fuses = caliptra_hw_model::Fuses {
fuse_mldsa_revocation: 1u32 << key_idx,
..Default::default()
};

let mut hw = caliptra_hw_model::new(
InitParams {
rom: &rom,
..Default::default()
},
BootParams {
fuses,
..Default::default()
},
)
.unwrap();

let image_bundle =
caliptra_builder::build_and_sign_image(&FMC_WITH_UART, &APP_WITH_UART, image_options)
.unwrap();

if key_idx == LAST_KEY_IDX {
// Last key is never revoked.
hw.upload_firmware(&image_bundle.to_bytes().unwrap())
.unwrap();
hw.step_until_boot_status(u32::from(ColdResetComplete), true);
} else {
assert_eq!(
ModelError::MailboxCmdFailed(
CaliptraError::IMAGE_VERIFIER_ERR_VENDOR_PQC_PUB_KEY_REVOKED.into()
),
hw.upload_firmware(&image_bundle.to_bytes().unwrap())
.unwrap_err()
);
}
}
}

#[test]
fn test_preamble_vendor_ecc_pubkey_out_of_bounds() {
let (mut hw, mut image_bundle) =
Expand Down
28 changes: 28 additions & 0 deletions test/tests/fips_test_suite/fw_load.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1113,6 +1113,34 @@ fn fw_load_error_vendor_lms_pub_key_revoked() {
);
}

#[test]
fn fw_load_error_vendor_mldsa_pub_key_revoked() {
let vendor_config = ImageGeneratorVendorConfig {
pqc_key_idx: 2,
..VENDOR_CONFIG_KEY_0
};
let image_options = ImageOptions {
vendor_config,
pqc_key_type: FwVerificationPqcKeyType::MLDSA,
..Default::default()
};

// Set fuses
let fuses = caliptra_hw_model::Fuses {
fuse_mldsa_revocation: 1u32 << image_options.vendor_config.pqc_key_idx,
..Default::default()
};

// Generate image
let fw_image = build_fw_image(image_options);

fw_load_error_flow(
Some(fw_image),
Some(fuses),
CaliptraError::IMAGE_VERIFIER_ERR_VENDOR_PQC_PUB_KEY_REVOKED.into(),
);
}

#[test]
fn fw_load_error_fmc_size_zero() {
// Generate image
Expand Down

0 comments on commit 5d131a7

Please sign in to comment.