Add debug unlock procedures in rom #1851
Open
+928
−61
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ArthurHeymans
force-pushed
the
DebugUnlock
branch
2 times, most recently
from
9c26ad0 to
048ef3d
Compare
ArthurHeymans
requested review from
korran,
fdamato,
jlmahowa-amd,
mhatrevi,
jhand2,
swenson,
vsonims,
rusty1968,
bluegate010,
ajisaxena and
JohnTraverAmd
as code owners
ArthurHeymans
force-pushed
the
DebugUnlock
branch
3 times, most recently
from
967489e to
e863077
Compare
|
I left writing the unit test for production for some later time. I understood the emulator for the Dma engine wrong (it does not operate on the root bus) and it needs to have a completely separate 64bit bus for AXI. |
swenson
reviewed
Jan 2, 2025
| } | ||
|
|
||
| /// Trait for SHA-2 digest operations | ||
| pub trait Sha2DigestOpTrait<'a, V: Sha2Variant>: Sized { |
There was a problem hiding this comment.
I'm not 100% sure why we need this trait. Why not implement this method directly on the generic struct, and not have to boomerang back and forth through the OpTrait and the Op?
There was a problem hiding this comment.
update and finalize are very similar. Using a trait with generics reduced the amount of code a bit.
rom/dev/src/flow/debug_unlock.rs
Outdated
| } | ||
| } | ||
|
|
||
| fn handle_manufactoring(env: &mut RomEnv) -> CaliptraResult<()> { |
rom/dev/src/flow/debug_unlock.rs
Outdated
| digest_op.finalize(&mut request_digest)?; | ||
|
|
||
| // Verify that digest of keys match | ||
| if cfi_launder(request_digest) != fuse_digest { |
There was a problem hiding this comment.
It may not be strictly necessary to use constant-time equality for this digest, but I'd like to anyway.
ArthurHeymans
force-pushed
the
DebugUnlock
branch
from
e863077 to
3bac4c4
Compare
|
Please add PR description always |
ArthurHeymans
force-pushed
the
DebugUnlock
branch
from
3bac4c4 to
cfe728d
Compare
Done |
ArthurHeymans
force-pushed
the
DebugUnlock
branch
from
cfe728d to
2499a4f
Compare
Signed-off-by: Arthur Heymans <[email protected]>
Reading the production debug fuses needs this. Signed-off-by: Arthur Heymans <[email protected]>
Signed-off-by: Arthur Heymans <[email protected]>
This adds both the manufactoring and production debug unlock codepaths. There are a few details that need to be resolved in TODOs that are unclear from the documentation. Signed-off-by: Arthur Heymans <[email protected]>
Signed-off-by: Arthur Heymans <[email protected]>
ArthurHeymans
force-pushed
the
DebugUnlock
branch
from
2499a4f to
e9cd4c2
Compare
mhatrevi
changed the title
mhatrevi
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements the debug unlock flow for both manufactoring and production flows, according to "https://github.com/chipsalliance/caliptra-sw/blob/main-2.x/rom/dev/README.md"
This requires Sha512 ops so those are also added alongside Sha384.
TODO Production tests depend on DMA Axi rework #1878