RT support for FMC Alias Csr

api/src/mailbox.rs

@@ -1042,6 +1042,17 @@ pub struct GetFmcAliasCsrResp {
     pub data_size: u32,
     pub data: [u8; Self::DATA_MAX_SIZE],
 }
+
+impl Default for GetFmcAliasCsrResp {
+    fn default() -> Self {
+        Self {
+            hdr: MailboxRespHeader::default(),
+            data_size: 0,
+            data: [0u8; Self::DATA_MAX_SIZE],
+        }
+    }
+}
+
 impl GetFmcAliasCsrResp {
     pub const DATA_MAX_SIZE: usize = 512;
 }

drivers/src/persistent.rs

@@ -21,6 +21,9 @@ use crate::{
     FirmwareHandoffTable,
 };
 
+#[cfg(feature = "fmc")]
+use crate::FmcAliasCsr;
+
 #[cfg(feature = "runtime")]
 use crate::pcr_reset::PcrResetCounter;
 
@@ -228,6 +231,12 @@ pub struct PersistentData {
 
     pub idevid_csr: IdevIdCsr,
     reserved10: [u8; memory_layout::IDEVID_CSR_SIZE as usize - size_of::<IdevIdCsr>()],
+
+    #[cfg(feature = "fmc")]
+    pub fmc_alias_csr: FmcAliasCsr,
+
+    #[cfg(feature = "fmc")]
+    reserved11: [u8; memory_layout::FMC_ALIAS_CSR_SIZE as usize - size_of::<FmcAliasCsr>()],
 }
 
 impl PersistentData {
@@ -260,10 +269,29 @@ impl PersistentData {
                 addr_of!((*P).idevid_csr) as u32,
                 memory_layout::IDEVID_CSR_ORG
             );
+
+            assert_eq!(
+                addr_of!((*P).idevid_csr) as u32,
+                memory_layout::IDEVID_CSR_ORG
+            );
+
+            #[cfg(not(feature = "fmc"))]
             assert_eq!(
                 P.add(1) as u32,
                 memory_layout::IDEVID_CSR_ORG + memory_layout::IDEVID_CSR_SIZE
             );
+
+            #[cfg(feature = "fmc")]
+            assert_eq!(
+                addr_of!((*P).fmc_alias_csr) as u32,
+                memory_layout::FMC_ALIAS_CSR_ORG
+            );
+
+            #[cfg(feature = "fmc")]
+            assert_eq!(
+                P.add(1) as u32,
+                memory_layout::FMC_ALIAS_CSR_ORG + memory_layout::FMC_ALIAS_CSR_SIZE
+            );
         }
     }
 }

error/src/lib.rs

@@ -448,6 +448,9 @@ impl CaliptraError {
     pub const RUNTIME_GET_IDEV_ID_UNSUPPORTED_ROM: CaliptraError =
         CaliptraError::new_const(0x000E0052);
 
+    pub const RUNTIME_GET_FMC_CSR_UNPROVISIONED: CaliptraError =
+        CaliptraError::new_const(0x000E0053);
+
     /// FMC Errors
     pub const FMC_GLOBAL_NMI: CaliptraError = CaliptraError::new_const(0x000F0001);
     pub const FMC_GLOBAL_EXCEPTION: CaliptraError = CaliptraError::new_const(0x000F0002);

runtime/src/get_fmc_alias_csr.rs

@@ -0,0 +1,51 @@
+// Licensed under the Apache-2.0 license
+
+use crate::Drivers;
+
+use caliptra_cfi_derive_git::cfi_impl_fn;
+use caliptra_cfi_lib_git::cfi_launder;
+
+use caliptra_common::{
+    cprintln,
+    mailbox_api::{GetFmcAliasCsrReq, GetFmcAliasCsrResp, MailboxResp, MailboxRespHeader},
+};
+use caliptra_error::{CaliptraError, CaliptraResult};
+
+use caliptra_drivers::{FmcAliasCsr, IdevIdCsr};
+
+use zerocopy::{AsBytes, FromBytes};
+
+pub struct GetFmcAliasCsrCmd;
+impl GetFmcAliasCsrCmd {
+    //   #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
+    #[inline(never)]
+    pub(crate) fn execute(drivers: &mut Drivers, cmd_args: &[u8]) -> CaliptraResult<MailboxResp> {
+        let csr_persistent_mem = &drivers.persistent_data.get().fmc_alias_csr;
+
+        match csr_persistent_mem.get_csr_len() {
+            FmcAliasCsr::UNPROVISIONED_CSR => Err(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED),
+            len => {
+                let mut resp = GetFmcAliasCsrResp {
+                    data_size: len,
+                    ..Default::default()
+                };
+
+                let csr = csr_persistent_mem
+                    .get()
+                    .ok_or(CaliptraError::RUNTIME_GET_FMC_CSR_UNPROVISIONED)?;
+
+                // NOTE: This code will not panic.
+                //
+                // csr is guranteed to be the same size as `len`, and therefore
+                // `resp.data_size` by the `FmcAliasCsr::get` API.
+                //
+                // A valid `IDevIDCsr` cannot be larger than `MAX_CSR_SIZE`, which is the max
+                // size of the buffer in `GetIdevCsrResp`
+                resp.data[..resp.data_size as usize].copy_from_slice(csr);
+
+                Ok(MailboxResp::GetFmcAliasCsr(resp))
+            }
+            _ => Err(CaliptraError::RUNTIME_INTERNAL),
+        }
+    }
+}

runtime/src/lib.rs

@@ -22,6 +22,7 @@ mod dpe_crypto;
 mod dpe_platform;
 mod drivers;
 pub mod fips;
+mod get_fmc_alias_csr;
 mod get_idev_csr;
 pub mod handoff;
 mod hmac;
@@ -58,6 +59,7 @@ pub use fips::FipsShutdownCmd;
 pub use fips::{fips_self_test_cmd, fips_self_test_cmd::SelfTestStatus};
 pub use populate_idev::PopulateIDevIdCertCmd;
 
+pub use get_fmc_alias_csr::GetFmcAliasCsrCmd;
 pub use get_idev_csr::GetIdevCsrCmd;
 pub use info::{FwInfoCmd, IDevIdInfoCmd};
 pub use invoke_dpe::InvokeDpeCmd;
@@ -225,6 +227,7 @@ fn handle_command(drivers: &mut Drivers) -> CaliptraResult<MboxStatusE> {
         CommandId::SET_AUTH_MANIFEST => SetAuthManifestCmd::execute(drivers, cmd_bytes),
         CommandId::AUTHORIZE_AND_STASH => AuthorizeAndStashCmd::execute(drivers, cmd_bytes),
         CommandId::GET_IDEV_CSR => GetIdevCsrCmd::execute(drivers, cmd_bytes),
+        CommandId::GET_FMC_ALIAS_CSR => GetFmcAliasCsrCmd::execute(drivers, cmd_bytes),
         _ => Err(CaliptraError::RUNTIME_UNIMPLEMENTED_COMMAND),
     }?;
 

runtime/tests/runtime_integration_tests/main.rs

@@ -8,6 +8,7 @@ mod test_certs;
 mod test_disable;
 mod test_ecdsa;
 mod test_fips;
+mod test_get_fmc_alias_csr;
 mod test_get_idev_csr;
 mod test_info;
 mod test_invoke_dpe;
@@ -22,4 +23,3 @@ mod test_stash_measurement;
 mod test_tagging;
 mod test_update_reset;
 mod test_warm_reset;
-mod test_get_fmc_alias_csr;

runtime/tests/runtime_integration_tests/test_get_fmc_alias_csr.rs

@@ -2,15 +2,14 @@
 
 use caliptra_api::SocManager;
 use caliptra_builder::{get_ci_rom_version, CiRomVersion};
-use caliptra_common::mailbox_api::{CommandId, GetIdevCsrResp, MailboxReqHeader};
-use caliptra_drivers::{IdevIdCsr, MfgFlags};
+use caliptra_common::mailbox_api::GetFmcAliasCsrResp;
+use caliptra_common::mailbox_api::{CommandId, MailboxReqHeader};
+use caliptra_drivers::FmcAliasCsr;
 use caliptra_error::CaliptraError;
 use caliptra_hw_model::{HwModel, ModelError};
 use caliptra_runtime::RtBootStatus;
 use openssl::x509::X509Req;
 use zerocopy::{AsBytes, FromBytes};
-use caliptra_common::mailbox_api::GetFmcAliasCsrResp;
-use caliptra_drivers::FmcAliasCsr;
 
 use crate::common::{run_rt_test, RuntimeTestArgs};
 
@@ -19,7 +18,10 @@ fn test_get_fmc_alias_csr() {
     let mut model = run_rt_test(RuntimeTestArgs::default());
 
     let payload = MailboxReqHeader {
-        chksum: caliptra_common::checksum::calc_checksum(u32::from(CommandId::GET_FMC_ALIAS_CSR), &[]),
+        chksum: caliptra_common::checksum::calc_checksum(
+            u32::from(CommandId::GET_FMC_ALIAS_CSR),
+            &[],
+        ),
     };
 
     let result = model.mailbox_execute(CommandId::GET_FMC_ALIAS_CSR.into(), payload.as_bytes());
@@ -28,7 +30,10 @@ fn test_get_fmc_alias_csr() {
 
     let get_fmc_alias_csr_resp = GetFmcAliasCsrResp::read_from(response.as_bytes()).unwrap();
 
-    assert_ne!(FmcAliasCsr::UNPROVISIONED_CSR, get_fmc_alias_csr_resp.data_size);
+    assert_ne!(
+        FmcAliasCsr::UNPROVISIONED_CSR,
+        get_fmc_alias_csr_resp.data_size
+    );
     assert_ne!(0, get_fmc_alias_csr_resp.data_size);
 
     let csr_bytes = &get_fmc_alias_csr_resp.data[..get_fmc_alias_csr_resp.data_size as usize];
@@ -37,7 +42,6 @@ fn test_get_fmc_alias_csr() {
     assert!(X509Req::from_der(csr_bytes).is_ok());
 }
 
-
 #[test]
 fn test_missing_csr() {
     let mut model = run_rt_test(RuntimeTestArgs::default());