Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 00d080ff45b6d42ff9e7694548b8c6dc2ed306d0
commit00d080ff45b6d42ff9e7694548b8c6dc2ed306d0[log] [tgz]
authorSam Elliott <selliott@lowrisc.org>Tue Aug 04 17:26:43 2020 +0100
committerSam Elliott <sam@lenary.co.uk>Thu Aug 06 10:56:51 2020 +0100
tree5b444737b88e680866a7a4f184f3160ea2b04524
parent6dd4e4a91fc52438ab9b07d01ce08a27bc64a49a [diff]
[mask rom] Describe Mask ROM Interface Structures

This PR describes the two main Mask ROM structures, which are also used
as interfaces with other parts of the Secure Boot process.

These structures are the Boot Policy structure, and the ROM_EXT manifest
structure.

This change settles some open questions:
- How do we protect the Boot Policy structure: We'll use a checksum.
- Can the Boot Policy choose different actions upon failing to parse a
  ROM_EXT manifest vs upon failing to authenticate the signature? No,
  the boot policy chooses the same action in both eventualities. These
  actions are coarse: either try the next ROM_EXT, or fail to boot. What
  these actions require the code to do may change depending on which
  step failed.
- How do we end up versioning the ROM_EXT manifest: The versioning only
  changes how the BL0 area is parsed, the rest of the manifest has to
  be static as it is accessed by the Mask ROM (which cannot be updated).
  The BL0 area is still signed, but the OT Mask ROM makes no
  requirements on what information it includes. The ROM_EXT manifest
  version is outside the BL0 area as it is one of the software binding
  properties.

This change introduces two new Open Questions:
- Do we allow ROM_EXT manifests to choose their own entry point, or is
  the entry-point a hard-coded offset within the image?
- Do we allow ROM_EXT manifests to set their own PMP region extents, or
  are these extents hard-coded too?

Signed-off-by: Sam Elliott <selliott@lowrisc.org>
1 file changed
tree: 5b444737b88e680866a7a4f184f3160ea2b04524
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. site/
  6. sw/
  7. test/
  8. util/
  9. .clang-format
  10. .dockerignore
  11. .flake8
  12. .gitignore
  13. .style.yapf
  14. _index.md
  15. apt-requirements.txt
  16. azure-pipelines.yml
  17. check_tool_requirements.core
  18. CLA
  19. COMMITTERS
  20. CONTRIBUTING.md
  21. LICENSE
  22. meson.build
  23. meson_init.sh
  24. meson_options.txt
  25. python-requirements.txt
  26. README.md
  27. tool_requirements.py
  28. toolchain.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at CONTRIBUTING for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).