[sw/silicon_creator] Add a struct for key manager binding value
Signed-off-by: Alphan Ulusoy <alphan@google.com>
diff --git a/sw/device/silicon_creator/lib/drivers/keymgr.c b/sw/device/silicon_creator/lib/drivers/keymgr.c
index 2e64dae..86acfad 100644
--- a/sw/device/silicon_creator/lib/drivers/keymgr.c
+++ b/sw/device/silicon_creator/lib/drivers/keymgr.c
@@ -4,6 +4,7 @@
#include "sw/device/silicon_creator/lib/drivers/keymgr.h"
+#include "sw/device/lib/base/memory.h"
#include "sw/device/silicon_creator/lib/base/abs_mmio.h"
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
@@ -74,8 +75,8 @@
return kErrorOk;
}
-rom_error_t keymgr_state_advance_to_creator(const uint32_t binding_value[8],
- uint32_t max_key_ver) {
+rom_error_t keymgr_state_advance_to_creator(
+ const keymgr_binding_value_t *binding_value, uint32_t max_key_ver) {
RETURN_IF_ERROR(
check_expected_state(KEYMGR_WORKING_STATE_STATE_VALUE_INIT,
KEYMGR_OP_STATUS_STATUS_VALUE_DONE_SUCCESS));
@@ -83,10 +84,10 @@
// Write and lock (rw0c) the software binding value. This register is unlocked
// by hardware upon a successful state transition.
// FIXME: Consider using sec_mmio module for the following register writes.
- for (size_t i = 0; i < 8; ++i) {
+ for (size_t i = 0; i < ARRAYSIZE(binding_value->data); ++i) {
abs_mmio_write32(
kBase + KEYMGR_SW_BINDING_0_REG_OFFSET + i * sizeof(uint32_t),
- binding_value[i]);
+ binding_value->data[i]);
}
abs_mmio_write32(kBase + KEYMGR_SW_BINDING_REGWEN_REG_OFFSET, 0);
diff --git a/sw/device/silicon_creator/lib/drivers/keymgr.h b/sw/device/silicon_creator/lib/drivers/keymgr.h
index 5513012..15642cf 100644
--- a/sw/device/silicon_creator/lib/drivers/keymgr.h
+++ b/sw/device/silicon_creator/lib/drivers/keymgr.h
@@ -9,6 +9,7 @@
#include <stdint.h>
#include "sw/device/silicon_creator/lib/error.h"
+#include "sw/device/silicon_creator/lib/keymgr_binding_value.h"
#ifdef __cplusplus
extern "C" {
@@ -43,9 +44,8 @@
* manifest.
* @return The result of the operation.
*/
-// TODO: Switch binding_value to a wrapped struct parameter.
-rom_error_t keymgr_state_advance_to_creator(const uint32_t binding_value[8],
- uint32_t max_key_version);
+rom_error_t keymgr_state_advance_to_creator(
+ const keymgr_binding_value_t *binding_value, uint32_t max_key_version);
/**
* Checks the state of the key manager.
diff --git a/sw/device/silicon_creator/lib/drivers/keymgr_unittest.cc b/sw/device/silicon_creator/lib/drivers/keymgr_unittest.cc
index 03d5b95..3ec0e48 100644
--- a/sw/device/silicon_creator/lib/drivers/keymgr_unittest.cc
+++ b/sw/device/silicon_creator/lib/drivers/keymgr_unittest.cc
@@ -16,12 +16,10 @@
namespace keymgr_unittest {
namespace {
-using ::testing::ElementsAreArray;
-using ::testing::Test;
struct SwBindingCfg {
uint32_t max_key_ver;
- uint32_t sw_binding_value[8];
+ keymgr_binding_value_t binding_value;
};
class KeymgrTest : public mask_rom_test::MaskRomTest {
@@ -39,7 +37,7 @@
uint32_t base_ = TOP_EARLGREY_KEYMGR_BASE_ADDR;
SwBindingCfg cfg_ = {
.max_key_ver = 0xA5A5A5A5,
- .sw_binding_value = {0, 1, 2, 3, 4, 6, 7, 8},
+ .binding_value = {0, 1, 2, 3, 4, 6, 7, 8},
};
mask_rom_test::MockAbsMmio mmio_;
};
@@ -77,21 +75,21 @@
/*err_code=*/0u);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_0_REG_OFFSET,
- cfg_.sw_binding_value[0]);
+ cfg_.binding_value.data[0]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_1_REG_OFFSET,
- cfg_.sw_binding_value[1]);
+ cfg_.binding_value.data[1]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_2_REG_OFFSET,
- cfg_.sw_binding_value[2]);
+ cfg_.binding_value.data[2]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_3_REG_OFFSET,
- cfg_.sw_binding_value[3]);
+ cfg_.binding_value.data[3]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_4_REG_OFFSET,
- cfg_.sw_binding_value[4]);
+ cfg_.binding_value.data[4]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_5_REG_OFFSET,
- cfg_.sw_binding_value[5]);
+ cfg_.binding_value.data[5]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_6_REG_OFFSET,
- cfg_.sw_binding_value[6]);
+ cfg_.binding_value.data[6]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_7_REG_OFFSET,
- cfg_.sw_binding_value[7]);
+ cfg_.binding_value.data[7]);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_SW_BINDING_REGWEN_REG_OFFSET, 0);
EXPECT_ABS_WRITE32(mmio_, base_ + KEYMGR_MAX_CREATOR_KEY_VER_REG_OFFSET,
@@ -109,7 +107,7 @@
});
EXPECT_EQ(
- keymgr_state_advance_to_creator(cfg_.sw_binding_value, cfg_.max_key_ver),
+ keymgr_state_advance_to_creator(&cfg_.binding_value, cfg_.max_key_ver),
kErrorOk);
}
@@ -119,7 +117,7 @@
KEYMGR_WORKING_STATE_STATE_VALUE_RESET,
/*err_code=*/0u);
EXPECT_EQ(
- keymgr_state_advance_to_creator(cfg_.sw_binding_value, cfg_.max_key_ver),
+ keymgr_state_advance_to_creator(&cfg_.binding_value, cfg_.max_key_ver),
kErrorKeymgrInternal);
// Any non-idle status is expected to fail.
@@ -127,7 +125,7 @@
KEYMGR_WORKING_STATE_STATE_VALUE_INIT,
/*err_code=*/0u);
EXPECT_EQ(
- keymgr_state_advance_to_creator(cfg_.sw_binding_value, cfg_.max_key_ver),
+ keymgr_state_advance_to_creator(&cfg_.binding_value, cfg_.max_key_ver),
kErrorKeymgrInternal);
}
diff --git a/sw/device/silicon_creator/lib/keymgr_binding_value.h b/sw/device/silicon_creator/lib/keymgr_binding_value.h
new file mode 100644
index 0000000..cb017a7
--- /dev/null
+++ b/sw/device/silicon_creator/lib/keymgr_binding_value.h
@@ -0,0 +1,32 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_KEYMGR_BINDING_VALUE_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_KEYMGR_BINDING_VALUE_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+/**
+ * Binding value used by key manager to derive secret values.
+ *
+ * A change in this value changes the secret value of key manager, and
+ * consequently, the versioned keys and identity seeds generated at subsequent
+ * boot stages.
+ *
+ * Note: The size of this value is an implementation detail of the key manager
+ * hardware.
+ */
+typedef struct keymgr_binding_value {
+ uint32_t data[8];
+} keymgr_binding_value_t;
+
+#ifdef __cplusplus
+} // extern "C"
+#endif // __cplusplus
+
+#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_KEYMGR_BINDING_VALUE_H_
diff --git a/sw/device/silicon_creator/lib/manifest.h b/sw/device/silicon_creator/lib/manifest.h
index 842e2d4..dc3f60f 100644
--- a/sw/device/silicon_creator/lib/manifest.h
+++ b/sw/device/silicon_creator/lib/manifest.h
@@ -9,6 +9,7 @@
#include "sw/device/lib/base/macros.h"
#include "sw/device/silicon_creator/lib/error.h"
+#include "sw/device/silicon_creator/lib/keymgr_binding_value.h"
#include "sw/device/silicon_creator/lib/manifest_size.h"
// FIXME: Move sigverify to sw/device/silicon_creator/lib
#include "sw/device/silicon_creator/mask_rom/sig_verify_keys.h"
@@ -72,7 +73,7 @@
* consequently, the versioned keys and identity seeds generated at subsequent
* boot stages.
*/
- uint32_t binding_value[8];
+ keymgr_binding_value_t binding_value;
/**
* Maximum allowed version for keys generated at the next boot stage.
*/
diff --git a/sw/device/silicon_creator/mask_rom/mask_rom.c b/sw/device/silicon_creator/mask_rom/mask_rom.c
index 0b76c46..a05bed7 100644
--- a/sw/device/silicon_creator/mask_rom/mask_rom.c
+++ b/sw/device/silicon_creator/mask_rom/mask_rom.c
@@ -133,9 +133,9 @@
// the current ROM_EXT.
// TODO(#5955): Switch to manifest in C struct format update this code to
// use the sw binding and max key version fields from the manifest.
- uint32_t binding_value[8] = {0};
+ keymgr_binding_value_t binding_value = {0};
uint32_t max_key_version = 0x1;
- if (keymgr_state_advance_to_creator(binding_value, max_key_version) !=
+ if (keymgr_state_advance_to_creator(&binding_value, max_key_version) !=
kErrorOk) {
break;
}
diff --git a/sw/host/rom_ext_image_tools/signer/image/src/manifest.rs b/sw/host/rom_ext_image_tools/signer/image/src/manifest.rs
index faf8755..d569596 100644
--- a/sw/host/rom_ext_image_tools/signer/image/src/manifest.rs
+++ b/sw/host/rom_ext_image_tools/signer/image/src/manifest.rs
@@ -39,7 +39,7 @@
pub image_minor_version: u32,
pub image_timestamp: u64,
pub exponent: u32,
- pub binding_value: [u32; 8usize],
+ pub binding_value: KeymgrBindingValue,
pub max_key_version: u32,
pub modulus: SigverifyRsaBuffer,
}
@@ -57,6 +57,12 @@
}
}
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug, Default)]
+pub struct KeymgrBindingValue {
+ pub data: [u32; 8usize],
+}
+
/// Checks the layout of the manifest struct.
///
/// Implemented as a function because using `offset_of!` at compile-time
