[sw/silicon_creeator] Remove volatile qualifier from kManifest
This commit also adds a getter that returns a `const manifest_t *` to
enable compiler diagnostics.
Signed-off-by: Alphan Ulusoy <alphan@google.com>
diff --git a/sw/device/lib/testing/test_framework/BUILD b/sw/device/lib/testing/test_framework/BUILD
index 3eadcde..dd1e695 100644
--- a/sw/device/lib/testing/test_framework/BUILD
+++ b/sw/device/lib/testing/test_framework/BUILD
@@ -132,7 +132,7 @@
"//sw/device/lib/testing/test_rom:english_breakfast_test_rom_manifest",
],
# The manifest section should be populated anytime this is added as a
- # dependency, even if kManifest is not referenced by software.
+ # dependency, even if the manifest is not referenced by software.
alwayslink = True,
)
diff --git a/sw/device/silicon_creator/lib/BUILD b/sw/device/silicon_creator/lib/BUILD
index 440bf1a..f47813b 100644
--- a/sw/device/silicon_creator/lib/BUILD
+++ b/sw/device/silicon_creator/lib/BUILD
@@ -232,7 +232,7 @@
"//sw/device/lib/base:macros",
],
# The manifest section should be populated anytime this is added as a
- # dependency, even if kManifest is not referenced by software.
+ # dependency, even if the manifest is not referenced by software.
alwayslink = True,
)
diff --git a/sw/device/silicon_creator/lib/manifest_def.c b/sw/device/silicon_creator/lib/manifest_def.c
index 9cdfb4b..2c8e4ac 100644
--- a/sw/device/silicon_creator/lib/manifest_def.c
+++ b/sw/device/silicon_creator/lib/manifest_def.c
@@ -9,14 +9,24 @@
/*
* Declarations for the manifest fields populdated by the linker script.
*/
-extern const uint32_t _manifest_code_start[];
-extern const uint32_t _manifest_code_end[];
-extern const uint32_t _manifest_entry_point[];
+extern char _manifest_code_start[];
+extern char _manifest_code_end[];
+extern char _manifest_entry_point[];
-static_assert(sizeof(uint32_t) == sizeof(uintptr_t), "Pointer is not 32-bits.");
-
-const volatile manifest_t kManifest = {
+/**
+ * Manifest definition.
+ *
+ * Definition of the manifest that resides in the `.manifest` section. The
+ * initializer should explicitly specify the initial values of the members whose
+ * values are known a compilation time, such as `code_start`, `code_end`, and
+ * `entry_point`. The remaining fields will be updated in the binary by
+ * `opentitantool` (overriding the implicitly specified initial value of zero).
+ */
+OT_SECTION(".manifest")
+static manifest_t kManifest_ = {
.code_start = (uint32_t)_manifest_code_start,
.code_end = (uint32_t)_manifest_code_end,
.entry_point = (uint32_t)_manifest_entry_point,
};
+
+const manifest_t *manifest_def_get(void) { return &kManifest_; }
diff --git a/sw/device/silicon_creator/lib/manifest_def.h b/sw/device/silicon_creator/lib/manifest_def.h
index 420dfcb..a3cb1be 100644
--- a/sw/device/silicon_creator/lib/manifest_def.h
+++ b/sw/device/silicon_creator/lib/manifest_def.h
@@ -11,13 +11,8 @@
#include "sw/device/silicon_creator/lib/manifest.h"
/**
- * Manifest definition.
- *
- * Declaration of the manifest that resides in the .manifest section. This
- * should be defined with known values, such as `code_start`, `code_end`, and
- * `entry_point`, populated. The remaining fields will be updated in the binary
- * by the signer tool.
+ * Gets the manifest of the current boot stage.
*/
-extern const volatile manifest_t kManifest OT_SECTION(".manifest");
+const manifest_t *manifest_def_get(void);
#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_MANIFEST_DEF_H_
diff --git a/sw/device/silicon_creator/rom/e2e/rom_e2e_static_critical_test.c b/sw/device/silicon_creator/rom/e2e/rom_e2e_static_critical_test.c
index 9261252..1361adf 100644
--- a/sw/device/silicon_creator/rom/e2e/rom_e2e_static_critical_test.c
+++ b/sw/device/silicon_creator/rom/e2e/rom_e2e_static_critical_test.c
@@ -29,25 +29,21 @@
#addr_ " must be word aligned");
void boot_measurements_test(void) {
- CHECK(kManifest.usage_constraints.selector_bits == 0,
- "Selector bits must be 0");
- const volatile char *manifest_start = (const volatile char *)&kManifest;
- const char *manifest_end = (const char *)manifest_start + sizeof(manifest_t);
- const volatile char *signed_region_start =
- manifest_start + sizeof(sigverify_rsa_buffer_t);
- const char *signed_region_end =
- (const char *)manifest_start + kManifest.length;
- size_t manifest_signed_region_size = manifest_end - signed_region_start;
- size_t signed_region_size = signed_region_end - signed_region_start;
- dif_hmac_t hmac;
+ const manifest_t *manifest = manifest_def_get();
+ CHECK(manifest->usage_constraints.selector_bits == 0);
+ const char *signed_region_start =
+ (const char *)manifest + sizeof(sigverify_rsa_buffer_t);
+ const char *manifest_end = (const char *)manifest + sizeof(manifest_t);
+ const char *image_end = (const char *)manifest + manifest->length;
+ size_t signed_region_size = image_end - signed_region_start;
- CHECK_WORD_ALIGNED(manifest_start);
- CHECK_WORD_ALIGNED(manifest_end);
+ CHECK_WORD_ALIGNED(manifest);
CHECK_WORD_ALIGNED(signed_region_start);
- CHECK_WORD_ALIGNED(signed_region_end);
- CHECK_WORD_ALIGNED(manifest_signed_region_size);
+ CHECK_WORD_ALIGNED(manifest_end);
+ CHECK_WORD_ALIGNED(image_end);
CHECK_WORD_ALIGNED(signed_region_size);
+ dif_hmac_t hmac;
CHECK_DIF_OK(
dif_hmac_init(mmio_region_from_addr(TOP_EARLGREY_HMAC_BASE_ADDR), &hmac));
CHECK_DIF_OK(dif_hmac_mode_sha256_start(
@@ -55,22 +51,7 @@
.digest_endianness = kDifHmacEndiannessLittle,
.message_endianness = kDifHmacEndiannessLittle,
}));
-
- // Copy the part of the manifest that's in the signed region to
- // memory before pushing to hmac since it's volatile.
- // Note: this array is larger than `manifest_signed_region_size` since VLAs
- // are optional in C11.
- char manifest_signed_region[sizeof(manifest_t)];
- for (size_t i = 0; i < manifest_signed_region_size; ++i) {
- manifest_signed_region[i] =
- *((const volatile char *)signed_region_start + i);
- }
- hmac_testutils_push_message(&hmac, manifest_signed_region,
- manifest_signed_region_size);
- // Rest of the image
- hmac_testutils_push_message(&hmac, manifest_end,
- signed_region_size - manifest_signed_region_size);
-
+ hmac_testutils_push_message(&hmac, signed_region_start, signed_region_size);
CHECK_DIF_OK(dif_hmac_process(&hmac));
dif_hmac_digest_t act_digest;
hmac_testutils_finish_polled(&hmac, &act_digest);
