[opentitanlib] Bring in manifest.rs from rom_ext_image_tools
Signed-off-by: Jon Flatley <jflat@google.com>
diff --git a/sw/host/opentitanlib/BUILD b/sw/host/opentitanlib/BUILD
index 1bc6469..cc4fe85 100644
--- a/sw/host/opentitanlib/BUILD
+++ b/sw/host/opentitanlib/BUILD
@@ -36,6 +36,7 @@
"src/otp/otp_img.rs",
"src/otp/otp_mmap.rs",
"src/otp/vmem_serialize.rs",
+ "src/signer/manifest.rs",
"src/spiflash/flash.rs",
"src/spiflash/mod.rs",
"src/spiflash/sfdp.rs",
@@ -92,6 +93,7 @@
"src/otp/testdata/otp_ctrl_img_dev.hjson",
"src/otp/testdata/otp_ctrl_mmap.hjson",
"src/otp/testdata/output.vmem",
+ "src/signer/testdata/manifest.hjson",
"src/util/testdata/hello.txt",
"src/util/testdata/world.txt",
],
diff --git a/sw/host/opentitanlib/Cargo.toml b/sw/host/opentitanlib/Cargo.toml
index 71dd937..e8d32de 100644
--- a/sw/host/opentitanlib/Cargo.toml
+++ b/sw/host/opentitanlib/Cargo.toml
@@ -30,6 +30,7 @@
# mundane as a dependency. To regenerate the bazel dependency rules via
# `cargo raze`, you'll have to temporarily comment out `mundane`.
mundane = "0.5.0"
+memoffset = "0.6.0"
num-bigint-dig = "0.7.0"
num-traits = "0.2.14"
sha2 = "0.10.1"
diff --git a/sw/host/opentitanlib/src/signer/manifest.rs b/sw/host/opentitanlib/src/signer/manifest.rs
new file mode 100644
index 0000000..af7de91
--- /dev/null
+++ b/sw/host/opentitanlib/src/signer/manifest.rs
@@ -0,0 +1,134 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+//! Structs for reading and writing manifests of flash boot stage images.
+//!
+//! Note: The structs below must match the definitions in
+//! sw/device/silicon_creator/lib/manifest.h.
+
+#![deny(warnings)]
+#![deny(unused)]
+#![deny(unsafe_code)]
+
+use std::mem::size_of;
+
+use memoffset::offset_of;
+use zerocopy::AsBytes;
+use zerocopy::FromBytes;
+
+// Currently, these definitions must be updated manually but they can be
+// generated using the following commands (requires bindgen):
+// cargo install bindgen
+// cd "${REPO_TOP}"
+// bindgen --allowlist-type manifest_t --allowlist-var "MANIFEST_.*" \
+// --no-doc-comments --no-layout-tests \
+// sw/device/silicon_creator/lib/manifest.h \
+// -- -I./ -Isw/device/lib/base/freestanding
+// TODO: Generate some constants as hex if possible, replacing manually for now.
+
+pub const MANIFEST_SIZE: u32 = 896;
+pub const MANIFEST_USAGE_CONSTRAINT_UNSELECTED_WORD_VAL: u32 = 0xa5a5a5a5;
+pub const MANIFEST_IDENTIFIER_ROM_EXT: u32 = 0x4552544f;
+pub const MANIFEST_IDENTIFIER_OWNER_STAGE: u32 = 0x4f53544f;
+pub const MANIFEST_LENGTH_FIELD_ROM_EXT_MIN: u32 = 896;
+pub const MANIFEST_LENGTH_FIELD_ROM_EXT_MAX: u32 = 0x10000;
+pub const MANIFEST_LENGTH_FIELD_OWNER_STAGE_MIN: u32 = 896;
+pub const MANIFEST_LENGTH_FIELD_OWNER_STAGE_MAX: u32 = 0x70000;
+
+/// Manifest for boot stage images stored in flash.
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug, Default)]
+pub struct Manifest {
+ pub signature: SigverifyRsaBuffer,
+ pub usage_constraints: ManifestUsageConstraints,
+ pub modulus: SigverifyRsaBuffer,
+ pub exponent: u32,
+ pub identifier: u32,
+ pub length: u32,
+ pub version_major: u32,
+ pub version_minor: u32,
+ pub security_version: u32,
+ pub timestamp: u64,
+ pub binding_value: KeymgrBindingValue,
+ pub max_key_version: u32,
+ pub code_start: u32,
+ pub code_end: u32,
+ pub entry_point: u32,
+}
+
+/// A type that holds 96 32-bit words for RSA-3072.
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug)]
+pub struct SigverifyRsaBuffer {
+ pub data: [u32; 96usize],
+}
+
+impl Default for SigverifyRsaBuffer {
+ fn default() -> Self {
+ Self { data: [0; 96usize] }
+ }
+}
+
+/// A type that holds the 256-bit device identifier.
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug, Default)]
+pub struct LifecycleDeviceId {
+ pub device_id: [u32; 8usize],
+}
+
+/// Manifest usage constraints.
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug)]
+pub struct ManifestUsageConstraints {
+ pub selector_bits: u32,
+ pub device_id: LifecycleDeviceId,
+ pub manuf_state_creator: u32,
+ pub manuf_state_owner: u32,
+ pub life_cycle_state: u32,
+}
+
+impl Default for ManifestUsageConstraints {
+ fn default() -> Self {
+ Self {
+ selector_bits: 0,
+ device_id: LifecycleDeviceId {
+ device_id: [MANIFEST_USAGE_CONSTRAINT_UNSELECTED_WORD_VAL;
+ 8usize],
+ },
+ manuf_state_creator: MANIFEST_USAGE_CONSTRAINT_UNSELECTED_WORD_VAL,
+ manuf_state_owner: MANIFEST_USAGE_CONSTRAINT_UNSELECTED_WORD_VAL,
+ life_cycle_state: MANIFEST_USAGE_CONSTRAINT_UNSELECTED_WORD_VAL,
+ }
+ }
+}
+
+#[repr(C)]
+#[derive(FromBytes, AsBytes, Debug, Default)]
+pub struct KeymgrBindingValue {
+ pub data: [u32; 8usize],
+}
+
+/// Checks the layout of the manifest struct.
+///
+/// Implemented as a function because using `offset_of!` at compile-time
+/// requires a nightly compiler.
+/// TODO(#6915): Convert this to a unit test after we start running rust tests during our builds.
+pub fn check_manifest_layout() {
+ assert_eq!(offset_of!(Manifest, signature), 0);
+ assert_eq!(offset_of!(Manifest, usage_constraints), 384);
+ assert_eq!(offset_of!(Manifest, modulus), 432);
+ assert_eq!(offset_of!(Manifest, exponent), 816);
+ assert_eq!(offset_of!(Manifest, identifier), 820);
+ assert_eq!(offset_of!(Manifest, length), 824);
+ assert_eq!(offset_of!(Manifest, version_major), 828);
+ assert_eq!(offset_of!(Manifest, version_minor), 832);
+ assert_eq!(offset_of!(Manifest, security_version), 836);
+ assert_eq!(offset_of!(Manifest, timestamp), 840);
+ assert_eq!(offset_of!(Manifest, binding_value), 848);
+ assert_eq!(offset_of!(Manifest, max_key_version), 880);
+ assert_eq!(offset_of!(Manifest, code_start), 884);
+ assert_eq!(offset_of!(Manifest, code_end), 888);
+ assert_eq!(offset_of!(Manifest, entry_point), 892);
+ assert_eq!(size_of::<Manifest>(), MANIFEST_SIZE as usize);
+}
diff --git a/sw/host/opentitanlib/src/signer/mod.rs b/sw/host/opentitanlib/src/signer/mod.rs
new file mode 100644
index 0000000..d40c6e5
--- /dev/null
+++ b/sw/host/opentitanlib/src/signer/mod.rs
@@ -0,0 +1,5 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+pub mod manifest;
diff --git a/third_party/cargo/crates.bzl b/third_party/cargo/crates.bzl
index fd2d98f..2dc021f 100644
--- a/third_party/cargo/crates.bzl
+++ b/third_party/cargo/crates.bzl
@@ -21,6 +21,7 @@
"humantime": "@raze__humantime__2_1_0//:humantime",
"lazy_static": "@raze__lazy_static__1_4_0//:lazy_static",
"log": "@raze__log__0_4_14//:log",
+ "memoffset": "@raze__memoffset__0_6_5//:memoffset",
"nix": "@raze__nix__0_17_0//:nix",
"num-bigint-dig": "@raze__num_bigint_dig__0_7_0//:num_bigint_dig",
"num-traits": "@raze__num_traits__0_2_14//:num_traits",
@@ -561,6 +562,16 @@
maybe(
http_archive,
+ name = "raze__goblin__0_0_24",
+ url = "https://crates.io/api/v1/crates/goblin/0.0.24/download",
+ type = "tar.gz",
+ sha256 = "e3fa261d919c1ae9d1e4533c4a2f99e10938603c4208d56c05bec7a872b661b0",
+ strip_prefix = "goblin-0.0.24",
+ build_file = Label("//third_party/cargo/remote:BUILD.goblin-0.0.24.bazel"),
+ )
+
+ maybe(
+ http_archive,
name = "raze__heck__0_3_3",
url = "https://crates.io/api/v1/crates/heck/0.3.3/download",
type = "tar.gz",
@@ -869,6 +880,16 @@
maybe(
http_archive,
+ name = "raze__plain__0_2_3",
+ url = "https://crates.io/api/v1/crates/plain/0.2.3/download",
+ type = "tar.gz",
+ sha256 = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6",
+ strip_prefix = "plain-0.2.3",
+ build_file = Label("//third_party/cargo/remote:BUILD.plain-0.2.3.bazel"),
+ )
+
+ maybe(
+ http_archive,
name = "raze__ppv_lite86__0_2_16",
url = "https://crates.io/api/v1/crates/ppv-lite86/0.2.16/download",
type = "tar.gz",
@@ -1064,6 +1085,26 @@
maybe(
http_archive,
+ name = "raze__scroll__0_9_2",
+ url = "https://crates.io/api/v1/crates/scroll/0.9.2/download",
+ type = "tar.gz",
+ sha256 = "2f84d114ef17fd144153d608fba7c446b0145d038985e7a8cc5d08bb0ce20383",
+ strip_prefix = "scroll-0.9.2",
+ build_file = Label("//third_party/cargo/remote:BUILD.scroll-0.9.2.bazel"),
+ )
+
+ maybe(
+ http_archive,
+ name = "raze__scroll_derive__0_9_5",
+ url = "https://crates.io/api/v1/crates/scroll_derive/0.9.5/download",
+ type = "tar.gz",
+ sha256 = "8f1aa96c45e7f5a91cb7fabe7b279f02fea7126239fc40b732316e8b6a2d0fcb",
+ strip_prefix = "scroll_derive-0.9.5",
+ build_file = Label("//third_party/cargo/remote:BUILD.scroll_derive-0.9.5.bazel"),
+ )
+
+ maybe(
+ http_archive,
name = "raze__semver__0_9_0",
url = "https://crates.io/api/v1/crates/semver/0.9.0/download",
type = "tar.gz",
diff --git a/third_party/cargo/remote/BUILD.goblin-0.0.24.bazel b/third_party/cargo/remote/BUILD.goblin-0.0.24.bazel
new file mode 100644
index 0000000..7cfc627
--- /dev/null
+++ b/third_party/cargo/remote/BUILD.goblin-0.0.24.bazel
@@ -0,0 +1,88 @@
+"""
+@generated
+cargo-raze crate build file.
+
+DO NOT EDIT! Replaced on runs of cargo-raze
+"""
+
+# buildifier: disable=load
+load("@bazel_skylib//lib:selects.bzl", "selects")
+
+# buildifier: disable=load
+load(
+ "@rules_rust//rust:defs.bzl",
+ "rust_binary",
+ "rust_library",
+ "rust_proc_macro",
+ "rust_test",
+)
+
+package(default_visibility = [
+ # Public for visibility by "@raze__crate__version//" targets.
+ #
+ # Prefer access through "//third_party/cargo", which limits external
+ # visibility to explicit Cargo.toml dependencies.
+ "//visibility:public",
+])
+
+licenses([
+ "notice", # MIT from expression "MIT"
+])
+
+# Generated Targets
+
+# Unsupported target "ar" with type "example" omitted
+
+# Unsupported target "automagic" with type "example" omitted
+
+# Unsupported target "dotnet_pe_analysis" with type "example" omitted
+
+# Unsupported target "dyldinfo" with type "example" omitted
+
+# Unsupported target "lipo" with type "example" omitted
+
+# Unsupported target "rdr" with type "example" omitted
+
+# Unsupported target "scroll" with type "example" omitted
+
+rust_library(
+ name = "goblin",
+ srcs = glob(["**/*.rs"]),
+ crate_features = [
+ "alloc",
+ "archive",
+ "default",
+ "elf32",
+ "elf64",
+ "endian_fd",
+ "log",
+ "mach32",
+ "mach64",
+ "pe32",
+ "pe64",
+ "std",
+ ],
+ crate_root = "src/lib.rs",
+ data = [],
+ edition = "2018",
+ rustc_flags = [
+ "--cap-lints=allow",
+ ],
+ tags = [
+ "cargo-raze",
+ "manual",
+ ],
+ version = "0.0.24",
+ # buildifier: leave-alone
+ deps = [
+ "@raze__log__0_4_14//:log",
+ "@raze__plain__0_2_3//:plain",
+ "@raze__scroll__0_9_2//:scroll",
+ ],
+)
+
+# Unsupported target "archive" with type "test" omitted
+
+# Unsupported target "compare_dyldinfos" with type "test" omitted
+
+# Unsupported target "macho" with type "test" omitted
diff --git a/third_party/cargo/remote/BUILD.plain-0.2.3.bazel b/third_party/cargo/remote/BUILD.plain-0.2.3.bazel
new file mode 100644
index 0000000..650a097
--- /dev/null
+++ b/third_party/cargo/remote/BUILD.plain-0.2.3.bazel
@@ -0,0 +1,53 @@
+"""
+@generated
+cargo-raze crate build file.
+
+DO NOT EDIT! Replaced on runs of cargo-raze
+"""
+
+# buildifier: disable=load
+load("@bazel_skylib//lib:selects.bzl", "selects")
+
+# buildifier: disable=load
+load(
+ "@rules_rust//rust:defs.bzl",
+ "rust_binary",
+ "rust_library",
+ "rust_proc_macro",
+ "rust_test",
+)
+
+package(default_visibility = [
+ # Public for visibility by "@raze__crate__version//" targets.
+ #
+ # Prefer access through "//third_party/cargo", which limits external
+ # visibility to explicit Cargo.toml dependencies.
+ "//visibility:public",
+])
+
+licenses([
+ "notice", # MIT from expression "MIT OR Apache-2.0"
+])
+
+# Generated Targets
+
+rust_library(
+ name = "plain",
+ srcs = glob(["**/*.rs"]),
+ crate_features = [
+ ],
+ crate_root = "src/lib.rs",
+ data = [],
+ edition = "2015",
+ rustc_flags = [
+ "--cap-lints=allow",
+ ],
+ tags = [
+ "cargo-raze",
+ "manual",
+ ],
+ version = "0.2.3",
+ # buildifier: leave-alone
+ deps = [
+ ],
+)
diff --git a/third_party/cargo/remote/BUILD.scroll-0.9.2.bazel b/third_party/cargo/remote/BUILD.scroll-0.9.2.bazel
new file mode 100644
index 0000000..a2f3823
--- /dev/null
+++ b/third_party/cargo/remote/BUILD.scroll-0.9.2.bazel
@@ -0,0 +1,101 @@
+"""
+@generated
+cargo-raze crate build file.
+
+DO NOT EDIT! Replaced on runs of cargo-raze
+"""
+
+# buildifier: disable=load
+load("@bazel_skylib//lib:selects.bzl", "selects")
+
+# buildifier: disable=load
+load(
+ "@rules_rust//rust:defs.bzl",
+ "rust_binary",
+ "rust_library",
+ "rust_proc_macro",
+ "rust_test",
+)
+
+package(default_visibility = [
+ # Public for visibility by "@raze__crate__version//" targets.
+ #
+ # Prefer access through "//third_party/cargo", which limits external
+ # visibility to explicit Cargo.toml dependencies.
+ "//visibility:public",
+])
+
+licenses([
+ "notice", # MIT from expression "MIT"
+])
+
+# Generated Targets
+# buildifier: disable=out-of-order-load
+# buildifier: disable=load-on-top
+load(
+ "@rules_rust//cargo:cargo_build_script.bzl",
+ "cargo_build_script",
+)
+
+cargo_build_script(
+ name = "scroll_build_script",
+ srcs = glob(["**/*.rs"]),
+ build_script_env = {
+ },
+ crate_features = [
+ "derive",
+ "scroll_derive",
+ "std",
+ ],
+ crate_root = "build.rs",
+ data = glob(["**"]),
+ edition = "2015",
+ rustc_flags = [
+ "--cap-lints=allow",
+ ],
+ tags = [
+ "cargo-raze",
+ "manual",
+ ],
+ version = "0.9.2",
+ visibility = ["//visibility:private"],
+ deps = [
+ "@raze__rustc_version__0_2_3//:rustc_version",
+ ],
+)
+
+# Unsupported target "bench" with type "bench" omitted
+
+# Unsupported target "data_ctx" with type "example" omitted
+
+rust_library(
+ name = "scroll",
+ srcs = glob(["**/*.rs"]),
+ crate_features = [
+ "derive",
+ "scroll_derive",
+ "std",
+ ],
+ crate_root = "src/lib.rs",
+ data = [],
+ edition = "2015",
+ proc_macro_deps = [
+ "@raze__scroll_derive__0_9_5//:scroll_derive",
+ ],
+ rustc_flags = [
+ "--cap-lints=allow",
+ ],
+ tags = [
+ "cargo-raze",
+ "manual",
+ ],
+ version = "0.9.2",
+ # buildifier: leave-alone
+ deps = [
+ ":scroll_build_script",
+ ],
+)
+
+# Unsupported target "api" with type "test" omitted
+
+# Unsupported target "readme" with type "test" omitted
diff --git a/third_party/cargo/remote/BUILD.scroll_derive-0.9.5.bazel b/third_party/cargo/remote/BUILD.scroll_derive-0.9.5.bazel
new file mode 100644
index 0000000..5b0720a
--- /dev/null
+++ b/third_party/cargo/remote/BUILD.scroll_derive-0.9.5.bazel
@@ -0,0 +1,60 @@
+"""
+@generated
+cargo-raze crate build file.
+
+DO NOT EDIT! Replaced on runs of cargo-raze
+"""
+
+# buildifier: disable=load
+load("@bazel_skylib//lib:selects.bzl", "selects")
+
+# buildifier: disable=load
+load(
+ "@rules_rust//rust:defs.bzl",
+ "rust_binary",
+ "rust_library",
+ "rust_proc_macro",
+ "rust_test",
+)
+
+package(default_visibility = [
+ # Public for visibility by "@raze__crate__version//" targets.
+ #
+ # Prefer access through "//third_party/cargo", which limits external
+ # visibility to explicit Cargo.toml dependencies.
+ "//visibility:public",
+])
+
+licenses([
+ "notice", # MIT from expression "MIT"
+])
+
+# Generated Targets
+
+# Unsupported target "main" with type "example" omitted
+
+rust_proc_macro(
+ name = "scroll_derive",
+ srcs = glob(["**/*.rs"]),
+ crate_features = [
+ ],
+ crate_root = "src/lib.rs",
+ data = [],
+ edition = "2015",
+ rustc_flags = [
+ "--cap-lints=allow",
+ ],
+ tags = [
+ "cargo-raze",
+ "manual",
+ ],
+ version = "0.9.5",
+ # buildifier: leave-alone
+ deps = [
+ "@raze__proc_macro2__0_4_30//:proc_macro2",
+ "@raze__quote__0_6_13//:quote",
+ "@raze__syn__0_15_44//:syn",
+ ],
+)
+
+# Unsupported target "tests" with type "test" omitted
