Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 863c49c75e7e4358d6be9c38609f7ada35830083
commit863c49c75e7e4358d6be9c38609f7ada35830083[log] [tgz]
authorMiguel Osorio <miguelosorio@google.com>Thu Jun 09 11:53:11 2022 -0700
committermoidx <migue48@gmail.com>Thu Jun 16 16:30:21 2022 -0400
tree5a90ba6bfcde98eea78d4e7f199148e781150a99
parent89d481f1d745d410de26f2fd3bddef9a80403943 [diff]
[mask_rom] Add ROM_EXT measurement to the keymgr.

This commit adds an OTP config option (`ROM_KEYMGR_ROM_EXT_MEAS_EN`) to
the OTP owner partition. When this fuse is set to `kHardenedBoolTrue`,
the mask_rom will use the digest of the ROM_EXT to configure the key
manager attestation binding registers.

The ROM_EXT digest is also copied over to the static_critical data
section in case `ROM_KEYMGR_ROM_EXT_MEAS_EN` is set to
`kHardenedBoolFalse`, requiring the ROM_EXT to combine this value with
the next boot stage measurement.

See lowRISC/opentitan#7652 for more details.

Signed-off-by: Miguel Osorio <miguelosorio@google.com>
15 files changed
tree: 5a90ba6bfcde98eea78d4e7f199148e781150a99
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. rules/
  6. site/
  7. sw/
  8. third_party/
  9. util/
  10. .bazelignore
  11. .bazelrc
  12. .bazelversion
  13. .clang-format
  14. .dockerignore
  15. .flake8
  16. .gitattributes
  17. .gitignore
  18. .style.yapf
  19. .svlint.toml
  20. .svls.toml
  21. _index.md
  22. apt-requirements.txt
  23. azure-pipelines.yml
  24. bazelisk.sh
  25. BUILD.bazel
  26. check_tool_requirements.core
  27. CLA
  28. COMMITTERS
  29. CONTRIBUTING.md
  30. LICENSE
  31. python-requirements.txt
  32. README.md
  33. tool_requirements.py
  34. topgen-reg-only.core
  35. topgen.core
  36. WORKSPACE
  37. yum-requirements.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at [CONTRIBUTING]({{< relref “CONTRIBUTING.md” >}}) and our documentation on project organization and processes for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).