Skip to content

Commit 8c50a4f

Browse files
chengyu-linchengyu-lin
committed
caliptra: Support caliptra manifest verification
The Caliptra manifest tool always sign 127 metadata entries, even if some entries are unused. The number of metadata entries is hardcoded to 127. Signed-off-by: chengyu_lin <chengyu_lin@aspeedtech.com> Change-Id: I0085e1754b208b6b040483b8be82f88a63ab04d0
1 parent 9747105 commit 8c50a4f

2 files changed

Lines changed: 12 additions & 7 deletions

File tree

include/zephyr/drivers/cptra.h

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
#define CPTRA_ECDSA_SIG_LEN 96 /* ECDSA384 */
3232
#define CPTRA_ECDSA_SHA_LEN 48 /* SHA384 */
3333
#define CPTRA_MBOX_SZ 0x20000 /* 128KB */
34+
#define CPTRA_IMC_ENTRY_COUNT 127 /* Max IMC entry count */
3435

3536
/* Mailbox commands */
3637
enum cptra_mbox_cmd {
@@ -508,16 +509,18 @@ struct cptra_manifest_preamble {
508509
uint32_t metadata_owner_LMS_sig[405];
509510
};
510511

512+
struct cptra_manifest_ime {
513+
uint32_t fw_id;
514+
uint32_t flags;
515+
uint8_t digest[48]; /* SHA384 */
516+
};
517+
511518
struct cptra_set_auth_manifest_ia {
512519
uint32_t manifest_size;
513520

514521
struct cptra_manifest_preamble preamble;
515522
uint32_t metadata_entry_entry_count;
516-
struct {
517-
uint32_t fw_id;
518-
uint32_t flags;
519-
uint8_t digest[48];
520-
} metadata_entries[1];
523+
struct cptra_manifest_ime metadata_entries[CPTRA_IMC_ENTRY_COUNT];
521524
};
522525

523526
struct cptra_set_auth_manifest_oa {

samples/boards/ast2700_evb/demo/src/cptra_sample.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1607,7 +1607,9 @@ __attribute__((unused)) static void cptra_test_set_auth_manifest(void)
16071607
memset(&output, 0, sizeof(struct cptra_set_auth_manifest_oa));
16081608

16091609
/* Set input data */
1610-
input.manifest_size = sizeof(struct cptra_set_auth_manifest_ia) - 4;
1610+
input.manifest_size = sizeof(struct cptra_manifest_preamble) +
1611+
sizeof(uint32_t) +
1612+
sizeof(struct cptra_manifest_ime);
16111613
input.preamble.manifest_marker = CPTRA_MBCMD_SET_AUTH_MANIFEST;
16121614
input.preamble.preamble_size = sizeof(struct cptra_manifest_preamble);
16131615
input.preamble.manifest_version = 1;
@@ -1734,7 +1736,7 @@ __attribute__((unused)) static void cptra_test_set_auth_manifest(void)
17341736
LOG_DBG("Hashing metadata entries");
17351737
memset(hash, 0, sizeof(hash));
17361738
range = sizeof(input.metadata_entry_entry_count) +
1737-
sizeof(input.metadata_entries);
1739+
sizeof(input.metadata_entries[0]);
17381740
#if defined(CONFIG_MBEDTLS)
17391741
ret = mbedtls_sha512((const uint8_t *)&input.metadata_entry_entry_count, range,
17401742
hash, 1);

0 commit comments

Comments
 (0)