Remove external AXI response support from invoke_dpe and certify_key_extended

The mailbox in 2.0 is large enough to support the full response, so
external AXI response via DMA is unnecessary complexity.

Author: parvathib

runtime/src/certify_key_extended.rs

@@ -16,13 +16,10 @@ use crate::{
     invoke_dpe::invoke_dpe_cmd, mutrefbytes, CaliptraDpeProfile, Drivers, PauserPrivileges,
 };
 use arrayvec::ArrayVec;
-use caliptra_api::mailbox::{
-    populate_checksum, CertifyKeyExtendedMldsa87Req, SUBSYSTEM_MAILBOX_SIZE_LIMIT,
-};
+use caliptra_api::mailbox::{CertifyKeyExtendedMldsa87Req, SUBSYSTEM_MAILBOX_SIZE_LIMIT};
 use caliptra_common::mailbox_api::{
     CertifyKeyExtendedEcc384Req, CertifyKeyExtendedFlags, CertifyKeyExtendedResp, MailboxRespHeader,
 };
-use caliptra_drivers::AxiAddr;
 use caliptra_error::{CaliptraError, CaliptraResult};
 use dpe::commands::{CertifyKeyMldsa87Cmd, CertifyKeyP384Cmd, Command};
 use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
@@ -54,83 +51,27 @@ impl CertifyKeyExtendedCmd {
     ) -> CaliptraResult<usize> {
         let cmd = CertifyKeyExtendedMldsa87Req::ref_from_bytes(cmd_args)
             .map_err(|_| CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?;
-        // External responses can only be done in subsystem mode
-        if cmd.flags.external_axi_response() && !drivers.soc_ifc.subsystem_mode() {
-            return Err(CaliptraError::RUNTIME_MAILBOX_INVALID_PARAMS);
-        }
 
         // Trim the response buffer to the correct size. If the response doesn't fit, it will fail
         // during DPE execution and not at the transport layer. This is especially important for DPE
         // handle rotation so the caller doesn't lose the handle.
         let mbox_resp = if drivers.soc_ifc.subsystem_mode() {
-            let len = if cmd.flags.external_axi_response() {
-                usize::min(mbox_resp.len(), cmd.axi_response.max_size as usize)
-            } else {
-                // The mailbox size is smaller when subsystem is enabled
-                usize::min(mbox_resp.len(), SUBSYSTEM_MAILBOX_SIZE_LIMIT)
-            };
+            // The mailbox size is smaller when subsystem is enabled
+            let len = usize::min(mbox_resp.len(), SUBSYSTEM_MAILBOX_SIZE_LIMIT);
             mbox_resp
                 .get_mut(..len)
                 .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?
         } else {
             mbox_resp
         };
 
-        let len = Self::execute(
+        Self::execute(
             drivers,
             CaliptraDpeProfile::Mldsa87,
             &cmd.flags,
             &cmd.certify_key_req,
             mbox_resp,
-        )?;
-
-        // We are done if the response is going over the mailbox
-        let respond_to_mailbox = !cmd.flags.external_axi_response();
-        if respond_to_mailbox {
-            return Ok(len);
-        }
-
-        // Populate the checksum so the full response can be checked at the destination
-        // Make sure there is at least enough space for the response header
-        let len = usize::max(len, size_of::<MailboxRespHeader>());
-        populate_checksum(
-            mbox_resp
-                .get_mut(..len)
-                .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?,
-        );
-
-        // Get the number of words to send by rounding up to nearest word
-        let num_words = len.next_multiple_of(4) / 4;
-        let len = num_words * 4;
-        if len > cmd.axi_response.max_size as usize {
-            return Err(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY);
-        }
-
-        // Get the buffer that will be sent over DMA. The DMA only supports sending words so we need
-        // to convert the response buffer to a &[u32].
-        let buffer = mbox_resp
-            .get(..len)
-            .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?;
-        let buffer: &[u32] =
-            FromBytes::ref_from_bytes(buffer).map_err(|_| CaliptraError::ADDRESS_MISALIGNED)?;
-
-        // Send the response over DMA to the specified AXI address
-        let axi_addr = AxiAddr {
-            lo: cmd.axi_response.addr_lo,
-            hi: cmd.axi_response.addr_hi,
-        };
-        for (i, word) in buffer.iter().enumerate() {
-            drivers.dma.write_dword(
-                AxiAddr {
-                    lo: axi_addr.lo + (i as u32 * 4),
-                    hi: axi_addr.hi,
-                },
-                *word,
-            );
-        }
-
-        // Response is sent over DMA instead of the mailbox, so return 0 length
-        Ok(0)
+        )
     }
 
     #[inline(never)]

runtime/src/invoke_dpe.rs

@@ -12,11 +12,11 @@ Abstract:
 
 --*/
 
-use crate::{ec_dpe_env, mldsa_dpe_env, AxiAddr, Drivers, PauserPrivileges};
+use crate::{ec_dpe_env, mldsa_dpe_env, Drivers, PauserPrivileges};
 use arrayvec::ArrayVec;
 use caliptra_api::mailbox::{
-    populate_checksum, AxiResponseInfo, InvokeDpeMldsa87Flags, InvokeDpeMldsa87Req,
-    MailboxReqHeader, MailboxRespHeader, SUBSYSTEM_MAILBOX_SIZE_LIMIT,
+    AxiResponseInfo, InvokeDpeMldsa87Flags, InvokeDpeMldsa87Req, MailboxReqHeader,
+    MailboxRespHeader, SUBSYSTEM_MAILBOX_SIZE_LIMIT,
 };
 use caliptra_cfi_derive_git::cfi_impl_fn;
 use caliptra_common::mailbox_api::{InvokeDpeReq, InvokeDpeResp};
@@ -95,78 +95,20 @@ impl InvokeDpeCmd {
             .get(..cmd.data_size as usize)
             .ok_or(CaliptraError::RUNTIME_MAILBOX_INVALID_PARAMS)?;
 
-        // External responses can only be done in subsystem mode
-        if cmd.flags.external_axi_response() && !drivers.soc_ifc.subsystem_mode() {
-            return Err(CaliptraError::RUNTIME_MAILBOX_INVALID_PARAMS);
-        }
-
         // Trim the response buffer to the correct size. If the response doesn't fit, it will fail
         // during DPE execution and not at the transport layer. This is especially important for DPE
         // handle rotation so the caller doesn't lose the handle.
         let mbox_resp = if drivers.soc_ifc.subsystem_mode() {
-            let len = if cmd.flags.external_axi_response() {
-                usize::min(mbox_resp.len(), cmd.axi_response.max_size as usize)
-            } else {
-                // The mailbox size is smaller when subsystem is enabled
-                usize::min(mbox_resp.len(), SUBSYSTEM_MAILBOX_SIZE_LIMIT)
-            };
+            // The mailbox size is smaller when subsystem is enabled
+            let len = usize::min(mbox_resp.len(), SUBSYSTEM_MAILBOX_SIZE_LIMIT);
             mbox_resp
                 .get_mut(..len)
                 .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?
         } else {
             mbox_resp
         };
 
-        // Execute the DPE command and get the length of the response that was written
-        let len = Self::execute(drivers, dpe_cmd_buf, mbox_resp, CaliptraDpeProfile::Mldsa87)?;
-
-        // We are done if the response is going over the mailbox
-        let respond_to_mailbox = !cmd.flags.external_axi_response();
-        if respond_to_mailbox {
-            return Ok(len);
-        }
-
-        // Populate the checksum so the full response can be checked at the destination
-        // Make sure there is at least enough space for the response header
-        let len = usize::max(len, size_of::<MailboxRespHeader>());
-        populate_checksum(
-            mbox_resp
-                .get_mut(..len)
-                .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?,
-        );
-
-        // Get the number of words to send by rounding up to nearest word
-        let num_words = len.next_multiple_of(4) / 4;
-        let len = num_words * 4;
-        if len > cmd.axi_response.max_size as usize {
-            return Err(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY);
-        }
-
-        // Get the buffer that will be sent over DMA. The DMA only supports sending words so we need
-        // to convert the response buffer to a &[u32].
-        let buffer = mbox_resp
-            .get(..len)
-            .ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?;
-        let buffer: &[u32] =
-            FromBytes::ref_from_bytes(buffer).map_err(|_| CaliptraError::ADDRESS_MISALIGNED)?;
-
-        // Send the response over DMA to the specified AXI address
-        let axi_addr = AxiAddr {
-            lo: cmd.axi_response.addr_lo,
-            hi: cmd.axi_response.addr_hi,
-        };
-        for (i, word) in buffer.iter().enumerate() {
-            drivers.dma.write_dword(
-                AxiAddr {
-                    lo: axi_addr.lo + (i as u32 * 4),
-                    hi: axi_addr.hi,
-                },
-                *word,
-            );
-        }
-
-        // Response is sent over DMA instead of the mailbox, so return 0 length
-        Ok(0)
+        Self::execute(drivers, dpe_cmd_buf, mbox_resp, CaliptraDpeProfile::Mldsa87)
     }
 
     #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]