Skip FPGA ROM tests in nightly when testing with older ROMs (#2263)

- Adds rom feature to drivers to exclude hw-1.0 support
- Exclude FIPS tests for hw-1.0 that require building ROM with test hooks
- Fix some RT integration tests that call the wrong ROM builder function

Author: nquarton

.github/workflows/fpga.yml

@@ -170,8 +170,11 @@ jobs:
         run: |
           export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="aarch64-linux-gnu-gcc"
           export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS="-C link-arg=--sysroot=$FARGO_SYSROOT"
+          EXCLUDE_ARG=""
           if [ "${{ inputs.rom-version }}" != "latest" ]; then
             export CPTRA_CI_ROM_VERSION="${{ inputs.rom-version }}"
+            # Skip ROM tests when testing with older ROMs
+            EXCLUDE_ARG="--exclude caliptra-rom"
           fi
 
           if [ "${{ inputs.workflow_call }}" ]; then
@@ -183,6 +186,8 @@ jobs:
             FEATURES=$FEATURES,hw-${{ inputs.hw-version }}
           fi
           cargo nextest archive \
+            --workspace \
+            $EXCLUDE_ARG \
             --features=${FEATURES} \
             --release \
             --target=aarch64-unknown-linux-gnu \

drivers/Cargo.toml

@@ -29,6 +29,7 @@ caliptra-cfi-derive-git = { workspace = true, optional = true }
 
 [features]
 emu = []
+rom = []
 runtime = ["dep:dpe", "dep:caliptra-cfi-lib-git", "dep:caliptra-cfi-derive-git"]
 fmc = []
 fpga_realtime = ["caliptra-hw-model/fpga_realtime"]

drivers/src/hmac384.rs

@@ -176,7 +176,8 @@ impl Hmac384 {
 
         let rand_data = trng.generate()?;
 
-        #[cfg(any(feature = "fmc", feature = "runtime"))]
+        // Support HW 1.0 RTL (except for ROM)
+        #[cfg(not(feature = "rom"))]
         if crate::soc_ifc::is_hw_gen_1_0() {
             use crate::Array4x5;
             let iv: [u32; 5] = rand_data.0[..5].try_into().unwrap();

drivers/src/lms.rs

@@ -320,7 +320,8 @@ impl Lms {
     ) -> CaliptraResult<HashValue<N>> {
         let iteration_count = ((1u16 << params.w) - 1) as u8;
 
-        #[cfg(any(feature = "fmc", feature = "runtime"))]
+        // Support HW 1.0 RTL (except for ROM)
+        #[cfg(not(feature = "rom"))]
         if crate::soc_ifc::is_hw_gen_1_0() {
             // RTL 1.0 version (no HW acceleration)
             for j in coeff..iteration_count {

rom/dev/Cargo.toml

@@ -10,7 +10,7 @@ rust-version = "1.70"
 caliptra-cfi-lib = { workspace = true, default-features = false, features = ["cfi", "cfi-counter" ] }
 caliptra-cfi-derive.workspace = true
 caliptra_common = { workspace = true, default-features = false, features = ["rom"] }
-caliptra-drivers.workspace = true
+caliptra-drivers = { workspace = true, features = ["rom"] }
 caliptra-error = { workspace = true, default-features = false }
 caliptra-image-types = { workspace = true, default-features = false }
 caliptra-image-verify = { workspace = true, default-features = false }

runtime/tests/runtime_integration_tests/test_warm_reset.rs

@@ -2,7 +2,7 @@
 
 use caliptra_api::soc_mgr::SocManager;
 use caliptra_builder::{
-    firmware::{self, runtime_tests::MBOX, APP_WITH_UART, FMC_WITH_UART, ROM_WITH_UART},
+    firmware::{self, runtime_tests::MBOX, APP_WITH_UART, FMC_WITH_UART},
     ImageOptions,
 };
 use caliptra_error::CaliptraError;
@@ -29,7 +29,7 @@ fn test_rt_journey_pcr_validation() {
         .set_debug_locked(true)
         .set_device_lifecycle(DeviceLifecycle::Production);
 
-    let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_UART).unwrap();
+    let rom = caliptra_builder::rom_for_fw_integration_tests().unwrap();
     let image = caliptra_builder::build_and_sign_image(
         &FMC_WITH_UART,
         &firmware::runtime_tests::MBOX,
@@ -98,7 +98,7 @@ fn test_mbox_busy_during_warm_reset() {
         .set_debug_locked(true)
         .set_device_lifecycle(DeviceLifecycle::Production);
 
-    let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_UART).unwrap();
+    let rom = caliptra_builder::rom_for_fw_integration_tests().unwrap();
     let image = caliptra_builder::build_and_sign_image(
         &FMC_WITH_UART,
         &MBOX,
@@ -167,7 +167,7 @@ fn test_mbox_idle_during_warm_reset() {
         .set_debug_locked(true)
         .set_device_lifecycle(DeviceLifecycle::Production);
 
-    let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_UART).unwrap();
+    let rom = caliptra_builder::rom_for_fw_integration_tests().unwrap();
     let image = caliptra_builder::build_and_sign_image(
         &FMC_WITH_UART,
         &APP_WITH_UART,

test/tests/fips_test_suite/README.md

@@ -42,6 +42,8 @@ Support for additional environments can be done by creating new implementations/
 
 Certain tests require "hooks" into the ROM or FW to cause operation to deviate from the normal flow (ie. injecting errors or halting execution at specific points). This functionality is enabled using a build option called "fips-test-hooks". Then, the specific command codes are written and read from the DBG_MANUF_SERVICE_REG. The ROM/FW can respond back with a status code written to the same field if applicable. See command codes in drivers\src\fips_test_hooks.rs for more details.
 
+Note the ROM with test hooks can only be built for the current ROM within the same git commit. Because of this, the test suite cannot perform these tests against older versions of the HW since it cannot build the compatible ROM. To run those tests, execute the test suite from the same commit as the applicable ROM.
+
 Test hooks are needed to meet the following FIPS 140-3 test requirements:
     TE03.07.02
     TE03.07.04

test/tests/fips_test_suite/fw_load.rs

@@ -287,6 +287,7 @@ fn fw_load_error_vendor_pub_key_digest_invalid() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_vendor_pub_key_digest_failure() {
     // Set fuses
     let fuses = caliptra_hw_model::Fuses {
@@ -321,6 +322,7 @@ fn fw_load_error_vendor_pub_key_digest_mismatch() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_owner_pub_key_digest_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -386,6 +388,7 @@ fn fw_load_error_vendor_ecc_pub_key_revoked() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_header_digest_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -397,6 +400,7 @@ fn fw_load_error_header_digest_failure() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_vendor_ecc_verify_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -438,6 +442,7 @@ fn fw_load_error_vendor_ecc_pub_key_index_mismatch() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_owner_ecc_verify_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -478,6 +483,7 @@ fn fw_load_error_toc_entry_count_invalid() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_toc_digest_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -504,6 +510,7 @@ fn fw_load_error_toc_digest_mismatch() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_fmc_digest_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -529,6 +536,7 @@ fn fw_load_error_fmc_digest_mismatch() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_runtime_digest_failure() {
     fw_load_error_flow_with_test_hooks(
         None,
@@ -1003,6 +1011,7 @@ fn fw_load_error_vendor_lms_pub_key_index_mismatch() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_vendor_lms_verify_failure() {
     // Turn LMS verify on
     let fuses = caliptra_hw_model::Fuses {
@@ -1077,6 +1086,7 @@ fn fw_load_error_fmc_runtime_load_addr_overlap() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 fn fw_load_error_owner_lms_verify_failure() {
     // Turn LMS verify on
     let fuses = caliptra_hw_model::Fuses {

test/tests/fips_test_suite/security_parameters.rs

@@ -153,6 +153,7 @@ pub fn attempt_ssp_access_rom() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn attempt_ssp_access_fw_load() {
     let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_FIPS_TEST_HOOKS).unwrap();
 

test/tests/fips_test_suite/self_tests.rs

@@ -16,6 +16,7 @@ use zerocopy::IntoBytes;
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_halt_check_no_output() {
     let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_FIPS_TEST_HOOKS).unwrap();
 
@@ -40,6 +41,7 @@ pub fn kat_halt_check_no_output() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn fw_load_halt_check_no_output() {
     let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_FIPS_TEST_HOOKS).unwrap();
 
@@ -67,6 +69,8 @@ pub fn fw_load_halt_check_no_output() {
     // NOTE: SHA engine is not locked during FW load
 }
 
+// This is not compatible with hw-1.0 because we cannot build a 1.0 ROM from this newer version of the repo
+#[cfg(not(feature = "hw-1.0"))]
 fn self_test_failure_flow_rom(hook_code: u8, exp_error_code: u32) {
     let rom = caliptra_builder::build_firmware_rom(&ROM_WITH_FIPS_TEST_HOOKS).unwrap();
 
@@ -240,6 +244,7 @@ fn self_test_failure_flow_rt(hook_code: u8, exp_error_code: u32) {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha1_digest_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA1_DIGEST_FAILURE,
@@ -257,6 +262,7 @@ pub fn kat_sha1_digest_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha1_digest_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA1_CORRUPT_DIGEST,
@@ -274,6 +280,7 @@ pub fn kat_sha1_digest_mismatch_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha256_digest_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA256_DIGEST_FAILURE,
@@ -291,6 +298,7 @@ pub fn kat_sha256_digest_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha256_digest_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA256_CORRUPT_DIGEST,
@@ -308,6 +316,7 @@ pub fn kat_sha256_digest_mismatch_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha384_digest_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA384_DIGEST_FAILURE,
@@ -325,6 +334,7 @@ pub fn kat_sha384_digest_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha384_digest_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA384_CORRUPT_DIGEST,
@@ -342,6 +352,7 @@ pub fn kat_sha384_digest_mismatch_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha2_512_384acc_digest_start_op_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA2_512_384_ACC_START_OP_FAILURE,
@@ -359,6 +370,7 @@ pub fn kat_sha2_512_384acc_digest_start_op_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha2_512_384acc_digest_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA2_512_384_ACC_DIGEST_512_FAILURE,
@@ -376,6 +388,7 @@ pub fn kat_sha2_512_384acc_digest_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_sha2_512_384acc_digest_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::SHA2_512_384_ACC_CORRUPT_DIGEST_512,
@@ -393,6 +406,7 @@ pub fn kat_sha2_512_384acc_digest_mismatch_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_ecc384_signature_generate_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::ECC384_SIGNATURE_GENERATE_FAILURE,
@@ -410,6 +424,7 @@ pub fn kat_ecc384_signature_generate_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_ecc384_signature_verify_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::ECC384_CORRUPT_SIGNATURE,
@@ -427,6 +442,7 @@ pub fn kat_ecc384_signature_verify_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_ecc384_deterministic_key_gen_generate_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::ECC384_KEY_PAIR_GENERATE_FAILURE,
@@ -444,6 +460,7 @@ pub fn kat_ecc384_deterministic_key_gen_generate_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_ecc384_deterministic_key_gen_verify_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::ECC384_CORRUPT_KEY_PAIR,
@@ -461,6 +478,7 @@ pub fn kat_ecc384_deterministic_key_gen_verify_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_hmac384_failure_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::HMAC384_FAILURE,
@@ -478,6 +496,7 @@ pub fn kat_hmac384_failure_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_hmac384_tag_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::HMAC384_CORRUPT_TAG,
@@ -495,6 +514,7 @@ pub fn kat_hmac384_tag_mismatch_rt() {
 
 #[test]
 #[cfg(not(feature = "test_env_immutable_rom"))]
+#[cfg(not(feature = "hw-1.0"))]
 pub fn kat_lms_digest_mismatch_rom() {
     self_test_failure_flow_rom(
         FipsTestHook::LMS_CORRUPT_INPUT,