Isolate no cpu int#3669
Draft
v-ramalleti wants to merge 279 commits into
Draft
Conversation
This update modifies the emulator to reset the MBOX AXI users and their locks during a warm reset. It also enhances the warm reset integration tests to reprogram the AXI users and their locks afterward.
Tock uses Unicode characters in utf8 occasionally and our demos might use them to make everything pretty. This should have no performance impact when using plain ASCII, as the new behavior is only triggered on non-ASCII characters. Miraculously, the characters used for tests (like `0xff`) are not valid in UTF-8 sequences.
…#2528) During a warm reset, the cptra_fw_rev_id registers are cleared, causing RT commands such as VERSION to return a firmware version of 0. This update re-applies the FMC and RT firmware versions during RT initialization by reading them from the manifest stored in DCCM. This is a temporary workaround until the hardware update planned for version 2.2 addresses the issue more robustly.
This exposes the default LC tokens programmed into OTP so they can be used by downstream FPGA E2E test cases that excercise LC state transitions. Signed-off-by: Tim Trippel <ttrippel@google.com>
Previously, the JTAG TAP only had functions to read and write LCC registers, i.e. when connected to the LCC TAP. This updates the TAP logic to enable connecting to the Caliptra Core TAP as well. Signed-off-by: Tim Trippel <ttrippel@google.com>
At the end of the recovery flow before notifying the MCU firmware is ready, Caliptra needs to set the reset reason. This change adds that capability. This is described in more detail in https://github.com/chipsalliance/caliptra-ss/blob/main/docs/CaliptraSSIntegrationSpecification.md#mcu-fw-boot-update.
…liance#2545) If CM_SHA_INIT contains more than 128 bytes, then an intermediate hash is generated and restored when starting CM_SHA_UPDATE. If the CM_SHA_UPDATE does not contain enough data to trigger another block write, then we would try to immediately save the SHA state. In that case, the hardware status would show ready but not valid, so the driver would get into an infinite loop waiting for the save state to be ready. This addresses this condition by not doing triggering a save if we did not write enough data and instead using the old intermediate hash.
…e#2494) In 2.0 subsystem mode, the UDS and FE secrets are not guaranteed to be zeroizable. For non-identity keys, such as stable keys and derivatives, the keys and any uses of them must be marked as FIPS invalid. For 2.0 passive mode, the integrator is expected to guarantee that the UDS and FE are zeroizable. For 2.1 in both modes, UDS and FE must be zeroizable. This reserves one of the bits in the CMKs to be used as a FIPS bit and adds the logic to propagate that to derived CMKs and to the mailbox commands that use them. This adds tests for the behavior in subsystem and passive mode for all cryptographic mailbox commands as well.
The test is disabled in the FPGA for now due to flakiness of booting all the way to runtime, but it has been tested as working and is ready for CI whenever that flakiness is resolved. To support this command (and probably others) we need to pass in SoC manifest and MCU FW when operating in subsystem mode, otherwise the FPGA subsystem boot flow will fail. We also need to set the SoC Manifest Max SVN in fuses so that these are routed back to the Caliptra fuse registers.
This allows provisioning the FPGA bitstream at runtime.
…iance#2553) This fixes some configuration errors to enable connecting to the Caliptra Core TAP. This will enable completing the manuf debug unlock test. Signed-off-by: Tim Trippel <ttrippel@google.com>
…e#2547) * Enable disabled ActivateFw and AuthAndStash integ tests Previously all ActivateFw and AuthAndStash integ tests were disabled when testing FPGA. This was because these integ tests needs an external test SRAM to exchange data with Caliptra. SW emulator is using a SW SRAM which is not available previously in HW. To work around this, we will be using the MCU MBOX SRAM as a test SRAM to enable these tests. * fix compile error for fpga_realitime * Addressed feedback - Currently CI FPGA bitstream is flaky in running runtime, disable these tests for now. It did pass on local FPGA tests - Use a single function to write to test sram - correct yaml filters * Correct unlock procedure
…e#2499) This will notify the MCU test ROM that it is ready to start loading mutable firmware for both Caliptra and MCU.
This reverts commit 3ccf0e3.
This fixes the OpenOCD config since chipsalliance#397 merged, thus aligning the JTAG pin ordering across all TAPs. This should be merged after the bitstreams are updated in CI. Signed-off-by: Tim Trippel <ttrippel@google.com>
…e#2572) These tests are causing the new panics. They still need to be triaged, but this can unblock current development efforts.
…liance#2566) * [jtag] add missing mailbox register address This adds a missing Caliptra Core TAP mailbox register address to the enum of JTAG accessible registers. Signed-off-by: Tim Trippel <ttrippel@google.com> * [hw-model] enable provisioning the debug unlock token in OTP This updates the FPGA subsystem HW model to provision a default debug unlock token to enable testing the manuf debug unlock flow. Signed-off-by: Tim Trippel <ttrippel@google.com> --------- Signed-off-by: Tim Trippel <ttrippel@google.com>
* R/W filesystem * SSH,TMUX,RSYNC * Pre-provisioned SSH keys
* The CSR generation is 3x slower on main-2.x, so reduce iterations by 66%. * Increase timeout for boot stress test
Will be used for the nightly 2.x release.
This is required for FIPS compliance whenever an ECDSA key pair is used for ECDH key agreement. (cherry picked from commit f84abd7)
This is required for FIPS compliance whenever an MLDSA key pair is generated. (cherry picked from commit cb79806)
This way the public keys aren't encoded using sentinel values, but instead use a prefix/suffix pattern. This saves a ton of space, especially for MLDSA public keys, which are 2592 bytes each in the TBS templates. (cherry picked from commit 9248d79)
The TBS_TEMPLATE constant is only used in tests for some types but not all. Adding #[allow(dead_code)] alongside #[cfg(test)] prevents clippy dead_code warnings for types without test references.
…#3561) * [hw-model] Wait for subsystem boot completion in tests * [gha] bump MCU ROM commit
…ate dlen against mailbox SRAM size (chipsalliance#3414) (chipsalliance#3571) Co-authored-by: arosenbaum84 <136463300+arosenbaum84@users.noreply.github.com>
mark PK hash as valid, and update OTP PQC key type encoding Signed-off-by: Amit Kumar-Hermosillo <amitkh@google.com>
This renames the crate and updates all of the local dependencies. This makes it more consistent with the other crates in the project.
This renames the crate and updates all of the local dependencies. This makes it more consistent with the other crates in the project.
This renames the crate and updates all of the local dependencies. This makes it more consistent with the other crates in the project.
Cherry-picked RT alias changes from original commit eaf3fa4. Excludes IDevID, LDevID, and FMC alias changes that affect caliptra ROM. - Add TCG_DICE_KP_ECA extended key usage to RT alias ECC and ML-DSA certs - Regenerate X509 templates with the new EKU extension - Update DPE submodule to 769ae8d (ECA EKU verification fix)
Cherry-picked from main commit a39153c. Adds rt_mldsa_keypair_seed_kv_hdl to PersistentData so runtime can access the RT MLDSA keypair seed for signing operations. To avoid ROM changes, the MLDSA seed handle is stored in PersistentData. Also renames rt_priv_key_kv_hdl to rt_ecc_priv_key_kv_hdl for clarity.
…e#3339) Cherry-picked from main commit ec94318. Adds attested CSR support with LDevID key type. Uses COSE Sign1 wrapped EAT claims. Increase STACK_SIZE from 116KB to 140KB to accommodate attested CSR COSE/CBOR encoding stack usage. Adapted for caliptra-2.0: caliptra-ocp-eat naming, .fht accessor path, caliptra_cfi_derive_git. Co-authored-by: Max Timkovich <max@timkovi.ch>
Cherry-picked from main commit e79c184.
Cherry-picked from main commit 6674210.
- Remove CsrData struct; Reuse single scratch buffer across CSR generation and signing - Increase RUNTIME_SIZE from 154KB to 156KB for new CSR templates
Squashed cherry-picks from main: - chipsalliance#3013: Update to just before adding SVN (DPE sub → b1c0e99) - chipsalliance#3018: Support SVN in DeriveContext (DPE sub → c9b67f5) - chipsalliance#3022: Use dpe::State for shared state (DPE sub → 57690bd) - chipsalliance#3029: New Crypto API (DPE sub → 81aea72) - chipsalliance#3038: Use both RT PCRs in RT DPE context - chipsalliance#3164: Unify DPE environment creation Note: CertifyKeyCsr DPE verification test is temporarily disabled. It requires DPE commit 4986ac5 ("verification: Add ECA EKU and fix CSR signature verification (chipsalliance#510)") which will be picked up in a later phase when the DPE submodule is updated further.
Squashed backport of: - [dpe] Update DPE to hybrid build feature (chipsalliance#3070) - [dpe] Remove DPE submodule and references (chipsalliance#3217) - [dpe] Update DPE submodule to latest commit (chipsalliance#3216)
… or uninitialized (chipsalliance#3602) (chipsalliance#3629) (cherry picked from commit 15fa4d3)
…tch ROM behavior (chipsalliance#3628) (chipsalliance#3636) (cherry picked from commit d241bb6)
…hipsalliance#3637) These registers are allowed to be written by SoC / MCU, but not by Caliptra. We don't have a good way to enforce such a separation in the emulator at the moment, so we mark them as RW.
…hipsalliance#3638) This adds the following fields to `FwInfoResp`: * vendor_pub_key_hash * image_manifest_pqc_type * vendor_ecc384_pub_key_index * vendor_pqc_pub_key_index These will be used by MCU key revocation APIs to make sure it is safe to revoke a key.
…nce#3643) Switch secrets_valid to True so DOE reads UDS and FE from strap registers instead of OTP. This gives deterministic and identical IdevID on FPGA and emulator for SPDM attestation tests
…ance#3259) These internal timers might be saved up during hitless update, where the MCU processor is halted. When it comes out of reset, the timers would immediately try to fire, which could trigger the wrong code to be executed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.