Skip to content

Commit 9188deb

Browse files
committed
[rom_ext] Reorder key saving in dice_chain.c
Instead of saving the key before going to the next stage, we save the issuer key before key manager advancement. This avoids leaving key material in OTBN DMEM for longer than necessary. Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com> Change-Id: I0464c1d8661f971fd56591e10fb0a3536a6a6964
1 parent 295be56 commit 9188deb

1 file changed

Lines changed: 17 additions & 15 deletions

File tree

sw/device/silicon_creator/lib/cert/dice_chain.c

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -60,17 +60,17 @@ rom_error_t dice_chain_attestation_silicon(void) {
6060
kDiceKeyUds, &static_dice_cdi_0.uds_pubkey_id,
6161
&static_dice_cdi_0.uds_pubkey));
6262

63-
// Save UDS key for signing next stage cert.
64-
RETURN_IF_ERROR(otbn_boot_attestation_key_save(
65-
kDiceKeyUds.keygen_seed_idx, kDiceKeyUds.type,
66-
*kDiceKeyUds.keymgr_diversifier));
67-
6863
return kErrorOk;
6964
}
7065

7166
rom_error_t dice_chain_attestation_creator(
7267
keymgr_binding_value_t *rom_ext_measurement,
7368
const manifest_t *rom_ext_manifest) {
69+
// Save UDS key for signing next stage cert.
70+
RETURN_IF_ERROR(otbn_boot_attestation_key_save(
71+
kDiceKeyUds.keygen_seed_idx, kDiceKeyUds.type,
72+
*kDiceKeyUds.keymgr_diversifier));
73+
7474
// Generate CDI_0 attestation keys and (potentially) update certificate.
7575
keymgr_binding_value_t seal_binding_value = {
7676
.data = {rom_ext_manifest->identifier, 0}};
@@ -100,11 +100,6 @@ rom_error_t dice_chain_attestation_creator(
100100
rom_ext_manifest->security_version, &dice_chain_cdi_0_key_ids,
101101
&static_dice_cdi_0.uds_pubkey, &static_dice_cdi_0.cdi_0_pubkey,
102102
static_dice_cdi_0.cert_data, &static_dice_cdi_0.cert_size));
103-
} else {
104-
// Replace UDS with CDI_0 key for endorsing next stage cert.
105-
HARDENED_RETURN_IF_ERROR(otbn_boot_attestation_key_save(
106-
kDiceKeyCdi0.keygen_seed_idx, kDiceKeyCdi0.type,
107-
*kDiceKeyCdi0.keymgr_diversifier));
108103
}
109104

110105
sc_keymgr_sw_binding_unlock_wait();
@@ -135,6 +130,11 @@ rom_error_t dice_chain_attestation_owner(
135130
const manifest_t *owner_manifest, keymgr_binding_value_t *bl0_measurement,
136131
hmac_digest_t *owner_measurement, hmac_digest_t *owner_history_hash,
137132
keymgr_binding_value_t *sealing_binding, owner_app_domain_t key_domain) {
133+
// Save CDI_0 key for signing next stage cert.
134+
RETURN_IF_ERROR(otbn_boot_attestation_key_save(
135+
kDiceKeyCdi0.keygen_seed_idx, kDiceKeyCdi0.type,
136+
*kDiceKeyCdi0.keymgr_diversifier));
137+
138138
// Local variables for CDI_1 key generation and cert building
139139
hmac_digest_t subject_pubkey_id;
140140
ecdsa_p256_public_key_t subject_pubkey;
@@ -209,14 +209,16 @@ rom_error_t dice_chain_attestation_owner(
209209

210210
// Flush page to flash.
211211
RETURN_IF_ERROR(dice_storage_flush_page(&dice_page));
212-
} else {
213-
// Replace CDI_0 with CDI_1 key for endorsing next stage cert.
214-
HARDENED_RETURN_IF_ERROR(otbn_boot_attestation_key_save(
215-
kDiceKeyCdi1.keygen_seed_idx, kDiceKeyCdi1.type,
216-
*kDiceKeyCdi1.keymgr_diversifier));
217212
}
218213

219214
sc_keymgr_sw_binding_unlock_wait();
215+
216+
// Save CDI_1 key for endorsing next stage cert.
217+
// TODO: Remove this save once all ownersw are migrated to derive the key
218+
// on their own. This save is added only for compatibility.
219+
RETURN_IF_ERROR(otbn_boot_attestation_key_save(
220+
kDiceKeyCdi1.keygen_seed_idx, kDiceKeyCdi1.type,
221+
*kDiceKeyCdi1.keymgr_diversifier));
220222
return kErrorOk;
221223
}
222224

0 commit comments

Comments
 (0)