[cov,test] Fix hardcoded flash layout constants

The flash layout constants in several tests were hardcoded, assuming
a 64K ROM_EXT. This caused tests to fail when linked for coverage,
as the coverage-enabled ROM_EXT is 128K.

This change replaces the hardcoded constants with calculated values or
named constants that account for the size of the ROM_EXT.

Change-Id: I29f0796eec59d4fd9c70fdb0b72d3c70f17da9a4
Signed-off-by: Yi-Hsuan Deng <[email protected]>

Author: sasdf

sw/device/silicon_creator/lib/ownership/BUILD

@@ -256,7 +256,9 @@ cc_library(
         ":datatypes",
         ":owner_block",
         ":ownership",
+        "//hw/top_earlgrey/ip_autogen/flash_ctrl:flash_ctrl_c_regs",
         "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib/base:chip",
         "//sw/device/silicon_creator/lib/boot_svc:boot_svc_msg",
         "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
         "//sw/device/silicon_creator/lib/ownership/keys/fake:includes",
@@ -275,7 +277,9 @@ cc_library(
             ":datatypes",
             ":owner_block",
             ":ownership",
+            "//hw/top_earlgrey/ip_autogen/flash_ctrl:flash_ctrl_c_regs",
             "//sw/device/silicon_creator/lib:boot_data",
+            "//sw/device/silicon_creator/lib/base:chip",
             "//sw/device/silicon_creator/lib/boot_svc:boot_svc_msg",
             "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
             "//sw/device/silicon_creator/lib/ownership/keys/fake:includes",

sw/device/silicon_creator/lib/ownership/test_owner.c

@@ -5,6 +5,7 @@
 #include "sw/device/lib/base/hardened_memory.h"
 #include "sw/device/lib/base/macros.h"
 #include "sw/device/lib/base/memory.h"
+#include "sw/device/silicon_creator/lib/base/chip.h"
 #include "sw/device/silicon_creator/lib/boot_svc/boot_svc_msg.h"
 #include "sw/device/silicon_creator/lib/dbg_print.h"
 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
@@ -26,6 +27,8 @@
 #include "sw/device/silicon_creator/lib/ownership/ownership_key.h"
 #include "sw/device/silicon_creator/lib/rescue/rescue.h"
 
+#include "flash_ctrl_regs.h"
+
 /*
  * This module overrides the weak `sku_creator_owner_init` symbol in
  * ownership.c, thus allowing FPGA builds to boot in the `LockedOwner` state
@@ -136,12 +139,16 @@
       kBootSvcOwnershipUnlockReqType,
 #endif
 #ifndef WITH_RESCUE_START
-#define WITH_RESCUE_START (32)
+#define WITH_RESCUE_START (kRomExtSizeInPages)
 #endif
 #ifndef WITH_RESCUE_SIZE
-#define WITH_RESCUE_SIZE (224)
+#define WITH_RESCUE_SIZE (256 - kRomExtSizeInPages)
 #endif
 
+enum {
+  kRomExtSizeInPages = CHIP_ROM_EXT_SIZE_MAX / FLASH_CTRL_PARAM_BYTES_PER_PAGE,
+};
+
 rom_error_t sku_creator_owner_init(boot_data_t *bootdata) {
 #ifdef TEST_FAULT_NO_OWNER
   return kErrorOwnershipNoOwner;

sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/defs.bzl

@@ -70,9 +70,9 @@ BOOT_POLICY_FLASH_ECC_ERROR_TESTS = [
         "name": "a_corrupt_b_valid_{}",
         "a": ":flash_ecc_self_corruption_slot_a_{}",
         "b": ":uncorrupted_test_slot_b",
-        # The regex allows either 8 or 1 in the address, which accomodates the test program
-        # being linked as either a ROM_EXT or application.
-        "exit_success": "Booted slot=0x200[89]0000; Cause={}",
+        # The regex allows either 8, 9, a in the address, which accomodates the test program
+        # being linked as either a ROM_EXT or application normal or coverage builds.
+        "exit_success": "Booted slot=0x200[89a]0000; Cause={}",
         # When running under the ROM_EXT, we want to try SlotA first and make sure that
         # we handle the corrupted flash properly.
         "primary": "SlotA",
@@ -81,9 +81,9 @@ BOOT_POLICY_FLASH_ECC_ERROR_TESTS = [
         "name": "a_valid_b_corrupt_{}",
         "a": ":uncorrupted_test_slot_a",
         "b": ":flash_ecc_self_corruption_slot_b_{}",
-        # The regex allows either 0 or 1 in the address, which accomodates the test program
-        # being linked as either a ROM_EXT or application.
-        "exit_success": "Booted slot=0x200[01]0000; Cause={}",
+        # The regex allows either 0, 1, 2 in the address, which accomodates the test program
+        # being linked as either a ROM_EXT or application in normal or coverage builds.
+        "exit_success": "Booted slot=0x200[012]0000; Cause={}",
         # When running under the ROM_EXT, we want to try SlotB first and make sure that
         # we handle the corrupted flash properly.
         "primary": "SlotB",

sw/device/silicon_creator/rom/e2e/boot_policy_flash_ecc_error/flash_ecc_error_test.c

@@ -309,8 +309,7 @@ bool test_main(void) {
   if (kBootStage == kBootStageOwner) {
     // If we're running at the owner stage, we want to compute a location
     // inside the owner code, which starts after the ROM_EXT.
-    // The ROM_EXT is 64K.
-    addr_of_corruption += 0x10000;
+    addr_of_corruption += CHIP_ROM_EXT_SIZE_MAX;
   }
 
   // Corrupt the ECC of a targeted flash word by performing a double write.

sw/host/tests/ownership/flash_permission_test.rs

@@ -18,7 +18,10 @@ use opentitanlib::rescue::serial::RescueSerial;
 use opentitanlib::rescue::{EntryMode, Rescue};
 use opentitanlib::test_utils::init::InitializeTest;
 use opentitanlib::uart::console::UartConsole;
-use transfer_lib::HybridPair;
+use transfer_lib::{
+    HybridPair, OWNER_FLASH_FILE_SIZE, OWNER_FLASH_FILE_START, OWNER_FLASH_OWNER_SIZE,
+    OWNER_FLASH_OWNER_START, OWNER_FLASH_ROM_EXT_SIZE, OWNER_FLASH_ROM_EXT_START,
+};
 
 #[derive(Debug, Parser)]
 struct Opts {
@@ -247,11 +250,25 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
         // The ROM_EXT always protects itself in regions 0 and 1.
         assert_eq!(
             region[0],
-            FlashRegion("data", 0, 0, 32, romext_region[0], "LK")
+            FlashRegion(
+                "data",
+                0,
+                OWNER_FLASH_ROM_EXT_START as u32,
+                OWNER_FLASH_ROM_EXT_SIZE as u32,
+                romext_region[0],
+                "LK"
+            )
         );
         assert_eq!(
             region[1],
-            FlashRegion("data", 1, 256, 32, romext_region[1], "LK")
+            FlashRegion(
+                "data",
+                1,
+                256 + OWNER_FLASH_ROM_EXT_START as u32,
+                OWNER_FLASH_ROM_EXT_SIZE as u32,
+                romext_region[1],
+                "LK"
+            )
         );
 
         // Current owner (fake_owner in flash SideA) doesn't have a configuration,
@@ -260,11 +277,25 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
         // Next owner (dummy_owner in Flash SideB) is the next owner configuration.
         assert_eq!(
             region[2],
-            FlashRegion("data", 2, 288, 192, "RD-WR-ER-SC-EC-xx", "UN")
+            FlashRegion(
+                "data",
+                2,
+                256 + OWNER_FLASH_OWNER_START as u32,
+                OWNER_FLASH_OWNER_SIZE as u32,
+                "RD-WR-ER-SC-EC-xx",
+                "UN"
+            )
         );
         assert_eq!(
             region[3],
-            FlashRegion("data", 3, 480, 32, "RD-WR-ER-xx-xx-HE", "UN")
+            FlashRegion(
+                "data",
+                3,
+                256 + OWNER_FLASH_FILE_START as u32,
+                OWNER_FLASH_FILE_SIZE as u32,
+                "RD-WR-ER-xx-xx-HE",
+                "UN"
+            )
         );
 
         // The remaining flash regions are unused.
@@ -338,29 +369,99 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
     let app_region = match opts.rescue_slot {
         BootSlot::SlotA => [
             // Slot A protected, Slot B writable.
-            FlashRegion("data", 2, 32, 192, "RD-xx-xx-SC-EC-xx", locked),
-            FlashRegion("data", 3, 224, 32, "RD-WR-ER-xx-xx-HE", locked),
-            FlashRegion("data", 4, 288, 192, "RD-WR-ER-SC-EC-xx", locked),
-            FlashRegion("data", 5, 480, 32, "RD-WR-ER-xx-xx-HE", locked),
+            FlashRegion(
+                "data",
+                2,
+                OWNER_FLASH_OWNER_START as u32,
+                OWNER_FLASH_OWNER_SIZE as u32,
+                "RD-xx-xx-SC-EC-xx",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                3,
+                OWNER_FLASH_FILE_START as u32,
+                OWNER_FLASH_FILE_SIZE as u32,
+                "RD-WR-ER-xx-xx-HE",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                4,
+                256 + OWNER_FLASH_OWNER_START as u32,
+                OWNER_FLASH_OWNER_SIZE as u32,
+                "RD-WR-ER-SC-EC-xx",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                5,
+                256 + OWNER_FLASH_FILE_START as u32,
+                OWNER_FLASH_FILE_SIZE as u32,
+                "RD-WR-ER-xx-xx-HE",
+                locked,
+            ),
         ],
         BootSlot::SlotB => [
             // Slot A writable, Slot B protected.
-            FlashRegion("data", 2, 32, 192, "RD-WR-ER-SC-EC-xx", locked),
-            FlashRegion("data", 3, 224, 32, "RD-WR-ER-xx-xx-HE", locked),
-            FlashRegion("data", 4, 288, 192, "RD-xx-xx-SC-EC-xx", locked),
-            FlashRegion("data", 5, 480, 32, "RD-WR-ER-xx-xx-HE", locked),
+            FlashRegion(
+                "data",
+                2,
+                OWNER_FLASH_OWNER_START as u32,
+                OWNER_FLASH_OWNER_SIZE as u32,
+                "RD-WR-ER-SC-EC-xx",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                3,
+                OWNER_FLASH_FILE_START as u32,
+                OWNER_FLASH_FILE_SIZE as u32,
+                "RD-WR-ER-xx-xx-HE",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                4,
+                256 + OWNER_FLASH_OWNER_START as u32,
+                OWNER_FLASH_OWNER_SIZE as u32,
+                "RD-xx-xx-SC-EC-xx",
+                locked,
+            ),
+            FlashRegion(
+                "data",
+                5,
+                256 + OWNER_FLASH_FILE_START as u32,
+                OWNER_FLASH_FILE_SIZE as u32,
+                "RD-WR-ER-xx-xx-HE",
+                locked,
+            ),
         ],
         _ => return Err(anyhow!("Unknown boot slot {}", data.bl0_slot)),
     };
 
     // The ROM_EXT always protects itself in regions 0 and 1.
     assert_eq!(
         region[0],
-        FlashRegion("data", 0, 0, 32, romext_region[0], "LK")
+        FlashRegion(
+            "data",
+            0,
+            OWNER_FLASH_ROM_EXT_START as u32,
+            OWNER_FLASH_ROM_EXT_SIZE as u32,
+            romext_region[0],
+            "LK"
+        )
     );
     assert_eq!(
         region[1],
-        FlashRegion("data", 1, 256, 32, romext_region[1], "LK")
+        FlashRegion(
+            "data",
+            1,
+            256 + OWNER_FLASH_ROM_EXT_START as u32,
+            OWNER_FLASH_ROM_EXT_SIZE as u32,
+            romext_region[1],
+            "LK"
+        )
     );
     // Flash Slot A:
     assert_eq!(region[2], app_region[0]);

sw/host/tests/ownership/transfer_lib.rs

@@ -270,6 +270,18 @@ impl HybridPair {
     }
 }
 
+pub const OWNER_FLASH_ROM_EXT_START: u16 = 0;
+
+#[cfg(not(feature = "ot_coverage_enabled"))]
+pub const OWNER_FLASH_ROM_EXT_SIZE: u16 = 32;
+#[cfg(feature = "ot_coverage_enabled")]
+pub const OWNER_FLASH_ROM_EXT_SIZE: u16 = 64;
+
+pub const OWNER_FLASH_FILE_START: u16 = 224;
+pub const OWNER_FLASH_FILE_SIZE: u16 = 32;
+pub const OWNER_FLASH_OWNER_START: u16 = OWNER_FLASH_ROM_EXT_START + OWNER_FLASH_ROM_EXT_SIZE;
+pub const OWNER_FLASH_OWNER_SIZE: u16 = OWNER_FLASH_FILE_START - OWNER_FLASH_OWNER_START;
+
 /// Prepares an OwnerBlock and sends it to the chip.
 #[allow(clippy::too_many_arguments)]
 pub fn create_owner<F>(
@@ -324,22 +336,62 @@ where
 
             // Side A: 0-64K romext, 64-448K firmware, 448-512K filesystem.
             vec![
-                OwnerFlashRegion::new(0, 32, config.rom_ext()),
-                OwnerFlashRegion::new(32, 192, config.firmware()),
-                OwnerFlashRegion::new(224, 32, config.filesystem()),
+                OwnerFlashRegion::new(
+                    OWNER_FLASH_ROM_EXT_START,
+                    OWNER_FLASH_ROM_EXT_SIZE,
+                    config.rom_ext(),
+                ),
+                OwnerFlashRegion::new(
+                    OWNER_FLASH_OWNER_START,
+                    OWNER_FLASH_OWNER_SIZE,
+                    config.firmware(),
+                ),
+                OwnerFlashRegion::new(
+                    OWNER_FLASH_FILE_START,
+                    OWNER_FLASH_FILE_SIZE,
+                    config.filesystem(),
+                ),
                 // Side B: 0-64K romext, 64-448K firmware, 448-512K filesystem.
-                OwnerFlashRegion::new(256, 32, config.rom_ext()),
-                OwnerFlashRegion::new(256 + 32, 192, config.firmware()),
-                OwnerFlashRegion::new(256 + 224, 32, config.filesystem()),
+                OwnerFlashRegion::new(
+                    256 + OWNER_FLASH_ROM_EXT_START,
+                    OWNER_FLASH_ROM_EXT_SIZE,
+                    config.rom_ext(),
+                ),
+                OwnerFlashRegion::new(
+                    256 + OWNER_FLASH_OWNER_START,
+                    OWNER_FLASH_OWNER_SIZE,
+                    config.firmware(),
+                ),
+                OwnerFlashRegion::new(
+                    256 + OWNER_FLASH_FILE_START,
+                    OWNER_FLASH_FILE_SIZE,
+                    config.filesystem(),
+                ),
             ]
         } else {
             vec![
                 // Side A: 64-448K firmware, 448-512K filesystem.
-                OwnerFlashRegion::new(32, 192, config.firmware()),
-                OwnerFlashRegion::new(224, 32, config.filesystem()),
+                OwnerFlashRegion::new(
+                    OWNER_FLASH_OWNER_START,
+                    OWNER_FLASH_OWNER_SIZE,
+                    config.firmware(),
+                ),
+                OwnerFlashRegion::new(
+                    OWNER_FLASH_FILE_START,
+                    OWNER_FLASH_FILE_SIZE,
+                    config.filesystem(),
+                ),
                 // Side B: 64-448K firmware, 448-512K filesystem.
-                OwnerFlashRegion::new(256 + 32, 192, config.firmware()),
-                OwnerFlashRegion::new(256 + 224, 32, config.filesystem()),
+                OwnerFlashRegion::new(
+                    256 + OWNER_FLASH_OWNER_START,
+                    OWNER_FLASH_OWNER_SIZE,
+                    config.firmware(),
+                ),
+                OwnerFlashRegion::new(
+                    256 + OWNER_FLASH_FILE_START,
+                    OWNER_FLASH_FILE_SIZE,
+                    config.filesystem(),
+                ),
             ]
         };
         owner
@@ -360,8 +412,8 @@ where
     }
     if cfg & CFG_RESCUE1 != 0 {
         let mut rescue = OwnerRescueConfig::all();
-        rescue.start = 32;
-        rescue.size = 192;
+        rescue.start = OWNER_FLASH_OWNER_START;
+        rescue.size = OWNER_FLASH_OWNER_SIZE;
         if cfg & CFG_RESCUE_RESTRICT != 0 {
             // Restrict one of the boot_svc commands in "restrict" mode.
             rescue