[rom_ext_e2e] Add an ownership transfer test

1. Create a library of helper functions for facilitating ownership
   transfer tests.
2. Create a basic ownership transfer test that transfers chip ownership
   from the default `fake` test owner to a `dummy` owner.

Signed-off-by: Chris Frantz <[email protected]>
(cherry picked from commit 0ad99c9)
(cherry picked from commit 71cc612)

Author: cfrantz

quality/BUILD.bazel

@@ -173,19 +173,21 @@ RUST_TARGETS = [
     "//sw/host/hsmtool:hsmlib",
     "//sw/host/hsmtool:hsmlib_test",
     "//sw/host/hsmtool/acorn:acorn",
-    "//sw/host/ot_certs:ot_certs",
-    "//sw/host/ot_certs:ot_certs_test",
     "//sw/host/opentitanlib:opentitanlib",
     "//sw/host/opentitanlib:opentitanlib_test",
     "//sw/host/opentitansession:opentitansession",
     "//sw/host/opentitantool:opentitantool",
+    "//sw/host/ot_certs:ot_certs",
+    "//sw/host/ot_certs:ot_certs_test",
     "//sw/host/tests/chip/gpio:gpio",
     "//sw/host/tests/chip/power_virus:power_virus",
+    "//sw/host/tests/chip/spi_device:spi_passthru",
+    "//sw/host/tests/ownership:transfer_lib",
+    "//sw/host/tests/ownership:transfer_test",
     "//sw/host/tests/rom/e2e_bootstrap_disabled:e2e_bootstrap_disabled",
     "//sw/host/tests/rom/e2e_bootstrap_entry:e2e_bootstrap_entry",
     "//sw/host/tests/rom/e2e_chip_specific_startup:e2e_chip_specific_startup",
     "//sw/host/tests/rom/sw_strap_value:sw_strap_value",
-    "//sw/host/tests/chip/spi_device:spi_passthru",
     "//sw/host/tests/xmodem:lrzsz_test",
     "//sw/host/tests/xmodem:xmodem",
     "//sw/host/sphincsplus:sphincsplus",

sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD

@@ -0,0 +1,51 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load(
+    "//rules/opentitan:defs.bzl",
+    "fpga_params",
+    "opentitan_test",
+)
+
+package(default_visibility = ["//visibility:public"])
+
+opentitan_test(
+    name = "ownership_transfer_test",
+    srcs = ["//sw/device/silicon_creator/rom_ext/e2e/verified_boot:boot_test"],
+    exec_env = {
+        "//hw/top_earlgrey:fpga_hyper310_rom_ext": None,
+    },
+    fpga = fpga_params(
+        # This test doesn't change OTP, but it modifies the ownership INFO
+        # pages, so we need to clear the bitstream after the test, which is
+        # what the `changes_otp` parameter actually does.
+        changes_otp = True,
+        data = [
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/fake:unlock_key",
+        ],
+        test_cmd = """
+            --clear-bitstream
+            --bootstrap={firmware}
+            --unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:unlock_key)
+            --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
+            --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
+            --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+        """,
+        test_harness = "//sw/host/tests/ownership:transfer_test",
+    ),
+    rsa_key = {
+        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
+    },
+    deps = [
+        "//sw/device/lib/base:status",
+        "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/silicon_creator/lib:boot_log",
+        "//sw/device/silicon_creator/lib/drivers:retention_sram",
+    ],
+)

sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD

@@ -1,6 +1,7 @@
 # Copyright lowRISC contributors (OpenTitan project).
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
+
 load(
     "//rules/opentitan:defs.bzl",
     "DEFAULT_TEST_FAILURE_MSG",

sw/host/opentitanlib/BUILD

@@ -82,8 +82,8 @@ rust_library(
         "src/chip/boot_log.rs",
         "src/chip/boot_svc.rs",
         "src/chip/helper.rs",
-        "src/chip/rom_error.rs",
         "src/chip/mod.rs",
+        "src/chip/rom_error.rs",
         "src/console/mod.rs",
         "src/console/spi.rs",
         "src/crypto/ecdsa.rs",

sw/host/opentitanlib/src/chip/helper.rs

@@ -11,7 +11,7 @@ use std::fs::File;
 use std::io::Read;
 use std::path::PathBuf;
 
-#[derive(Debug, Args)]
+#[derive(Debug, Default, Args)]
 pub struct OwnershipUnlockParams {
     #[arg(long, value_enum, help = "Requested unlock mode")]
     pub mode: Option<UnlockMode>,
@@ -63,7 +63,7 @@ impl OwnershipUnlockParams {
     }
 }
 
-#[derive(Debug, Args)]
+#[derive(Debug, Default, Args)]
 pub struct OwnershipActivateParams {
     #[arg(long, value_parser = u64::from_str, help="Current ROM_EXT nonce")]
     pub nonce: Option<u64>,

sw/host/opentitanlib/src/crypto/ecdsa.rs

@@ -226,6 +226,13 @@ impl TryFrom<&EcdsaPublicKey> for EcdsaRawPublicKey {
     }
 }
 
+impl TryFrom<EcdsaPublicKey> for EcdsaRawPublicKey {
+    type Error = Error;
+    fn try_from(v: EcdsaPublicKey) -> Result<Self, Self::Error> {
+        EcdsaRawPublicKey::try_from(&v)
+    }
+}
+
 impl FromStr for EcdsaRawPublicKey {
     type Err = Error;
     fn from_str(s: &str) -> Result<Self, Self::Err> {

sw/host/opentitanlib/src/crypto/rsa.rs

@@ -273,6 +273,13 @@ impl TryFrom<&RsaPublicKey> for RsaRawPublicKey {
     }
 }
 
+impl TryFrom<RsaPublicKey> for RsaRawPublicKey {
+    type Error = Error;
+    fn try_from(v: RsaPublicKey) -> Result<Self, Self::Error> {
+        RsaRawPublicKey::try_from(&v)
+    }
+}
+
 impl FromStr for RsaRawPublicKey {
     type Err = Error;
     fn from_str(s: &str) -> Result<Self, Self::Err> {

sw/host/opentitanlib/src/ownership/mod.rs

@@ -12,6 +12,6 @@ mod rescue;
 pub use application_key::{ApplicationKeyDomain, OwnerApplicationKey};
 pub use flash::{FlashFlags, OwnerFlashConfig, OwnerFlashRegion};
 pub use flash_info::{OwnerFlashInfoConfig, OwnerInfoPage};
-pub use misc::{OwnershipKeyAlg, TlvHeader, TlvTag};
-pub use owner::{OwnerBlock, SramExecMode};
+pub use misc::{KeyMaterial, OwnershipKeyAlg, TlvHeader, TlvTag};
+pub use owner::{OwnerBlock, OwnerConfigItem, SramExecMode};
 pub use rescue::{OwnerRescueConfig, RescueType};

sw/host/opentitanlib/src/rescue/xmodem.rs

@@ -97,7 +97,10 @@ impl Xmodem {
                     }
                 }
                 _ => {
-                    log::info!("Unknown byte received while waiting for XMODEM start: {ch:#x?}");
+                    let p = ch as char;
+                    log::info!(
+                        "Unknown byte received while waiting for XMODEM start: {p:?} ({ch:#x?})"
+                    );
                 }
             }
         }

sw/host/tests/ownership/BUILD

@@ -0,0 +1,33 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@rules_rust//rust:defs.bzl", "rust_binary", "rust_library")
+load("//rules:ujson.bzl", "ujson_rust")
+
+package(default_visibility = ["//visibility:public"])
+
+rust_library(
+    name = "transfer_lib",
+    srcs = ["transfer_lib.rs"],
+    deps = [
+        "//sw/host/opentitanlib",
+        "@crate_index//:anyhow",
+        "@crate_index//:log",
+    ],
+)
+
+rust_binary(
+    name = "transfer_test",
+    srcs = [
+        "transfer_test.rs",
+    ],
+    deps = [
+        ":transfer_lib",
+        "//sw/host/opentitanlib",
+        "@crate_index//:anyhow",
+        "@crate_index//:clap",
+        "@crate_index//:humantime",
+        "@crate_index//:log",
+    ],
+)