[rescue] Permit ROM_EXT updates via rescue

Discussion in #26785.

1. Examine the first rescue block and determine if the rescue stream
   contains a ROM_EXT.
2. If the rescue stream contains a ROM_EXT _and_ we're performing rescue
   to the non-active flash slot, then erase and reprogram the inactive
   ROM_EXT area.  Otherwise, silently consume the ROM_EXT portion of the
   rescue stream and flash the application payload.
3. Test that each combination of rom_ext slot and rescue slot always
   results in the inactive rom_ext slot updating and the active slot not
   updating.

Signed-off-by: Chris Frantz <[email protected]>
(cherry picked from commit ab4b517)

Author: cfrantz

apt-requirements.txt

@@ -44,6 +44,7 @@ srecord
 tree
 xmlstarlet
 xsltproc
+xxd
 xz-utils
 zip
 zlib1g-dev

sw/device/silicon_creator/lib/rescue/BUILD

@@ -30,6 +30,7 @@ cc_library(
         "//sw/device/silicon_creator/lib:boot_log",
         "//sw/device/silicon_creator/lib:dbg_print",
         "//sw/device/silicon_creator/lib:error",
+        "//sw/device/silicon_creator/lib:manifest",
         "//sw/device/silicon_creator/lib/boot_svc:boot_svc_msg",
         "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
         "//sw/device/silicon_creator/lib/drivers:lifecycle",

sw/device/silicon_creator/lib/rescue/rescue.c

@@ -16,6 +16,7 @@
 #include "sw/device/silicon_creator/lib/drivers/retention_sram.h"
 #include "sw/device/silicon_creator/lib/drivers/rstmgr.h"
 #include "sw/device/silicon_creator/lib/drivers/uart.h"
+#include "sw/device/silicon_creator/lib/manifest.h"
 #include "sw/device/silicon_creator/lib/ownership/datatypes.h"
 #include "sw/device/silicon_creator/lib/ownership/owner_block.h"
 
@@ -27,6 +28,20 @@ const uint32_t kFlashPageSize = FLASH_CTRL_PARAM_BYTES_PER_PAGE;
 const uint32_t kFlashBankSize =
     kFlashPageSize * FLASH_CTRL_PARAM_REG_PAGES_PER_BANK;
 
+static inline bool is_rom_ext(const void *data) {
+  const manifest_t *manifest = (const manifest_t *)data;
+  return manifest->identifier == CHIP_ROM_EXT_IDENTIFIER;
+}
+
+static inline bool is_rom_ext_update_allowed(rescue_state_t *state) {
+  // A ROM_EXT update is allowed if the partition we're flashing is not the
+  // ROM_EXT active partition.
+  return (state->mode == kRescueModeFirmware &&
+          state->boot_log->rom_ext_slot == kBootSlotB) ||
+         (state->mode == kRescueModeFirmwareSlotB &&
+          state->boot_log->rom_ext_slot == kBootSlotA);
+}
+
 rom_error_t flash_firmware_block(rescue_state_t *state) {
   uint32_t bank_offset =
       state->mode == kRescueModeFirmwareSlotB ? kFlashBankSize : 0;
@@ -38,20 +53,39 @@ rom_error_t flash_firmware_block(rescue_state_t *state) {
         .write = kMultiBitBool4True,
         .erase = kMultiBitBool4True,
     });
-    for (uint32_t addr = state->flash_start; addr < state->flash_limit;
+    // Detect if we're allowed to flash the ROM_EXT _and_ if the data stream
+    // starts with a ROM_EXT.  If so, we start flashing at offset 0 in this
+    // bank.
+    state->flash_begin =
+        (is_rom_ext_update_allowed(state) && is_rom_ext(state->data))
+            ? 0
+            : state->flash_start;
+
+    // Erase the allowed range in the requested partition.
+    for (uint32_t addr = state->flash_begin; addr < state->flash_limit;
          addr += kFlashPageSize) {
       HARDENED_RETURN_IF_ERROR(
           flash_ctrl_data_erase(bank_offset + addr, kFlashCtrlEraseTypePage));
     }
-    state->flash_offset = state->flash_start;
+    // Regardless of whether we're allowed to flash the ROM_EXT, set the flash
+    // offset to zero if the data stream contains a ROM_EXT, otherwise, set to
+    // flash_start. This will allow rescue to silently consume the ROM_EXT if
+    // we're in the ROM_EXT active partition.
+    state->flash_offset = is_rom_ext(state->data) ? 0 : state->flash_start;
   }
-  if (state->flash_offset < state->flash_limit) {
+
+  if (state->flash_offset < state->flash_begin) {
+    // Before allowed beginning; silently consume the data without flashing.
+    state->flash_offset += sizeof(state->data);
+  } else if (state->flash_offset >= state->flash_limit) {
+    // Beyond the allowed limit; return an error.
+    return kErrorRescueImageTooBig;
+  } else {
+    // In the allowed range; flash the data.
     HARDENED_RETURN_IF_ERROR(flash_ctrl_data_write(
         bank_offset + state->flash_offset,
         sizeof(state->data) / sizeof(uint32_t), state->data));
     state->flash_offset += sizeof(state->data);
-  } else {
-    return kErrorRescueImageTooBig;
   }
   return kErrorOk;
 }

sw/device/silicon_creator/lib/rescue/rescue.h

@@ -78,6 +78,11 @@ typedef struct RescueState {
   uint16_t staged_len;
   // Current flash write offset.
   uint32_t flash_offset;
+  // Current flash beginning offset.  This is the partition-relative offset
+  // where we're allowed to start writing to flash.  Normally, this will be
+  // the same as `flash_start`, but if we're allowed to write the ROM_EXT
+  // and we've detected a ROM_EXT, this may be adjusted to zero.
+  uint32_t flash_begin;
   // Range to erase and write for firmware rescue (inclusive).
   uint32_t flash_start;
   uint32_t flash_limit;

sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD

@@ -21,10 +21,25 @@ _POSITIONS = {
     "slot_a": {
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "slot": "SlotA",
+        "rom_ext_offset": "0",
     },
     "slot_b": {
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_b",
         "slot": "SlotB",
+        "rom_ext_offset": "0x80000",
+    },
+}
+
+_RESCUE_ROMEXT_RESULTS = {
+    True: {
+        # When the ROM_EXT location and rescue upload slot are the same.
+        "success": DEFAULT_TEST_SUCCESS_MSG,
+        "failure": DEFAULT_TEST_FAILURE_MSG,
+    },
+    False: {
+        # When the ROM_EXT location and rescue upload slot are opposite.
+        "success": "{slot} rom_ext_id = OTRE\r\n.*{slot} rom_ext_version = 99.999\r\n",
+        "failure": "(PASS|FAIL|BFV).*\r\n",
     },
 }
 
@@ -57,14 +72,19 @@ _CONFIGS = {
         srcs = [
             "//sw/device/silicon_creator/rom_ext/e2e/verified_boot:boot_test",
         ],
+        defines = [
+            "WITH_MANIFEST=1",
+        ],
         exec_env = [
             "//hw/top_earlgrey:fpga_cw310_rom_ext",
         ],
         linker_script = position["linker_script"],
         deps = [
+            "//hw/top_earlgrey/sw/autogen:top_earlgrey",
             "//sw/device/lib/base:status",
             "//sw/device/lib/testing/test_framework:ottf_main",
             "//sw/device/silicon_creator/lib:boot_log",
+            "//sw/device/silicon_creator/lib:manifest",
             "//sw/device/silicon_creator/lib/drivers:retention_sram",
         ],
     )
@@ -108,6 +128,65 @@ _CONFIGS = {
     for protocol, config in _CONFIGS.items()
 ]
 
+# This bad ROM_EXT image is an empty image that identifies as a ROM_EXT with
+# version number 99.999.  Apart from the identifier word and version, it
+# is all zeros.  The identifier word allows rescue to identify the first block
+# of the rescue payload as a potential ROM_EXT and possibly store it in
+# flash of the inactive partition.
+genrule(
+    name = "bad_rom_ext",
+    srcs = ["bad_rom_ext.txt"],
+    outs = ["bad_rom_ext.bin"],
+    cmd = "xxd -r $< > $@",
+)
+
+# Test rescue driven ROM_EXT updates:
+# 1. Place a ROM_EXT in slot_a or slot_b.
+# 2. Use rescue to send a rom_ext+owner_firmware payload.
+# 3. If rescueing into the slot where the ROM_EXT is active, the rom_ext
+#    portion of the payload should be silently consumed and not updated.
+#    If rescueing into the opposite slot, the rom_ext portion of the
+#    payload will be programmed into the inactive rom_ext slot.
+# 4. Upon booting, the test binary will print the identifier and version
+#    fields of both ROM_EXT slots.
+[
+    opentitan_test(
+        name = "rescue_rom_ext_{}_update_{}".format(rxslot, name),
+        exec_env = {
+            "//hw/top_earlgrey:fpga_cw310_rom_ext": None,
+        },
+        fpga = fpga_params(
+            assemble = "{rom_ext}@{rom_ext_offset}",
+            binaries = {
+                ":boot_test_{}".format(name): "payload",
+                ":bad_rom_ext": "bad_rom_ext",
+            },
+            exit_failure = _RESCUE_ROMEXT_RESULTS[name == rxslot]["failure"],
+            exit_success = _RESCUE_ROMEXT_RESULTS[name == rxslot]["success"].format(slot = name),
+            image_name = "/tmp/rescue_rom_ext_{}.img".format(name),
+            rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_dice_x509_slot_virtual",
+            rom_ext_offset = _POSITIONS[rxslot]["rom_ext_offset"],
+            slot = position["slot"],
+            test_cmd = """
+                --exec="transport init"
+                --exec="fpga load-bitstream {bitstream}"
+                --exec="bootstrap --clear-uart=true {firmware}"
+                # First make sure the ROM_EXT is faulting because there is no firmware
+                --exec="console --non-interactive --exit-success='BFV:' --exit-failure='PASS|FAIL'"
+                # Construct a firmware image with the bad ROM_EXT
+                --exec="image assemble --size=131072 --mirror=false --output={image_name} {bad_rom_ext}@0 {payload}@0x10000"
+                # Load firmware via rescue, including the bad ROM_EXT
+                --exec="rescue firmware --raw --slot={slot} {image_name}"
+                # Check for firmware execution
+                --exec="console --non-interactive --exit-success='{exit_success}' --exit-failure='{exit_failure}'"
+                no-op
+            """,
+        ),
+    )
+    for name, position in _POSITIONS.items()
+    for rxslot in _POSITIONS.keys()
+]
+
 [
     opentitan_test(
         name = "next_slot_{}".format(protocol),

sw/device/silicon_creator/rom_ext/e2e/rescue/bad_rom_ext.txt

@@ -0,0 +1,7 @@
+00000000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
+*
+00000330: 0000 0000 4f54 5245 0000 0000 0000 0000  ....OTRE........
+00000340: 0000 0000 6300 0000 e703 0000 0000 0000  ................
+00000350: 0000 0000 0000 0000 0000 0000 0000 0000  ................
+*
+0000fff0: 0000 0000 0000 0000 0000 0000 0000 0000  ................

sw/device/silicon_creator/rom_ext/e2e/verified_boot/boot_test.c

@@ -93,6 +93,29 @@ status_t keymgr_print(void) {
 status_t keymgr_print(void) { return OK_STATUS(); }
 #endif
 
+#ifdef WITH_MANIFEST
+#include "sw/device/silicon_creator/lib/manifest.h"
+
+#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
+
+status_t manifest_print(void) {
+  const manifest_t *a =
+      (const manifest_t *)TOP_EARLGREY_FLASH_CTRL_MEM_BASE_ADDR;
+  const manifest_t *b =
+      (const manifest_t *)(TOP_EARLGREY_FLASH_CTRL_MEM_BASE_ADDR +
+                           (TOP_EARLGREY_FLASH_CTRL_MEM_SIZE_BYTES / 2));
+  LOG_INFO("slot_a rom_ext_id = %C", a->identifier);
+  LOG_INFO("slot_a rom_ext_version = %u.%u", a->version_major,
+           a->version_minor);
+  LOG_INFO("slot_b rom_ext_id = %C", b->identifier);
+  LOG_INFO("slot_b rom_ext_version = %u.%u", b->version_major,
+           b->version_minor);
+  return OK_STATUS();
+}
+#else
+status_t manifest_print(void) { return OK_STATUS(); }
+#endif
+
 OTTF_DEFINE_TEST_CONFIG();
 
 status_t boot_log_print(boot_log_t *boot_log) {
@@ -114,6 +137,7 @@ status_t boot_log_print(boot_log_t *boot_log) {
   LOG_INFO("boot_log rom_ext_min_sec_ver = %u", boot_log->rom_ext_min_sec_ver);
   LOG_INFO("boot_log bl0_min_sec_ver = %u", boot_log->bl0_min_sec_ver);
   LOG_INFO("boot_log primary_bl0_slot = %C", boot_log->primary_bl0_slot);
+  TRY(manifest_print());
   TRY(ownership_print());
   TRY(keymgr_print());
   return OK_STATUS();