[FiSim] ROM_EXT Rollback Flash Testing

This adds a test where a higher manifest version BL0 is flashed, afterwards, a low manifest version BL0 is flashed where GDB instruction skips are used to test rollback security.

Signed-off-by: Siemen Dhooghe <[email protected]>

Author: Siemen Dhooghe

sw/device/tests/penetrationtests/BUILD

@@ -2,7 +2,7 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-load(":pentest.bzl", "pentest_cryptolib_fi_asym", "pentest_cryptolib_fi_gdb_asym", "pentest_cryptolib_fi_gdb_sym", "pentest_cryptolib_fi_sym", "pentest_cryptolib_sca_asym", "pentest_cryptolib_sca_sym", "pentest_fi", "pentest_fi_ibex", "pentest_fi_otbn", "pentest_gdb_unit", "pentest_rom_ext_fi_gdb", "pentest_rom_ext_rollback_fi_gdb", "pentest_rom_fi_gdb", "pentest_rom_rollback_fi_gdb", "pentest_sca")
+load(":pentest.bzl", "pentest_bl0_sec_ver_incr", "pentest_cryptolib_fi_asym", "pentest_cryptolib_fi_gdb_asym", "pentest_cryptolib_fi_gdb_sym", "pentest_cryptolib_fi_sym", "pentest_cryptolib_sca_asym", "pentest_cryptolib_sca_sym", "pentest_fi", "pentest_fi_ibex", "pentest_fi_otbn", "pentest_gdb_unit", "pentest_rom_ext_fi_gdb", "pentest_rom_ext_rollback_flash_fi_gdb", "pentest_rom_ext_rollback_otp_fi_gdb", "pentest_rom_fi_gdb", "pentest_rom_rollback_fi_gdb", "pentest_sca")
 load("@ot_python_deps//:requirements.bzl", "requirement")
 
 package(default_visibility = ["//visibility:public"])
@@ -507,14 +507,33 @@ pentest_rom_ext_fi_gdb(
     test_vectors = [],
 )
 
-pentest_rom_ext_rollback_fi_gdb(
-    name = "fi_rom_ext_rollback_python_gdb_test",
+pentest_rom_ext_rollback_flash_fi_gdb(
+    name = "fi_rom_ext_rollback_flash_python_gdb_test",
     tags = [
         "manual",
         "skip_in_ci",
     ],
     test_args = "",
-    test_harness = "//sw/host/penetrationtests/python/fi:fi_rom_ext_rollback_python_gdb_test",
+    test_harness = "//sw/host/penetrationtests/python/fi:fi_rom_ext_rollback_flash_python_gdb_test",
+    test_vectors = [],
+)
+
+pentest_bl0_sec_ver_incr(
+    name = "bl0_sec_ver_incr",
+    tags = [
+        "manual",
+        "skip_in_ci",
+    ],
+)
+
+pentest_rom_ext_rollback_otp_fi_gdb(
+    name = "fi_rom_ext_rollback_otp_python_gdb_test",
+    tags = [
+        "manual",
+        "skip_in_ci",
+    ],
+    test_args = "",
+    test_harness = "//sw/host/penetrationtests/python/fi:fi_rom_ext_rollback_otp_python_gdb_test",
     test_vectors = [],
 )
 

sw/device/tests/penetrationtests/firmware/testdata/BUILD

@@ -71,12 +71,19 @@ offline_signature_attach(
 
 # For when building specialized manifests for security testing.
 manifest(d = {
-    "name": "rom_ext_rollback_manifest",
+    "name": "rom_ext_rollback_manifest_low",
     "identifier": hex(CONST.OWNER),
     "security_version": "0",
     "visibility": ["//visibility:public"],
 })
 
+manifest(d = {
+    "name": "rom_ext_rollback_manifest_high",
+    "identifier": hex(CONST.OWNER),
+    "security_version": "2",
+    "visibility": ["//visibility:public"],
+})
+
 otp_json(
     name = "otp_json_rom_ext_fi",
     partitions = [
@@ -192,3 +199,7 @@ otp_image(
         ":otp_json_rom_ext_rollback_fi",
     ],
 )
+
+exports_files([
+    "bl0_sec_ver_incr.c",
+])

sw/device/tests/penetrationtests/firmware/testdata/bl0_sec_ver_incr.c

@@ -0,0 +1,27 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#include <stdbool.h>
+
+#include "sw/device/lib/runtime/log.h"
+#include "sw/device/lib/testing/test_framework/ottf_main.h"
+#include "sw/device/silicon_creator/lib/boot_data.h"
+#include "sw/device/silicon_creator/lib/drivers/lifecycle.h"
+#include "sw/device/silicon_creator/lib/drivers/otp.h"
+#include "sw/device/silicon_creator/lib/drivers/rstmgr.h"
+#include "sw/device/silicon_creator/lib/manifest_def.h"
+
+#include "hw/top/otp_ctrl_regs.h"
+
+OTTF_DEFINE_TEST_CONFIG();
+
+bool test_main(void) {
+  boot_data_t boot_data;
+  RETURN_IF_ERROR(boot_data_read(lifecycle_state_get(), &boot_data));
+  ++boot_data.min_security_version_bl0;
+  RETURN_IF_ERROR(boot_data_write(&boot_data));
+  LOG_INFO("Boot data written, bl0 version %u\n",
+           boot_data.min_security_version_bl0);
+  return true;
+}

sw/device/tests/penetrationtests/pentest.bzl

@@ -856,7 +856,7 @@ def pentest_rom_ext_fi_gdb(name, test_vectors, test_args, test_harness, tags):
         ),
     )
 
-def pentest_rom_ext_rollback_fi_gdb(name, test_vectors, test_args, test_harness, tags):
+def pentest_rom_ext_rollback_flash_fi_gdb(name, test_vectors, test_args, test_harness, tags):
     """A macro for defining a CryptoTest test case.
 
     Args:
@@ -874,7 +874,40 @@ def pentest_rom_ext_rollback_fi_gdb(name, test_vectors, test_args, test_harness,
         # Provide a correctly signed binary
         srcs = ["//sw/device/tests/penetrationtests/firmware:firmware_cryptolib_fi_asym.c"],
         # Provide a manifest with a low security version
-        manifest = "//sw/device/tests/penetrationtests/firmware/testdata:rom_ext_rollback_manifest",
+        manifest = "//sw/device/tests/penetrationtests/firmware/testdata:rom_ext_rollback_manifest_low",
+        fpga = fpga_params(
+            timeout = "eternal",
+            # We set an OTP with the RMA lifecycle, ensure ROM_EXT can still boot, standard security versions
+            otp = "//sw/device/tests/penetrationtests/firmware/testdata:otp_img_rom_ext_fi",
+            data = test_vectors,
+            tags = tags,
+            test_cmd = """
+                --bootstrap={firmware} --rom_ext={rom_ext} --rom={rom}
+            """ + test_args,
+            test_harness = test_harness,
+        ),
+        deps = FIRMWARE_DEPS_CRYPTOLIB_FI_ASYM,
+    )
+
+def pentest_rom_ext_rollback_otp_fi_gdb(name, test_vectors, test_args, test_harness, tags):
+    """A macro for defining a CryptoTest test case.
+
+    Args:
+        name: the name of the test.
+        test_vectors: the test vectors to use.
+        test_args: additional arguments to pass to the test.
+        test_harness: the test harness to use.
+        tags: indicate the tags for CI.
+    """
+    opentitan_test(
+        name = name,
+        exec_env = {
+            "//hw/top_earlgrey:fpga_cw340_rom_ext": None,
+        },
+        # Provide a correctly signed binary
+        srcs = ["//sw/device/tests/penetrationtests/firmware:firmware_cryptolib_fi_asym.c"],
+        # Provide a manifest with a low security version
+        manifest = "//sw/device/tests/penetrationtests/firmware/testdata:rom_ext_rollback_manifest_low",
         fpga = fpga_params(
             timeout = "eternal",
             # We set an OTP with the RMA lifecycle, ensure ROM_EXT can still boot, set a high security version
@@ -888,3 +921,35 @@ def pentest_rom_ext_rollback_fi_gdb(name, test_vectors, test_args, test_harness,
         ),
         deps = FIRMWARE_DEPS_CRYPTOLIB_FI_ASYM,
     )
+
+def pentest_bl0_sec_ver_incr(name, tags):
+    opentitan_test(
+        name = name,
+        srcs = ["//sw/device/tests/penetrationtests/firmware/testdata:bl0_sec_ver_incr.c"],
+        exec_env = {
+            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
+        },
+        fpga = fpga_params(
+            timeout = "eternal",
+            otp = "//sw/device/tests/penetrationtests/firmware/testdata:otp_img_rom_ext_fi",
+            tags = tags,
+            exit_success = "PASS!",
+            test_cmd = """
+                --exec="transport init"
+                --exec="fpga load-bitstream {bitstream}"
+                --exec="bootstrap {firmware}"
+                --exec="console --non-interactive --exit-success='{exit_success}'"
+                --exec="fpga clear-bitstream\"
+                no-op
+            """,
+        ),
+        deps = [
+            "//hw/top:otp_ctrl_c_regs",
+            "//hw/top/dt",
+            "//sw/device/lib/testing/test_framework:ottf_main",
+            "//sw/device/silicon_creator/lib:boot_data",
+            "//sw/device/silicon_creator/lib/drivers:lifecycle",
+            "//sw/device/silicon_creator/lib/drivers:otp",
+            "//sw/device/silicon_creator/lib/drivers:rstmgr",
+        ],
+    )

sw/host/penetrationtests/python/fi/BUILD

@@ -208,9 +208,29 @@ py_binary(
 )
 
 py_binary(
-    name = "fi_rom_ext_rollback_python_gdb_test",
+    name = "fi_rom_ext_rollback_flash_python_gdb_test",
     testonly = True,
-    srcs = ["gdb_testing/fi_rom_ext_rollback_python_gdb_test.py"],
+    srcs = ["gdb_testing/fi_rom_ext_rollback_flash_python_gdb_test.py"],
+    data = [
+        "//sw/device/tests/penetrationtests:bl0_sec_ver_incr_fpga_cw340_rom_with_fake_keys",
+        "//sw/host/opentitantool",
+        "//third_party/openocd:jtag_cmsis_dap_adapter_cfg",
+        "//third_party/openocd:openocd_bin",
+        "//util/openocd/target:lowrisc-earlgrey.cfg",
+        "@lowrisc_rv32imcb_toolchain//:bin/riscv32-unknown-elf-gdb",
+    ],
+    deps = [
+        "//sw/host/penetrationtests/python/util:dis_parser",
+        "//sw/host/penetrationtests/python/util:gdb_controller",
+        "//sw/host/penetrationtests/python/util:targets",
+        "@rules_python//python/runfiles",
+    ],
+)
+
+py_binary(
+    name = "fi_rom_ext_rollback_otp_python_gdb_test",
+    testonly = True,
+    srcs = ["gdb_testing/fi_rom_ext_rollback_otp_python_gdb_test.py"],
     data = [
         "//sw/host/opentitantool",
         "//third_party/openocd:jtag_cmsis_dap_adapter_cfg",