[imm_rom_ext] Add a new ROM_EXT target linking nop IM_EXT

* Add a nop.o IM_EXT file, which is built by
  `./riscv32-unknown-elf-as -march=rv32i nop.S -o nop.o`
  The IM_EXT only contains a section called `.rom_ext_immutable`, and
  a single "ret" command.
* Add a new ROM_EXT target to link the nop IM_EXT
* Add a new test case in `rom_ext/e2e/verified_boot`, which enable the
  immutable ROM extension and use the new target to execute the test.
* Add `*.o` as the file extensions allowed to have non-ASCII chars.

Signed-off-by: Chia-Wei Liu <[email protected]>

ci/scripts/check-ascii.sh

@@ -20,6 +20,7 @@ allowed_suffixes=(
     vsdx
     elf
     woff2
+    o
 
     md
     html

sw/device/silicon_creator/imm_rom_ext/prebuilts/BUILD

@@ -0,0 +1,11 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+package(default_visibility = ["//visibility:public"])
+
+cc_import(
+    name = "nop_imm_rom_ext",
+    objects = ["nop.o"],
+    alwayslink = 1,
+)

sw/device/silicon_creator/imm_rom_ext/prebuilts/README.md

@@ -0,0 +1,11 @@
+# IMM_ROM_EXT Prebuilts
+
+This markdown explains all of the prebuilt collections in this folder and the
+usage of them.
+
+## NOP IMM_ROM_EXT
+
+* The `nop.o` is built by the following command:
+  `riscv32-unknown-elf-as -march=rv32i nop.S -o nop.o`
+* This `IMM_ROM_EXT` only contains a section called `.rom_ext_immutable` and a
+  single `ret` command, and it is only used for testing.

sw/device/silicon_creator/imm_rom_ext/prebuilts/nop.S

@@ -0,0 +1,8 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+.section .rom_ext_immutable, "ax"
+.globl _imm_rom_ext_start
+_imm_rom_ext_start:
+    ret

sw/device/silicon_creator/rom_ext/BUILD

@@ -327,6 +327,30 @@ opentitan_binary(
     ],
 )
 
+opentitan_binary(
+    name = "rom_ext_with_nop_imm_slot_virtual",
+    testonly = True,
+    # TODO(#22780): Integrate real keys for A1 flows.
+    ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"},
+    exec_env = [
+        "//hw/top_earlgrey:fpga_cw310",
+        "//hw/top_earlgrey:fpga_cw340",
+        "//hw/top_earlgrey:sim_dv_base",
+        "//hw/top_earlgrey:sim_verilator_base",
+        "//hw/top_earlgrey:silicon_creator",
+    ],
+    linker_script = ":ld_slot_virtual",
+    manifest = ":manifest",
+    deps = [
+        ":rom_ext",
+        "//sw/device/lib/crt",
+        "//sw/device/silicon_creator/imm_rom_ext/prebuilts:nop_imm_rom_ext",
+        "//sw/device/silicon_creator/lib:manifest_def",
+        "//sw/device/silicon_creator/lib/ownership:test_owner",
+        "//sw/device/silicon_creator/lib/ownership/keys/fake",
+    ],
+)
+
 manifest(d = {
     "name": "manifest_bad_address_translation",
     "address_translation": "0",

sw/device/silicon_creator/rom_ext/e2e/BUILD

@@ -27,7 +27,6 @@ otp_json(
             lock = True,
         ),
     ],
-    visibility = ["//visibility:private"],
 )
 
 otp_image(

sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD

@@ -12,6 +12,14 @@ load(
 )
 load("//rules:const.bzl", "CONST", "hex")
 load("//rules:manifest.bzl", "manifest")
+load(
+    "//rules:otp.bzl",
+    "STD_OTP_OVERLAYS",
+    "otp_hex",
+    "otp_image",
+    "otp_json_immutable_rom_ext",
+    "otp_partition",
+)
 
 package(default_visibility = ["//visibility:public"])
 
@@ -20,62 +28,104 @@ filegroup(
     srcs = ["boot_test.c"],
 )
 
+otp_json_immutable_rom_ext(
+    name = "otp_json_with_nop_imm_romext_enabled",
+    testonly = True,
+    partitions = [
+        otp_partition(
+            name = "CREATOR_SW_CFG",
+            items = {
+                "CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN": otp_hex(CONST.HARDENED_TRUE),
+            },
+        ),
+    ],
+    rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_with_nop_imm_slot_virtual",
+    visibility = ["//visibility:private"],
+)
+
+otp_image(
+    name = "otp_img_with_nop_imm_romext_enabled",
+    testonly = True,
+    src = "//hw/ip/otp_ctrl/data:otp_json_prod",
+    overlays = STD_OTP_OVERLAYS + [
+        "//sw/device/silicon_creator/rom_ext/e2e:otp_json_secret2_locked",
+        ":otp_json_with_nop_imm_romext_enabled",
+    ],
+    visibility = ["//visibility:private"],
+)
+
 _POSITIONS = {
     "owner_slot_a": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "owner_offset": "0x10000",
         "success": "bl0_slot = AA__\r\n",
+        "otp_img": None,
     },
     "owner_slot_b": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_b",
         "owner_offset": "0x90000",
         "success": "bl0_slot = __BB\r\n",
+        "otp_img": None,
     },
     "owner_virtual_a": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_virtual",
         "owner_offset": "0x10000",
         "success": "bl0_slot = AA__\r\n",
+        "otp_img": None,
     },
     "owner_virtual_b": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_virtual",
         "owner_offset": "0x90000",
         "success": "bl0_slot = __BB\r\n",
+        "otp_img": None,
     },
     "romext_slot_a": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "owner_offset": "0x10000",
         "success": "rom_ext_slot = AA__\r\n",
+        "otp_img": None,
     },
     "romext_slot_b": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_b",
         "romext_offset": "0x80000",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "owner_offset": "0x10000",
         "success": "rom_ext_slot = __BB\r\n",
+        "otp_img": None,
     },
     "romext_virtual_a": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_virtual",
         "romext_offset": "0",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "owner_offset": "0x10000",
         "success": "rom_ext_slot = AA__\r\n",
+        "otp_img": None,
     },
     "romext_virtual_b": {
         "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_slot_virtual",
         "romext_offset": "0x80000",
         "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
         "owner_offset": "0x10000",
         "success": "rom_ext_slot = __BB\r\n",
+        "otp_img": None,
+    },
+    "romext_virtual_a_with_nop_imm_romext_enabled": {
+        "romext": "//sw/device/silicon_creator/rom_ext:rom_ext_with_nop_imm_slot_virtual",
+        "romext_offset": "0",
+        "linker_script": "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
+        "owner_offset": "0x10000",
+        "success": "rom_ext_slot = AA__\r\n",
+        "otp_img": ":otp_img_with_nop_imm_romext_enabled",
     },
 }
 
@@ -92,6 +142,7 @@ _POSITIONS = {
                 position["romext"]: "romext",
             },
             exit_success = position["success"],
+            otp = position["otp_img"],
             owner_offset = position["owner_offset"],
             romext_offset = position["romext_offset"],
         ),