Skip to content

Commit

Permalink
[provisioning] Log data from provisionging as json
Browse files Browse the repository at this point in the history
1. Collect personalization data and timing statistics during
   personalization and log it as json when provisioning is
   done.

Signed-off-by: Chris Frantz <[email protected]>
  • Loading branch information
cfrantz committed Nov 25, 2024
1 parent 040c235 commit 464f8f2
Show file tree
Hide file tree
Showing 8 changed files with 163 additions and 24 deletions.
2 changes: 1 addition & 1 deletion sw/host/opentitanlib/src/dif/lc_ctrl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use serde::{Deserialize, Serialize};
use crate::with_unknown;

with_unknown! {
pub enum DifLcCtrlState: u32 {
pub enum DifLcCtrlState: u32 [default = Self::StateInvalid] {
Raw = bindgen::dif::dif_lc_ctrl_state_kDifLcCtrlStateRaw ,
TestUnlocked0 = bindgen::dif::dif_lc_ctrl_state_kDifLcCtrlStateTestUnlocked0 ,
TestLocked0 = bindgen::dif::dif_lc_ctrl_state_kDifLcCtrlStateTestLocked0 ,
Expand Down
3 changes: 2 additions & 1 deletion sw/host/ot_certs/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@ pub mod template;
pub mod x509;

use clap::ValueEnum;
use serde::{Deserialize, Serialize};

/// Supported OpenTitan certificate formats.
#[derive(Clone, Debug, ValueEnum)]
#[derive(Clone, Debug, ValueEnum, Serialize, Deserialize)]
pub enum CertFormat {
X509,
Cwt,
Expand Down
4 changes: 2 additions & 2 deletions sw/host/provisioning/cert_lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use num_bigint_dig::BigUint;
use openssl::ecdsa::EcdsaSig;
use p256::ecdsa::SigningKey;
use p256::NistP256;
use serde::Deserialize;
use serde::{Deserialize, Serialize};

use opentitanlib::crypto::sha256::sha256;
use opentitanlib::util::tmpfilename;
Expand Down Expand Up @@ -224,7 +224,7 @@ fn write_cert_to_temp_pem_file(der_cert_bytes: &[u8], base_filename: &str) -> Re
/// This is used to pass a collection of endorsed certificates, along with metadata,
/// to various functions that check the certificates validate properly with third-party
/// tools.
#[derive(Clone, Debug)]
#[derive(Clone, Debug, Serialize)]
pub struct EndorsedCert {
pub format: CertFormat,
pub name: String,
Expand Down
1 change: 1 addition & 0 deletions sw/host/provisioning/ft/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ package(default_visibility = ["//visibility:public"])
"@crate_index//:humantime",
"@crate_index//:log",
"@crate_index//:p256",
"@crate_index//:serde_json",
"@lowrisc_serde_annotate//serde_annotate",
],
)
Expand Down
29 changes: 23 additions & 6 deletions sw/host/provisioning/ft/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

use std::collections::HashMap;
use std::path::PathBuf;
use std::time::Duration;
use std::time::{Duration, Instant};

use anyhow::{bail, Context, Result};
use clap::{Args, Parser};
Expand All @@ -13,6 +13,7 @@ use elliptic_curve::SecretKey;
use p256::NistP256;

use cert_lib::{CaConfig, CaKey, CaKeyType};
use ft_lib::response::PersonalizeResponse;
use ft_lib::{
check_rom_ext_boot_up, run_ft_personalize, run_sram_ft_individualize, test_exit, test_unlock,
};
Expand Down Expand Up @@ -103,6 +104,8 @@ fn main() -> Result<()> {
let opts = Opts::parse();
opts.init.init_logging();

let mut response = PersonalizeResponse::default();

// We call the below functions, instead of calling `opts.init.init_target()` since we do not
// want to perform bootstrap yet.
let transport = backend::create(&opts.init.backend_opts)?;
Expand Down Expand Up @@ -171,24 +174,27 @@ fn main() -> Result<()> {
};

// Only run test unlock operation if we are in a locked LC state.
match read_lc_state(
response.lc_state.initial = read_lc_state(
&transport,
&opts.init.jtag_params,
opts.init.bootstrap.options.reset_delay,
)? {
)?;
match response.lc_state.initial {
DifLcCtrlState::TestLocked0
| DifLcCtrlState::TestLocked1
| DifLcCtrlState::TestLocked2
| DifLcCtrlState::TestLocked3
| DifLcCtrlState::TestLocked4
| DifLcCtrlState::TestLocked5
| DifLcCtrlState::TestLocked6 => {
let t0 = Instant::now();
test_unlock(
&transport,
&opts.init.jtag_params,
opts.init.bootstrap.options.reset_delay,
&_test_unlock_token,
)?;
response.stats.log_elapsed_time("test-unlock", t0);
}
_ => {
log::info!("Skipping test unlock operation. Device is already unlocked.");
Expand All @@ -197,11 +203,12 @@ fn main() -> Result<()> {

// Only run the SRAM individualize program in a test unlocked state. If we have transitioned to
// a mission state already, then we can skip this step.
match read_lc_state(
response.lc_state.unlocked = read_lc_state(
&transport,
&opts.init.jtag_params,
opts.init.bootstrap.options.reset_delay,
)? {
)?;
match response.lc_state.unlocked {
DifLcCtrlState::TestUnlocked0 => {
bail!("FT stage cannot be run from test unlocked 0. Run CP stage first.");
}
Expand All @@ -212,6 +219,8 @@ fn main() -> Result<()> {
| DifLcCtrlState::TestUnlocked5
| DifLcCtrlState::TestUnlocked6
| DifLcCtrlState::TestUnlocked7 => {
response.lc_state.individualize = Some(response.lc_state.unlocked);
let t0 = Instant::now();
run_sram_ft_individualize(
&transport,
&opts.init.jtag_params,
Expand All @@ -221,13 +230,18 @@ fn main() -> Result<()> {
opts.timeout,
&spi_console_device,
)?;
response.stats.log_elapsed_time("ft-individualize", t0);
let t0 = Instant::now();
test_exit(
&transport,
&opts.init.jtag_params,
opts.init.bootstrap.options.reset_delay,
&_test_exit_token,
opts.provisioning_data.target_mission_mode_lc_state,
)?;
response.lc_state.mission_mode =
Some(opts.provisioning_data.target_mission_mode_lc_state);
response.stats.log_elapsed_time("test-exit", t0);
}
_ => {
log::info!("Skipping individualize operation. Device is already in a mission mode.");
Expand All @@ -248,10 +262,13 @@ fn main() -> Result<()> {
opts.second_bootstrap,
&spi_console_device,
opts.timeout,
&mut response,
)?;

check_rom_ext_boot_up(&transport, &opts.init, opts.timeout)?;
check_rom_ext_boot_up(&transport, &opts.init, opts.timeout, &mut response)?;
log::info!("Provisioning Done");
let doc = serde_json::to_string(&response)?;
println!("PROVISIONING_DATA: {doc}");

Ok(())
}
6 changes: 5 additions & 1 deletion sw/host/provisioning/ft_lib/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@ package(default_visibility = ["//visibility:public"])
[
rust_library(
name = "ft_lib_{}".format(sku),
srcs = ["src/lib.rs"],
srcs = [
"src/lib.rs",
"src/response.rs",
],
crate_name = "ft_lib",
deps = [
"//sw/host/opentitanlib",
Expand All @@ -24,6 +27,7 @@ package(default_visibility = ["//visibility:public"])
"@crate_index//:arrayvec",
"@crate_index//:clap",
"@crate_index//:hex",
"@crate_index//:indexmap",
"@crate_index//:log",
"@crate_index//:serde",
"@crate_index//:serde_json",
Expand Down
Loading

0 comments on commit 464f8f2

Please sign in to comment.