diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD index 967a6ebb02ed6b..9b85f6980184a8 100644 --- a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD +++ b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/BUILD @@ -15,7 +15,6 @@ load( ) load( "//rules:otp.bzl", - "OTP_SIGVERIFY_FAKE_KEYS", "otp_alert_classification", "otp_alert_digest", "otp_hex", @@ -29,6 +28,10 @@ load( package(default_visibility = ["//visibility:public"]) +OTP_SIGVERIFY_REAL_KEYS = [ + "//hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys:ecdsa_root_keys", +] + otp_json( name = "otp_json_creator_sw_cfg", partitions = [ @@ -44,7 +47,7 @@ otp_json( # `kSigverifySpxDisabledOtp` in # sw/device/silicon_creator/lib/sigverify/spx_verify.h for # details on how to disable this feature. - "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x0), + "CREATOR_SW_CFG_SIGVERIFY_SPX_EN": otp_hex(0x8d6c8c17), # Enable flash data page scrambling and ECC. "CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG": "0000090606", "CREATOR_SW_CFG_FLASH_INFO_BOOT_DATA_CFG": otp_hex(0x0), @@ -208,13 +211,11 @@ otp_alert_digest( otp_image_consts( name = "otp_consts_c_file", src = "//hw/ip/otp_ctrl/data:otp_json_baseline", - # TODO: Replace `OTP_SIGVERIFY_FAKE_KEYS` for real keys once they are - # available. overlays = [ ":alert_digest_cfg", ":otp_json_creator_sw_cfg", ":otp_json_owner_sw_cfg", - ] + OTP_SIGVERIFY_FAKE_KEYS, + ] + OTP_SIGVERIFY_REAL_KEYS, ) # Library containing {CREATOR,OWNER}_SW_CFG and diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/BUILD b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/BUILD new file mode 100644 index 00000000000000..778e21880f1af0 --- /dev/null +++ b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/BUILD @@ -0,0 +1,115 @@ +# Copyright lowRISC contributors (OpenTitan project). +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +load("//rules/opentitan:keyutils.bzl", "key_ecdsa") +load("//rules:signing.bzl", "keyset") +load("//rules:const.bzl", "CONST") +load( + "//rules:otp.bzl", + "otp_hex", + "otp_json_rot_keys", + "otp_partition", +) + +package(default_visibility = ["//visibility:public"]) + +key_ecdsa( + name = "ecdsa_prod_0", + config = "EcdsaP256", + method = "hsmtool", + pub_key = "sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der", + type = "ProdKey", +) + +key_ecdsa( + name = "ecdsa_prod_1", + config = "EcdsaP256", + method = "hsmtool", + pub_key = "sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der", + type = "ProdKey", +) + +key_ecdsa( + name = "ecdsa_prod_2", + config = "EcdsaP256", + method = "hsmtool", + pub_key = "sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der", + type = "ProdKey", +) + +key_ecdsa( + name = "ecdsa_test_0", + config = "EcdsaP256", + method = "hsmtool", + pub_key = "sv00-earlgrey-a1-root-ecdsa-test-0.pub.der", + type = "TestKey", +) + +key_ecdsa( + name = "ca_dice_0", + config = "EcdsaP256", + method = "hsmtool", + pub_key = "sv00-earlgrey-a1-ca-dice-0.pub.der", + type = "TestKey", +) + +# TODO(#22155, #18313): Decide on keyset vs. keyinfo for supplying signing info to the +# offline/token signing flows. Currently, only keyset supports tokens. +keyset( + name = "keyset", + build_setting_default = "", + keys = { + "sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der": "sv00-earlgrey-a1-root-ecdsa-prod-0", + "sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der": "sv00-earlgrey-a1-root-ecdsa-prod-1", + "sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der": "sv00-earlgrey-a1-root-ecdsa-prod-2", + "sv00-earlgrey-a1-root-ecdsa-test-0.pub.der": "sv00-earlgrey-a1-root-ecdsa-test-0", + }, + profile = "earlgrey_a1_sival_root", + tool = "//signing:token", +) + +keyset( + name = "endorsement", + build_setting_default = "", + keys = { + "sv00-earlgrey-a1-ca-dice-0.pub.der": "sv00-earlgrey-a1-ca-dice-0", + }, + profile = "earlgrey_a1_sival_root", + tool = "//signing:token", +) + +otp_json_rot_keys( + name = "ecdsa_root_keys", + partitions = [ + otp_partition( + name = "ROT_CREATOR_AUTH_CODESIGN", + items = { + # sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY_TYPE0": otp_hex(CONST.SIGVERIFY.KEY_TYPE.PROD), + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY0": "0x112eb53614cd78573bfb44005f1f81f71ad8bc614f9b1f0848650d82b6cbbebac48c696274cbb86ede569ca56444702e91e7b09d661f560151ea3f688aa047bb", + + # sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY_TYPE1": otp_hex(CONST.SIGVERIFY.KEY_TYPE.PROD), + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY1": "0x8f522f2bcf8ca3f443d70b86f2479b3cc73d4c1384363edc38cf545ad6aaf46d2a7f529f489446e9d29e7624af46824f2964ca991cd5c4d84adc632bc436fc3d", + + # sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY_TYPE2": otp_hex(CONST.SIGVERIFY.KEY_TYPE.PROD), + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY2": "0x1295b177eaec69f04c421e8f58bb55f89c8001ba1c3e5f45bec154fb25136e20bde6d117d7ff3af127348cb63574ccc3da8a1db44660350908384089a7948feb", + + # sv00-earlgrey-a1-root-ecdsa-test-0.pub.der + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY_TYPE3": otp_hex(CONST.SIGVERIFY.KEY_TYPE.TEST), + "ROT_CREATOR_AUTH_CODESIGN_ECDSA_KEY3": "0x39dc04654afd697af53f530a3806de08f4d513f4e7bdb33ede83bf38960005ea3b4c161ce2acf000babd10689f8da3a3132eff0b3bbdf26acacaa3d3473d006d", + }, + ), + otp_partition( + name = "ROT_CREATOR_AUTH_STATE", + items = { + "ROT_CREATOR_AUTH_STATE_ECDSA_KEY0": otp_hex(CONST.SIGVERIFY.KEY_STATE.PROVISIONED), + "ROT_CREATOR_AUTH_STATE_ECDSA_KEY1": otp_hex(CONST.SIGVERIFY.KEY_STATE.PROVISIONED), + "ROT_CREATOR_AUTH_STATE_ECDSA_KEY2": otp_hex(CONST.SIGVERIFY.KEY_STATE.PROVISIONED), + "ROT_CREATOR_AUTH_STATE_ECDSA_KEY3": otp_hex(CONST.SIGVERIFY.KEY_STATE.PROVISIONED), + }, + ), + ], +) diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-ca-dice-0.pub.der b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-ca-dice-0.pub.der new file mode 100644 index 00000000000000..ced0d17365fb0b Binary files /dev/null and b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-ca-dice-0.pub.der differ diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der new file mode 100644 index 00000000000000..34f370bb0a4860 Binary files /dev/null and b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-0.pub.der differ diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der new file mode 100644 index 00000000000000..35500438861485 Binary files /dev/null and b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-1.pub.der differ diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der new file mode 100644 index 00000000000000..9d9c3fd94af498 Binary files /dev/null and b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-prod-2.pub.der differ diff --git a/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-test-0.pub.der b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-test-0.pub.der new file mode 100644 index 00000000000000..a3b8f5de1fc7fd Binary files /dev/null and b/hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys/sv00-earlgrey-a1-root-ecdsa-test-0.pub.der differ diff --git a/signing/README.md b/signing/README.md index bf011c7a43ada9..f35aa4b46dc5ad 100644 --- a/signing/README.md +++ b/signing/README.md @@ -2,7 +2,7 @@ ## Configuration of NitroKeys -> The following configuration only works in the `earlgrey_es_sival` branch. +> The following configuration only works in the `earlgrey_1.0.0` branch. NitroKeys are a personal security token used to hold the signing keys for TEST and DEV devices. NitroKeys can be used to sign tests and binaries for @@ -21,8 +21,8 @@ mode to 600. ```json { - "earlgrey_a0": { - "token": "earlgrey_a0_000", + "earlgrey_a1_sival_root": { + "token": "earlgrey_a1_000", "user": "user", "pin": "xxxxxx" } @@ -51,7 +51,7 @@ keyset in question. For `silicon_creator` code, the keyset is ```console bazel build \ --//signing:token=//signing/tokens:nitrokey \ - --//sw/device/silicon_creator/rom/keys/real/rsa:keyset=earlgrey_a0_dev_0 \ + --//sw/device/silicon_creator/rom/keys/real/rsa:keyset=earlgrey_a1_dev_0 \ //label-of-target ``` @@ -68,8 +68,8 @@ mode to 600. ```json { - "earlgrey_z0_sival": { - "token": "ot-earlgrey-z0-sival", + "earlgrey_a1_sival_owner": { + "token": "ot-earlgrey-a1-sival", "user": "user" } } @@ -80,13 +80,13 @@ example: ```json { - "earlgrey_a0": { - "token": "earlgrey_a0_000", + "earlgrey_a1_sival_root": { + "token": "earlgrey_a1", "user": "user", "pin": "XXXXXX" }, - "earlgrey_z0_sival": { - "token": "ot-earlgrey-z0-sival", + "earlgrey_a1_sival": { + "token": "ot-earlgrey-a1-sival", "user": "user" } } diff --git a/signing/tokens/BUILD b/signing/tokens/BUILD index 43f8043959517e..603731365f0762 100644 --- a/signing/tokens/BUILD +++ b/signing/tokens/BUILD @@ -26,7 +26,7 @@ signing_tool( signing_tool( name = "cloud_kms_sival", data = [ - "earlgrey_z1_sival.yaml", + "ot-earlgrey-a1-sival.yaml", "@cloud_kms_hsm//:libkmsp11", ], env = { @@ -34,7 +34,7 @@ signing_tool( # is in order to load the gclould credentials. "HOME": ENV["HOME"], "HSMTOOL_MODULE": "$(location @cloud_kms_hsm//:libkmsp11)", - "KMS_PKCS11_CONFIG": "$(location earlgrey_z1_sival.yaml)", + "KMS_PKCS11_CONFIG": "$(location ot-earlgrey-a1-sival.yaml)", }, location = "token", tool = "//sw/host/hsmtool", diff --git a/signing/tokens/earlgrey_z1_sival.yaml b/signing/tokens/ot-earlgrey-a1-sival.yaml similarity index 82% rename from signing/tokens/earlgrey_z1_sival.yaml rename to signing/tokens/ot-earlgrey-a1-sival.yaml index 745b184de491a9..7368ac71309961 100644 --- a/signing/tokens/earlgrey_z1_sival.yaml +++ b/signing/tokens/ot-earlgrey-a1-sival.yaml @@ -4,6 +4,6 @@ --- tokens: - - key_ring: "projects/otkms-407107/locations/us-west1/keyRings/ot-earlgrey-z0-sival" - label: "ot-earlgrey-z0-sival" + - key_ring: "projects/otkms-407107/locations/us-west1/keyRings/ot-earlgrey-a1-sival" + label: "ot-earlgrey-a1-sival" log_directory: "/tmp" diff --git a/sw/device/silicon_creator/rom_ext/sival/BUILD b/sw/device/silicon_creator/rom_ext/sival/BUILD index b99b034c845e23..b7570c4e9678b6 100644 --- a/sw/device/silicon_creator/rom_ext/sival/BUILD +++ b/sw/device/silicon_creator/rom_ext/sival/BUILD @@ -25,22 +25,26 @@ LINK_ORDER = [ manifest(d = { "name": "manifest_sival", "identifier": hex(CONST.ROM_EXT), - "manuf_state_creator": hex(CONST.MANUF_STATE.SIVAL), "version_major": ROM_EXT_VERSION.MAJOR, "version_minor": ROM_EXT_VERSION.MINOR, "security_version": ROM_EXT_VERSION.SECURITY, "visibility": ["//visibility:private"], }) -# To test that the fake-signed SiVAL ROM_EXT can boot, you need a bitstream -# with the OTP word CREATOR_SW_CCFG_MANUF_STATE set to `SIVAL` (as above -# in the manifest definition). You can manually create such a bitstream with: +# To test that the prod-signed SiVAL ROM_EXT boots on the FPGA, you need a bitstream +# with the sival keys pre-programmed into OTP. +# You can manually create such a bitstream with: # -# bazel build //hw/bitstream/universal:splice --//hw/bitstream/universal:env=//hw/top_earlgrey:fpga_cw310_sival +# bazel build //hw/bitstream/universal:splice \ +# --//hw/bitstream/universal:env=//hw/top_earlgrey:fpga_hyper310_rom_ext \ +# --//hw/bitstream/universal:otp=//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_prod_manuf_personalized [ opentitan_binary( - name = "rom_ext_fake_prod_signed_slot_{}".format(slot), - ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, + name = "rom_ext_fake_slot_{}".format(slot), + ecdsa_key = select({ + "//signing:test_keys": {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"}, + "//conditions:default": {"//hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys:keyset": "sv00-earlgrey-a1-root-ecdsa-test-0"}, + }), exec_env = [ "//hw/top_earlgrey:silicon_creator", "//hw/top_earlgrey:fpga_cw310", @@ -51,8 +55,10 @@ manifest(d = { linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_{}".format(slot), linkopts = LINK_ORDER, manifest = ":manifest_sival", - spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"}, deps = [ + # The sival_owner C library is included only in the "fake" ROM_EXT, + # as it is typically used to test FPGA flows and the FPGA doesn't + # retain ownership information across bitstream reloads. ":sival_owner", "//sw/device/lib/crt", "//sw/device/silicon_creator/lib:manifest_def", @@ -64,7 +70,7 @@ manifest(d = { [ opentitan_binary( - name = "rom_ext_real_prod_signed_slot_{}".format(slot), + name = "rom_ext_prod_slot_{}".format(slot), exec_env = [ "//hw/top_earlgrey:silicon_creator", "//hw/top_earlgrey:fpga_cw310", @@ -73,7 +79,8 @@ manifest(d = { linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_{}".format(slot), linkopts = LINK_ORDER, deps = [ - ":sival_owner", + # The sival_owner C library is excluded from the real ROM_EXT, + # as chips maintain their ownership configuration in flash. "//sw/device/lib/crt", "//sw/device/silicon_creator/lib:manifest_def", "//sw/device/silicon_creator/rom_ext", @@ -86,11 +93,12 @@ offline_presigning_artifacts( name = "presigning", testonly = True, srcs = [ - ":rom_ext_real_prod_signed_slot_a", - ":rom_ext_real_prod_signed_slot_b", + ":rom_ext_prod_slot_a", + ":rom_ext_prod_slot_b", + ":rom_ext_prod_slot_virtual", ], ecdsa_key = { - "//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0_ecdsa_p256", + "//hw/ip/otp_ctrl/data/earlgrey_skus/sival/keys:keyset": "sv00-earlgrey-a1-root-ecdsa-prod-0", }, manifest = ":manifest_sival", tags = ["manual"], @@ -118,14 +126,16 @@ offline_signature_attach( cc_library( name = "sival_owner", - srcs = ["sival_owner.c"], + srcs = [ + "sival_owner.c", + "sival_owner.h", + ], deps = [ "//sw/device/silicon_creator/lib:boot_data", "//sw/device/silicon_creator/lib/drivers:flash_ctrl", "//sw/device/silicon_creator/lib/ownership", "//sw/device/silicon_creator/lib/ownership:datatypes", "//sw/device/silicon_creator/lib/ownership:owner_block", - "//sw/device/silicon_creator/rom_ext/sival/keys:includes", ], alwayslink = True, ) diff --git a/sw/device/silicon_creator/rom_ext/sival/README.md b/sw/device/silicon_creator/rom_ext/sival/README.md new file mode 100644 index 00000000000000..7bff78fb5c9837 --- /dev/null +++ b/sw/device/silicon_creator/rom_ext/sival/README.md @@ -0,0 +1,42 @@ +# SiVAL ROM\_EXT + +The ROM\_EXT build in this directory is for chips that are configured as the SiVAL SKU. + +The SiVAL SKU is initialized with the SiVAL owner during provisioning. +The human-readable owner configuration is `sival_owner.json5` and is translated to binary form with the following command: + +```bash +cd $REPO_TOP +opentitantool ownership config \ + --input sw/device/silicon_creator/rom_ext/sival/sival_owner.json5 \ + sw/device/silicon_creator/rom_ext/sival/sival_owner.bin +``` + +The configuration is signed using the owner key stored in the Cloud KMS keyring `ot-earlgrey-a1-sival`: + +```bash +cd $REPO_TOP + +# From https://github.com/GoogleCloudPlatform/kms-integrations/releases/tag/pkcs11-v1.2 +export HSMTOOL_MODULE=$(pwd)/libkmsp11.so +export KMS_PKCS11_CONFIG=signing/tokens/ot-earlgrey-a1-sival.yaml + +hsmtool -t ot-earlgrey-a1-sival ecdsa sign \ + -l sv00-ownership-owner-0 \ + --little-endian \ + --format=slice:0..1952 \ + --update-in-place=1952..2016 \ + sw/device/silicon_creator/rom_ext/sival/sival_owner.bin +``` + +The header file `sival_owner.h` was created by dumping the binary file to a C header. +This file is only used by the "fake" ROM\_EXT used in testing FPGA configurations. +NOTE: the repeating unused data pattern `ZZZZ` can be cut out of the hexdump as the `sku_creator_owner_init` function will fill the unused portion of the owner page with that pattern. +```bash +cd $REPO_TOP + +./util/sh/scripts/bin2c.sh \ + --input sw/device/silicon_creator/rom_ext/sival/sival_owner.bin \ + --output sw/device/silicon_creator/rom_ext/sival/sival_owner.h \ + --name sival_owner +``` diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/BUILD b/sw/device/silicon_creator/rom_ext/sival/keys/BUILD index a14e11a4d039eb..67ab258755f5d2 100644 --- a/sw/device/silicon_creator/rom_ext/sival/keys/BUILD +++ b/sw/device/silicon_creator/rom_ext/sival/keys/BUILD @@ -6,66 +6,16 @@ load("//rules:signing.bzl", "keyset") package(default_visibility = ["//visibility:public"]) -cc_library( - name = "includes", - hdrs = [ - "appkey_dev_0.h", - "appkey_prod_0.h", - "appkey_test_0.h", - "earlgrey_z0_sival_1.h", - "ownership_activate_key.h", - "ownership_owner_key.h", - "ownership_unlock_key.h", - ], -) - -cc_library( - name = "keys", - srcs = [ - "sigverify_rsa_keys_sival.c", - "//sw/device/silicon_creator/rom_ext:sigverify_keys.h", - ], - hdrs = [ - "earlgrey_z0_sival_1.h", - ], - deps = [ - "//hw/ip/otp_ctrl/data:otp_ctrl_c_regs", - "//sw/device/lib/base:macros", - "//sw/device/silicon_creator/lib/sigverify", - ], -) - -cc_test( - name = "keys_unittest", - srcs = [ - "sigverify_rsa_keys_sival_unittest.cc", - "//sw/device/silicon_creator/lib/sigverify:rsa_verify.c", - "//sw/device/silicon_creator/lib/sigverify:rsa_verify.h", - ], - deps = [ - ":keys", - "//sw/device/lib/base:hardened", - "//sw/device/silicon_creator/lib/drivers:hmac", - "//sw/device/silicon_creator/lib/drivers:lifecycle", - "//sw/device/silicon_creator/lib/drivers:otp", - "//sw/device/silicon_creator/lib/sigverify:mod_exp_ibex_device_library", - "//sw/device/silicon_creator/lib/sigverify:rsa_key", - "//sw/device/silicon_creator/lib/sigverify:rsa_verify", - "//sw/device/silicon_creator/rom_ext:sigverify_keys", - "//sw/device/silicon_creator/testing:rom_test", - "@googletest//:gtest_main", - ], -) - +# TODO(#22155, #18313): Decide on keyset vs. keyinfo for supplying signing info to the +# offline/token signing flows. Currently, only keyset supports tokens. keyset( name = "keyset", build_setting_default = "", keys = { - "earlgrey_z0_sival_1.der": "earlgrey_z0_sival_1", - "appkey_dev_0.der": "appkey_dev_0", - "appkey_prod_0.der": "appkey_prod_0", - "appkey_test_0.der": "appkey_test_0", + "sv00-app-key-prod-0.pub.der": "sv00-app-key-prod-0", + "sv00-app-key-dev-0.pub.der": "sv00-app-key-dev-0", + "sv00-app-key-test-0.pub.der": "sv00-app-key-test-0", }, - profile = "earlgrey_z0_sival", + profile = "earlgrey_a1_sival_owner", tool = "//signing:token", ) diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/README.md b/sw/device/silicon_creator/rom_ext/sival/keys/README.md index 6bcaa37bbd0f74..6cc5635b315d77 100644 --- a/sw/device/silicon_creator/rom_ext/sival/keys/README.md +++ b/sw/device/silicon_creator/rom_ext/sival/keys/README.md @@ -1,41 +1,49 @@ # SiVAL owner and application keys The keys in this directory are the owner and application keys for the SiVAL owner. -The private components of these keys are stored in CloudKMS in the `ot-earlgrey-z0-sival` keyring. +The private components of these keys are stored in CloudKMS in the `ot-earlgrey-a1-sival` keyring. -These keys were generated using the `gcloud` command line tool: +These keys were generated using the `gcloud` tool and exported with `hsmtool`: ```bash +KEYRING=ot-earlgrey-a1-sival KEYS=( - appkey_dev_0 - appkey_prod_0 - appkey_test_0 - ownership_owner_key - ownership_activate_key - ownership_unlock_key + sv00-app-key-prod-0 + sv00-app-key-dev-0 + sv00-app-key-test-0 + sv00-ownership-owner-0 + sv00-ownership-activate-0 + sv00-ownership-unlock-0 ) +### Generate Keys for KEY in ${KEYS[@]}; do gcloud kms keys create ${KEY} \ - --keyring ot-earlgrey-z0-sival \ + --keyring ${KEYRING} \ --location us-west1 \ --purpose "asymmetric-signing" \ --default-algorithm "ec-sign-p256-sha256" \ --protection-level hsm done -``` -The keys were then exported from CloudKMS using `hsmtool` and converted to C headers with `opentitantool`: +### Export public keys +# From https://github.com/GoogleCloudPlatform/kms-integrations/releases/tag/pkcs11-v1.2 +export HSMTOOL_MODULE=$(pwd)/libkmsp11.so +export KMS_PKCS11_CONFIG=${KEYRING}.yaml + +cat >${KEYRING}.yaml < -#include -#include -#include -#include - -#include "gtest/gtest.h" -#include "sw/device/lib/base/hardened.h" -#include "sw/device/silicon_creator/lib/drivers/mock_lifecycle.h" -#include "sw/device/silicon_creator/lib/drivers/mock_otp.h" -#include "sw/device/silicon_creator/lib/drivers/mock_rnd.h" -#include "sw/device/silicon_creator/lib/error.h" -#include "sw/device/silicon_creator/lib/sigverify/rsa_verify.h" -#include "sw/device/silicon_creator/rom_ext/sigverify_keys.h" -#include "sw/device/silicon_creator/testing/rom_test.h" - -#include "otp_ctrl_regs.h" - -namespace sigverify_keys_unittest { -namespace { -using ::testing::Return; - -TEST(Keys, UniqueIds) { - std::unordered_set ids; - for (size_t i = 0; i < kSigverifyRsaKeysCnt; ++i) { - ids.insert(sigverify_rsa_key_id_get(&kSigverifyRsaKeys[i].key.n)); - } - - EXPECT_EQ(ids.size(), kSigverifyRsaKeysCnt); -} - -/** - * An implementation of the Euclidean algorithm since we can't use c++17's - * `std::gcd()` yet. - */ -uint32_t Gcd(uint32_t a, uint32_t b) { - while (b != 0) { - std::tie(a, b) = std::make_tuple(b, a % b); - } - return a; -} - -TEST(KeysStep, IsCorrect) { - if (kSigverifyRsaKeysCnt > 1) { - EXPECT_LT(kSigverifyRsaKeysStep, kSigverifyRsaKeysCnt); - EXPECT_EQ(Gcd(kSigverifyRsaKeysStep, kSigverifyRsaKeysCnt), 1); - } -} - -// Note: The test cases below test sigverify using ROM keys. They have some -// overlap with sigverify_mod_exp_ibex unit tests but this way we don't have to -// worry about keeping the keys used in those tests in sync with ROM keys. - -/** - * Message and digest used in tests. - * - * The digest can be obtained using: - * ``` - * echo -n "test" | openssl dgst -sha256 -binary | \ - * xxd -p -c 4 | tac | sed 's|.*|0x&,|' - * ``` - */ -constexpr hmac_digest_t kDigest = { - .digest = - { - 0xb0f00a08, - 0xd15d6c15, - 0x2b0b822c, - 0xa3bf4f1b, - 0xc55ad015, - 0x9a2feaa0, - 0x884c7d65, - 0x9f86d081, - }, -}; - -/** - * Keys and signatures used in tests. - */ -struct RsaVerifyTestCase { - /** - * Signer's RSA public key. - */ - const sigverify_rsa_key_t *key; - /** - * Signature to be verified. - */ - sigverify_rsa_buffer_t sig; -}; - -const RsaVerifyTestCase kRsaVerifyTestCases[1]{ - // message: "test" - { - .key = &kSigverifyRsaKeys[0].key, - /* - * echo -n "test" > test.txt - * hsmtool -t ot-earlgrey-z0-sival -u user rsa sign -f plain-text -l - * earlgrey_z0_sival_1 \ -o test.sig test.txt cat test.sig | xxd -p -c 4 - * | tac | sed 's|.*|0x&,|' - */ - .sig = - { - 0x51f8a313, 0xdf9cadc8, 0x09849651, 0x3396dc50, 0x2523715f, - 0x3f261117, 0xbc891dc0, 0x25e90a18, 0x7f3d68ef, 0xa49e89a9, - 0x1e126205, 0x566de5eb, 0x1302edc8, 0x85a11622, 0xedf3b295, - 0xbf2ead9d, 0xe2f7f62e, 0x82014f37, 0x62114a4f, 0x64d71f3d, - 0xef9f97ae, 0x222a67e2, 0x47fd6d82, 0x8fd3f870, 0xdf07454b, - 0x1a627fc1, 0x5697e480, 0xb5b4857d, 0x865bd8ce, 0x1f7fdc3a, - 0x436807eb, 0xf0954b96, 0xd7556c4e, 0x6056c8d4, 0xc5e7875c, - 0xdc4d5cdc, 0xba128354, 0xb57fccef, 0x367d4b88, 0x2b54c85e, - 0x711b9cab, 0x747b8c65, 0xe98fb5d1, 0x272c0705, 0x9db1bf83, - 0x33e18070, 0x7b4f73b1, 0x584e0de9, 0x75e103c2, 0x68062c61, - 0x910b2c9c, 0x2af9ff03, 0x114d2bef, 0x278c2036, 0x1e63481e, - 0x8fefabfd, 0xdac1fbaa, 0x769d708c, 0x94f5c336, 0xa07835b3, - 0x0f1ee10e, 0xfe905d90, 0x5b561fe7, 0x686dd4a6, 0xb6e3507f, - 0xadba5635, 0x9e463d0e, 0xa782afaf, 0x43366fa1, 0x7146b3c4, - 0x9f4d2baf, 0xd9aed324, 0x36f0a5a2, 0xfa041f9d, 0x32f2fb3a, - 0x6b56b1df, 0x2fbfceae, 0x3fe7dbe3, 0x8458b9db, 0x29860b30, - 0x40bc9b9b, 0x36515839, 0xb414bfab, 0x6df1cfd2, 0x50431bef, - 0x3fb2c08b, 0x7b733a06, 0x534c39f1, 0x5cd5f48b, 0xcc488cae, - 0xb08b1fca, 0x62f9c45a, 0x72e3e064, 0x34f7fb4e, 0x64a20ebd, - 0x0c7d4fb0, - }, - }, -}; - -TEST(RsaVerifyTestCases, AllKeys) { - std::unordered_set ids; - for (auto const &test_case : kRsaVerifyTestCases) { - ids.insert(sigverify_rsa_key_id_get(&test_case.key->n)); - } - - EXPECT_EQ(ids.size(), kSigverifyRsaKeysCnt); -} - -class SigverifyRsaVerify - : public rom_test::RomTest, - public testing::WithParamInterface {}; - -TEST_P(SigverifyRsaVerify, Ibex) { - uint32_t flash_exec = 0; - EXPECT_EQ(sigverify_rsa_verify(&GetParam().sig, GetParam().key, &kDigest, - kLcStateProd, &flash_exec), - kErrorOk); - EXPECT_EQ(flash_exec, kSigverifyRsaSuccess); -} - -INSTANTIATE_TEST_SUITE_P(AllCases, SigverifyRsaVerify, - testing::ValuesIn(kRsaVerifyTestCases)); - -} // namespace -} // namespace sigverify_keys_unittest diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-dev-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-dev-0.pub.der new file mode 100644 index 00000000000000..731bc5bb07405c Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-dev-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-prod-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-prod-0.pub.der new file mode 100644 index 00000000000000..8bd3cf55fccf85 Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-prod-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-test-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-test-0.pub.der new file mode 100644 index 00000000000000..472c2e2d3ebfd6 Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-test-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-activate-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-activate-0.pub.der new file mode 100644 index 00000000000000..1566281acf0d03 Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-activate-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-owner-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-owner-0.pub.der new file mode 100644 index 00000000000000..4156b788c65cdf Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-owner-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-unlock-0.pub.der b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-unlock-0.pub.der new file mode 100644 index 00000000000000..f0ecd448013408 Binary files /dev/null and b/sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-unlock-0.pub.der differ diff --git a/sw/device/silicon_creator/rom_ext/sival/sival_owner.c b/sw/device/silicon_creator/rom_ext/sival/sival_owner.c index 579dc9cabf19d8..8ba73c5303efb1 100644 --- a/sw/device/silicon_creator/rom_ext/sival/sival_owner.c +++ b/sw/device/silicon_creator/rom_ext/sival/sival_owner.c @@ -2,6 +2,8 @@ // Licensed under the Apache License, Version 2.0, see LICENSE for details. // SPDX-License-Identifier: Apache-2.0 +#include "sw/device/silicon_creator/rom_ext/sival/sival_owner.h" + #include "sw/device/lib/base/hardened_memory.h" #include "sw/device/lib/base/macros.h" #include "sw/device/lib/base/memory.h" @@ -11,12 +13,6 @@ #include "sw/device/silicon_creator/lib/ownership/owner_block.h" #include "sw/device/silicon_creator/lib/ownership/ownership.h" #include "sw/device/silicon_creator/lib/ownership/ownership_key.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/appkey_dev_0.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/appkey_prod_0.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/appkey_test_0.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/ownership_activate_key.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/ownership_owner_key.h" -#include "sw/device/silicon_creator/rom_ext/sival/keys/ownership_unlock_key.h" /* * This module overrides the weak `sku_creator_owner_init` symbol in @@ -24,16 +20,12 @@ * configuration to receive their ownership config simply installing the latest * ROM_EXT. */ - -#define SIVAL_OWNER_CONFIG_VERSION 1 - rom_error_t sku_creator_owner_init(boot_data_t *bootdata, owner_config_t *config, owner_application_keyring_t *keyring) { - owner_key_t owner = (owner_key_t){ - // Although this is an ECDSA key, we initialize the `raw` member of the - // union to zero-initialize the unused space. - .raw = OWNERSHIP_OWNER_KEY}; + const owner_key_t *owner = &((const owner_block_t *)sival_owner)->owner_key; + uint32_t config_version = + ((const owner_block_t *)sival_owner)->config_version; ownership_state_t state = bootdata->ownership_state; if (state == kOwnershipStateUnlockedSelf || @@ -42,9 +34,9 @@ rom_error_t sku_creator_owner_init(boot_data_t *bootdata, // Nothing to do when in an unlocked state. return kErrorOk; } else if (state == kOwnershipStateLockedOwner) { - if (hardened_memeq(owner.raw, owner_page[0].owner_key.raw, - ARRAYSIZE(owner.raw)) != kHardenedBoolTrue || - SIVAL_OWNER_CONFIG_VERSION <= owner_page[0].config_version) { + if (hardened_memeq(owner->raw, owner_page[0].owner_key.raw, + ARRAYSIZE(owner->raw)) != kHardenedBoolTrue || + config_version <= owner_page[0].config_version) { // Different owner or already newest config version; nothing to do. return kErrorOk; } @@ -54,87 +46,10 @@ rom_error_t sku_creator_owner_init(boot_data_t *bootdata, // into flash. } - memset(&owner_page[0], 0, sizeof(owner_page[0])); - owner_page[0].header.tag = kTlvTagOwner; - owner_page[0].header.length = 2048; - owner_page[0].header.version = (struct_version_t){0, 0}; - owner_page[0].config_version = SIVAL_OWNER_CONFIG_VERSION; - owner_page[0].sram_exec_mode = kOwnerSramExecModeDisabledLocked; - owner_page[0].ownership_key_alg = kOwnershipKeyAlgEcdsaP256; - owner_page[0].update_mode = kOwnershipUpdateModeOpen; - owner_page[0].min_security_version_bl0 = UINT32_MAX; - owner_page[0].lock_constraint = 0; - memset(owner_page[0].device_id, kLockConstraintNone, - sizeof(owner_page[0].device_id)); - owner_page[0].owner_key = owner; - owner_page[0].activate_key = (owner_key_t){ - // Although this is an ECDSA key, we initialize the `raw` member of the - // union to zero-initialize the unused space. - .raw = OWNERSHIP_ACTIVATE_KEY}; - owner_page[0].unlock_key = (owner_key_t){ - // Although this is an ECDSA key, we initialize the `raw` member of the - // union to zero-initialize the unused space. - .raw = OWNERSHIP_UNLOCK_KEY}; - - owner_application_key_t *app = (owner_application_key_t *)owner_page[0].data; - *app = (owner_application_key_t){ - .header = - { - .tag = kTlvTagApplicationKey, - .length = kTlvLenApplicationKeyEcdsa, - }, - .key_alg = kOwnershipKeyAlgEcdsaP256, - .key_domain = kOwnerAppDomainTest, - .key_diversifier = {0}, - .usage_constraint = 0, - .data = - { - .ecdsa = APPKEY_TEST_0, - }, - }; - - app = (owner_application_key_t *)((uintptr_t)app + app->header.length); - *app = (owner_application_key_t){ - .header = - { - .tag = kTlvTagApplicationKey, - .length = kTlvLenApplicationKeyEcdsa, - }, - .key_alg = kOwnershipKeyAlgEcdsaP256, - .key_domain = kOwnerAppDomainProd, - .key_diversifier = {0}, - .usage_constraint = 0, - .data = - { - .ecdsa = APPKEY_PROD_0, - }, - }; - - app = (owner_application_key_t *)((uintptr_t)app + app->header.length); - *app = (owner_application_key_t){ - .header = - { - .tag = kTlvTagApplicationKey, - .length = kTlvLenApplicationKeyEcdsa, - }, - .key_alg = kOwnershipKeyAlgEcdsaP256, - .key_domain = kOwnerAppDomainDev, - .key_diversifier = {0}, - .usage_constraint = 0, - .data = - { - .ecdsa = APPKEY_DEV_0, - }, - }; - - // Fill the remainder of the data segment with the end tag (0x5a5a5a5a). - app = (owner_application_key_t *)((uintptr_t)app + app->header.length); - size_t len = (uintptr_t)(owner_page[0].data + sizeof(owner_page[0].data)) - - (uintptr_t)app; - memset(app, 0x5a, len); + memset(&owner_page[0], 0x5a, sizeof(owner_page[0])); + memcpy(&owner_page[0], sival_owner, sizeof(sival_owner)); ownership_seal_page(/*page=*/0); - memcpy(&owner_page[1], &owner_page[0], sizeof(owner_page[0])); // Since this code should only execute when the ownership state is unknown, we // can thunk the ownership state to LockedOwner. diff --git a/sw/device/silicon_creator/rom_ext/sival/sival_owner.h b/sw/device/silicon_creator/rom_ext/sival/sival_owner.h new file mode 100644 index 00000000000000..18eac9fda4c3c5 --- /dev/null +++ b/sw/device/silicon_creator/rom_ext/sival/sival_owner.h @@ -0,0 +1,59 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_SIVAL_SIVAL_OWNER_H_ +#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_SIVAL_SIVAL_OWNER_H_ + +// clang-format off +const unsigned char sival_owner[] = { +0x4f,0x57,0x4e,0x52,0x00,0x08,0x00,0x00,0x01,0x00,0x00,0x00,0x4c,0x4e,0x45,0x58, // 00000000 OWNR........LNEX +0x50,0x32,0x35,0x36,0x4f,0x50,0x45,0x4e,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00, // 00000010 P256OPEN........ +0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e, // 00000020 ~~~~~~~~~~~~~~~~ +0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e,0x7e, // 00000030 ~~~~~~~~~~~~~~~~ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000040 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000050 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000060 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000070 ................ +0xf3,0x20,0xd9,0x62,0x33,0x6d,0xab,0xb8,0x50,0x58,0xab,0x18,0x6f,0x23,0xdd,0xde, // 00000080 . .b3m..PX..o#.. +0xc6,0x11,0x9a,0x27,0x06,0x76,0x6d,0x29,0xde,0xd3,0x9d,0x31,0xcb,0xaf,0x2e,0x66, // 00000090 ...'.vm)...1...f +0x5b,0x7d,0xe5,0xd4,0x73,0xbd,0xb9,0x82,0x3d,0x16,0x04,0xf7,0xbe,0x0a,0x8a,0x48, // 000000a0 [}..s...=......H +0xdd,0xab,0xcd,0xe9,0x4b,0x84,0x38,0xa8,0xc8,0x81,0x3c,0xd3,0xf9,0xe0,0x10,0xf9, // 000000b0 ....K.8...<..... +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 000000c0 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 000000d0 ................ +0x00,0x26,0xcd,0x0d,0x41,0xd8,0xba,0x54,0xf1,0x8b,0x27,0xb0,0x6a,0x2f,0x67,0x5a, // 000000e0 .&..A..T..'.j/gZ +0xec,0xe9,0xd1,0x26,0x0f,0x40,0x2d,0x08,0xc8,0x66,0x74,0xe7,0x7b,0x32,0x08,0x25, // 000000f0 ...&.@-..ft.{2.% +0xef,0xa9,0xd2,0xc1,0xf6,0x36,0xbd,0x7c,0x92,0x5e,0xeb,0x55,0xb5,0x97,0x21,0x43, // 00000100 .....6.|.^.U..!C +0xc5,0x6b,0xc8,0xb5,0x68,0xa8,0x93,0x93,0xaf,0xa9,0x9e,0x51,0xc9,0x9a,0x6d,0xf6, // 00000110 .k..h......Q..m. +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000120 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000130 ................ +0xec,0x82,0x64,0x56,0x05,0xbb,0x7f,0x8b,0xf9,0x10,0x31,0x12,0x76,0xd5,0xc9,0x4b, // 00000140 ..dV......1.v..K +0x1f,0x17,0xf1,0x13,0x27,0x31,0xf6,0xb1,0xe2,0x2d,0x42,0x22,0x3c,0xe2,0x8d,0xbf, // 00000150 ....'1...-B"<... +0x6e,0x73,0x53,0xb3,0xd1,0x4b,0x09,0xef,0x38,0x3a,0x17,0x2c,0xf2,0x89,0xe9,0x24, // 00000160 nsS..K..8:.,...$ +0xd5,0x09,0x8c,0xe4,0xad,0x05,0x6d,0x6b,0xa8,0xcb,0x0c,0xe9,0xad,0x4e,0xdf,0x9f, // 00000170 ......mk.....N.. +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000180 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000190 ................ +0x41,0x50,0x50,0x4b,0x70,0x00,0x00,0x00,0x50,0x32,0x35,0x36,0x70,0x72,0x6f,0x64, // 000001a0 APPKp...P256prod +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 000001b0 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 000001c0 ................ +0x4b,0x34,0x53,0x9b,0x33,0x0f,0x8d,0xbe,0xb0,0xd3,0x10,0x9b,0xa1,0x02,0xff,0x0c, // 000001d0 K4S.3........... +0x60,0xbd,0xc6,0xbe,0xaa,0x73,0xa9,0xd0,0x42,0x38,0x7c,0x91,0x88,0xef,0x29,0x12, // 000001e0 `....s..B8|...). +0x4f,0x51,0x1d,0xa6,0x96,0x82,0xaf,0xae,0xed,0xf2,0xc5,0xe6,0x52,0x12,0x52,0xc3, // 000001f0 OQ..........R.R. +0x0d,0x89,0x19,0x3f,0x6a,0x7a,0x66,0x71,0x6c,0xff,0x78,0x7d,0x0b,0x8c,0x4e,0x39, // 00000200 ...?jzfql.x}..N9 +0x41,0x50,0x50,0x4b,0x70,0x00,0x00,0x00,0x50,0x32,0x35,0x36,0x64,0x65,0x76,0x5f, // 00000210 APPKp...P256dev_ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000220 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000230 ................ +0x98,0x63,0x7d,0x7a,0xf0,0xa5,0xce,0x43,0x18,0xd0,0xb0,0xe7,0x27,0x48,0x09,0xa7, // 00000240 .c}z...C....'H.. +0x0f,0x77,0xd1,0x96,0x4e,0x7d,0x0d,0x28,0xcb,0x02,0x6d,0x2a,0x17,0x20,0x5e,0xf7, // 00000250 .w..N}.(..m*. ^. +0x52,0xbe,0xbf,0x74,0x3a,0x6e,0x26,0x5f,0x9d,0x1f,0xc1,0x9d,0xd1,0x2f,0x89,0xb9, // 00000260 R..t:n&_...../.. +0xd7,0xcd,0xe4,0x9e,0x49,0xcc,0x41,0x01,0x03,0x16,0xc0,0xd9,0x9d,0xb6,0x0b,0x85, // 00000270 ....I.A......... +0x41,0x50,0x50,0x4b,0x70,0x00,0x00,0x00,0x50,0x32,0x35,0x36,0x74,0x65,0x73,0x74, // 00000280 APPKp...P256test +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 00000290 ................ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 000002a0 ................ +0x69,0x6f,0xb6,0x62,0x7a,0x34,0x7a,0xbf,0x48,0x6f,0xa9,0x92,0x0a,0xa7,0xb8,0x56, // 000002b0 io.bz4z.Ho.....V +0x05,0xe5,0x8b,0xc4,0x8c,0x27,0xe5,0x1c,0x7c,0xde,0x02,0x84,0x89,0xc9,0xab,0x4b, // 000002c0 .....'..|......K +0x35,0x51,0x8e,0x62,0xfd,0x93,0xbb,0x36,0x88,0x22,0x09,0x29,0xc0,0x6d,0x64,0x7f, // 000002d0 5Q.b...6.".).md. +0xaf,0xe7,0x87,0xcc,0x37,0x8b,0x2e,0x7c,0x12,0xa6,0x16,0x36,0x70,0x1f,0xde,0x1b, // 000002e0 ....7..|...6p... +}; +// clang-format on + +#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_ROM_EXT_SIVAL_SIVAL_OWNER_H_ diff --git a/sw/device/silicon_creator/rom_ext/sival/sival_owner.json5 b/sw/device/silicon_creator/rom_ext/sival/sival_owner.json5 new file mode 100644 index 00000000000000..1f8d903efcdb02 --- /dev/null +++ b/sw/device/silicon_creator/rom_ext/sival/sival_owner.json5 @@ -0,0 +1,68 @@ +{ + config_version: 1, + update_mode: "Open", + sram_exec: "DisabledLocked", + min_security_version_bl0: "NoChange", + + ownership_key_alg: "EcdsaP256", + owner_key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-owner-0.pub.der" + // Opentitantool will load this DER file and transform the key into the + // little-endian representation of the x/y cooridiantes. + // + // Ecdsa: { + // x: "", + // y: "" + // } + }, + activate_key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-activate-0.pub.der" + }, + unlock_key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-ownership-unlock-0.pub.der" + }, + data: [ + { + ApplicationKey: { + header: { + identifier: "ApplicationKey", + length: 0 + }, + key_alg: "EcdsaP256", + key_domain: "Prod", + usage_constraint: 0, + key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-prod-0.pub.der" + } + } + }, + { + ApplicationKey: { + header: { + identifier: "ApplicationKey", + length: 0 + }, + key_alg: "EcdsaP256", + key_domain: "Dev", + usage_constraint: 0, + key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-dev-0.pub.der" + } + } + }, + { + ApplicationKey: { + header: { + identifier: "ApplicationKey", + length: 0 + }, + key_alg: "EcdsaP256", + key_domain: "Test", + usage_constraint: 0, + key: { + Ecdsa: "sw/device/silicon_creator/rom_ext/sival/keys/sv00-app-key-test-0.pub.der" + } + } + }, + ], +}