[sw, device, sigverify] Sync with the master branch #23952
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes lowRISC#10472. Signed-off-by: Alphan Ulusoy <[email protected]>
It is more ergonomical for the certificate templates to have the key represented by its r and s values. Signed-off-by: Tim Trippel <[email protected]>
sameo
force-pushed
the
topic/dj-otbn-sigverify-ecdsa-p256
branch
from
5bd85bb
to
6871711
Compare
The current OTBN boot services API required the user to input the additional DRBG seed manually. Since this seed is provisioned into a flash info page at manufacturing time, this updates the code to automatically load the specified seed from the flash instead. This simplifies the user experience of driving this library. Signed-off-by: Tim Trippel <[email protected]>
There were two bugs in the silicon_creator boot services lib that this commit addresses: 1. the permissions on the flash info pages holding the attestation seeds were not set prior to attempting to read out the seed, and 2. the OTBN DMEM buffer to hold said seed was not completely initialized, causing an OTBN DMEM integrity error. Signed-off-by: Tim Trippel <[email protected]>
There were two bugs in the silicon_creator boot services lib that this commit addresses: 1. the permissions on the flash info pages holding the attestation seeds were not set prior to attempting to read out the seed, and 2. the OTBN DMEM buffer to hold said seed was not completely initialized, causing an OTBN DMEM integrity error. Signed-off-by: Tim Trippel <[email protected]>
This updates OTBN boot services lib to erase the attestation key seed flash info page if it detects it has not been provisioned (i.e., an integrity error is encountered during a read). Additionally a warning is printed over the console if this happens. This enables ROM_EXT E2E tests to pass without having to pre-configure flash info pages as if a chip was already provisioned. Signed-off-by: Tim Trippel <[email protected]>
This commit renames keymgr_init() to keymgr_entropy_reseed_interval_set() since this is the only thing that this function does. Signed-off-by: Alphan Ulusoy <[email protected]>
This adds a function to the silicon_creator keymgr driver to set the max key version. Additionally this updates the on-host unit tests and on-device functest to test this additional function. Lastly, this updates the on-device functest to crank the keymgr through all possible key states, as will be done for both ES and PROD chips with the updated attestation flow. Signed-off-by: Tim Trippel <[email protected]>
Signed-off-by: Miguel Osorio <[email protected]>
Add KMAC configuration for KEYMGR mode of operation. This configuration should be used before advancing the KEYMGR to any of the operational states. Signed-off-by: Miguel Osorio <[email protected]>
Previously, the modexp implementation did not correctly set the mode, and the names of certain inputs were not compatible with the R^2 internal computation. Also, the internal modexp expects the input and output buffers for RSA to be disjoint. Signed-off-by: Jade Philipoom <[email protected]>
This bug caused the attestation seed to be loaded from the wrong offset, because `flash_info_read` expects a byte-offset rather than a word offset. Signed-off-by: Jade Philipoom <[email protected]>
Signed-off-by: Jade Philipoom <[email protected]>
The library expects the digest in little-endian, even though big-endian is more standard for ECDSA. This is compatible with the HMAC block settings for ROM, but is worth clarifying. Signed-off-by: Jade Philipoom <[email protected]>
Signed-off-by: Jade Philipoom <[email protected]>
Signed-off-by: Jade Philipoom <[email protected]>
sameo
force-pushed
the
topic/dj-otbn-sigverify-ecdsa-p256
branch
from
6871711
to
aa55118
Compare
This commit adds support for ECDSA public key and signatures to the manifest. Both signature and public key fields were converted to union types to be able to support either RSA or ECDSA. `kManifestVersionMajor1` is associated with RSA. `kManifestVersionMajor2` is associated with ECDSA. Signed-off-by: Miguel Osorio <[email protected]>
We are trying to maintain the same key definitions for spx+ after moving the keys to OTP. This change factors out the key type definitons into a separate module so that they can be reused by a future sigverify otp implementation. Signed-off-by: Miguel Osorio <[email protected]>
Add ECSA key definitions to the sigverify_key_types.h infrastructure. Signed-off-by: Miguel Osorio <[email protected]>
The module contains the following functions: - `sigverify_otp_keys_init()`: Initializes the OTP keys context in SRAM. - `sigverify_otp_keys_check()`: Verifies the integrity of the OTP keys. - `sigverify_otp_keys_get()`: Gets a key from the OTP keys array stored in the SRAM context. Signed-off-by: Miguel Osorio <[email protected]>
This partially addresses lowRISC#21937 by renaming the OTBN driver functions so they do not collide with similar cryptolib functions. Signed-off-by: Tim Trippel <[email protected]>
This partially addresses lowRISC#21937 by renaming the keymgr driver functions so they do not collide with similar cryptolib functions. Signed-off-by: Tim Trippel <[email protected]>
This adds functions to the silicon_creator keymgr drive to set the sealing/attestation binding registers and advance the keymgr. Signed-off-by: Tim Trippel <[email protected]>
This adds unit tests to test the new keymgr drive functions that advances the keymgr to the owner intermediate and owner key states. Signed-off-by: Tim Trippel <[email protected]>
sameo
force-pushed
the
topic/dj-otbn-sigverify-ecdsa-p256
branch
from
aa55118
to
8c3e275
Compare
This module is used to lookup keys in the ROT AUTH partition. This change also updates the function name of `sigverify_ecdsa_key_id_get()` to `sigverify_ecdsa_p256_key_id_get()` to make it consistent with the module name. Signed-off-by: Miguel Osorio <[email protected]>
Introduce sigverify_p256_verify function. The function uses the otbn_boot_services OTBN kernel to perform the signature verification operation. The signature comparison method is adapted from the sigverify RSA implementation. The magic constant generated by `sigverify_ecdsa_p256_verify()` is the same value generated by `sigverify_rsa_verify()`. This is so that we can migrate from RSA --> ECDSA via incremental changes. Signed-off-by: Miguel Osorio <[email protected]>
All attestation services rely on getting an attestation seed from flash, but with Darjeeling, we must get them from OTP. Until we define OTP slots for those, it is safer to disable the attestation services for now. Signed-off-by: Samuel Ortiz <[email protected]>
…keymgr With Darjeeling, keymgr is replaced by its DPE version. Both the OTBN services and the related tests will have to be ported to it. Disable them for now and only keep the signature verification part. Signed-off-by: Samuel Ortiz <[email protected]>
sameo
force-pushed
the
topic/dj-otbn-sigverify-ecdsa-p256
branch
from
8c3e275
to
b27c5f5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
sigverifysync with master, in order to support OTBN based ECDSA-p256 signature verification.I added a couple of commits on top of the upstream one:
Fixes #23481
Fixes #23482