[rom_ext] Implement Integrator Specific FW Binding logic. #25147
Conversation
moidx
force-pushed
the
isfb-implementation
branch
from
408ce02
to
482f889
Compare
moidx
force-pushed
the
isfb-implementation
branch
3 times, most recently
from
2decbca
to
ea6cfa7
Compare
| uint32_t *checks_performed_count) { | ||
| *checks_performed_count = UINT32_MAX; | ||
| if (ext->header.name != kManifestExtIdIsfb || | ||
| (hardened_bool_t)owner_config->isfb == kHardenedBoolFalse) { |
There was a problem hiding this comment.
I tried, but I cannot find the definition of owner_isfb_config_t any where. Can you point it out to me please?
Also why do we cast owner_config->isfb to hardened_bool_t then later to owner_isfb_config_t? That doesn't seem valid.
There was a problem hiding this comment.
You can find the data structures in the ownership datatypes.h header in the earlgrey_es_sival branch. This will be merged to earlgrey_1.0.0 once the feature is complete.
Also take a look at owner_config_default() inside owner_block.c. Owner config entries are initialized to kHardenedBoolFalse to flag when an owner TLV entry is not present in the ownership blob.
moidx
force-pushed
the
isfb-implementation
branch
from
ea6cfa7
to
82be082
Compare
Implements Integrator Specific FW Binding (ISFB) functionality to provide anti-rollback and product binding functionality to application firmware. The following changes are included: 1. Add flash_ctrl helper function to generate the info flash page configuration based on the ownership ISFB config. 2. Implement isfb logic as a separate module to simplify ROM_EXT integration. 3. Add unittest cases to verify anti-rollback and product association functionality. 4. Add minimum level of hardening against FI. The ROM_EXT integration and e2e test cases will be implemented in a follow up commit. Signed-off-by: Miguel Osorio <[email protected]>
moidx
force-pushed
the
isfb-implementation
branch
from
82be082
to
2dbea18
Compare
| "Strike mask size mismatch"); | ||
| static_assert(sizeof(data) >= kFlashPageBytes, "Unexpected data size"); | ||
|
|
||
| HARDENED_RETURN_IF_ERROR(flash_ctrl_info_read(&isfb_info_page, /*offset=*/0, |
There was a problem hiding this comment.
What happens within flash_ctrl_info_read is there is an ECC failure? Does the chip reset or does it return an error?
How would we recovery this chip in a lab if that every occurred? We could make an owner firmware that has no restrictions?
Implements Integrator Specific FW Binding functionality to provide anti-rollback and product binding functionality to application firmware.
The following changes are included:
The ROM_EXT integration and e2e test cases will be implemented in a follow up commit.