[rom_ext] Remove dbg print in imm_section

Prints are removed due to: * Pen Testing * Boot timing * Code size Change-Id: Icce141e2bb4a2658ee5ef6e061c6a54346cc8d7d Signed-off-by: Yi-Hsuan Deng <[email protected]>
lowRISC · Mar 6, 2025 · 1140d9d · 1140d9d
1 parent a02c1b4
commit 1140d9d
Show file tree

Hide file tree

Showing 9 changed files with 11 additions and 79 deletions.
diff --git a/sw/device/silicon_creator/lib/cert/dice_chain.c b/sw/device/silicon_creator/lib/cert/dice_chain.c
@@ -328,7 +328,6 @@ rom_error_t dice_chain_attestation_creator(
   // Check if the current CDI_0 cert is valid.
   RETURN_IF_ERROR(dice_chain_load_cert_obj("CDI_0", /*name_size=*/6));
   if (dice_chain.cert_valid == kHardenedBoolFalse) {
-    dbg_puts("warning: CDI_0 certificate not valid; updating\r\n");
     // Update the cert page buffer.
     static_dice_cdi_0.cert_size = sizeof(static_dice_cdi_0.cert_data);
     HARDENED_RETURN_IF_ERROR(dice_cdi_0_cert_build(
@@ -476,7 +475,6 @@ rom_error_t dice_chain_flush_flash(void) {
         /*offset=*/0,
         /*word_count=*/FLASH_CTRL_PARAM_BYTES_PER_PAGE / sizeof(uint32_t),
         dice_chain.data));
-    dbg_puts("info: flushed dice cert page\r\n");
     dice_chain.data_dirty = kHardenedBoolFalse;
   }
   return kErrorOk;

diff --git a/sw/device/silicon_creator/lib/otbn_boot_services.c b/sw/device/silicon_creator/lib/otbn_boot_services.c
@@ -96,9 +96,6 @@ static rom_error_t load_attestation_keygen_seed(uint32_t additional_seed_idx,
       // If we encountered a read error, this means the attestation seed page
       // has not been provisioned yet. In this case, we erase the page and
       // continue, which will simply result in generating an invalid identity.
-      dbg_puts(
-          "Warning: Attestation key seed flash info page not provisioned. "
-          "Erasing page to format.\r\n");
       HARDENED_RETURN_IF_ERROR(flash_ctrl_info_erase(
           &kFlashCtrlInfoPageAttestationKeySeeds, kFlashCtrlEraseTypePage));
       return kErrorOk;

diff --git a/sw/device/silicon_creator/rom/e2e/defs.bzl b/sw/device/silicon_creator/rom/e2e/defs.bzl
@@ -34,8 +34,7 @@ MSG_TEMPLATE_BFV_LCV = "{}{}\r\n{}{}\r\n(?s:.*){}{}\r\n{}{}\r\n".format(
     "{1}",
 )
 
-# When starting ROM_EXT, immutable section will always run first.
-MSG_STARTING_ROM_EXT = "\nIMM_SECTION:"
+MSG_STARTING_ROM_EXT = "\nROM_EXT:"
 
 MSG_PASS = "PASS!"
 

diff --git a/sw/device/silicon_creator/rom_ext/BUILD b/sw/device/silicon_creator/rom_ext/BUILD
@@ -172,6 +172,7 @@ cc_test(
             ":rom_ext_boot_policy_ptrs",
             ":rom_ext_manifest",
             ":sigverify_keys",
+            "//hw/ip/otp_ctrl/data:otp_ctrl_c_regs",
             "//hw/ip/sram_ctrl/data:sram_ctrl_c_regs",
             "//hw/top_earlgrey/ip_autogen/flash_ctrl:flash_ctrl_c_regs",
             "//sw/device/lib/arch:device",

diff --git a/sw/device/silicon_creator/rom_ext/imm_section/BUILD b/sw/device/silicon_creator/rom_ext/imm_section/BUILD
@@ -28,12 +28,10 @@ cc_library(
     target_compatible_with = [OPENTITAN_CPU],
     deps = [
         ":imm_section_epmp",
-        "//hw/ip/otp_ctrl/data:otp_ctrl_c_regs",
         "//hw/top_earlgrey/ip_autogen/flash_ctrl:flash_ctrl_c_regs",
         "//sw/device/lib/arch:device",
         "//sw/device/lib/base:hardened",
         "//sw/device/lib/base:macros",
-        "//sw/device/silicon_creator/lib:dbg_print",
         "//sw/device/silicon_creator/lib:epmp_state",
         "//sw/device/silicon_creator/lib:error",
         "//sw/device/silicon_creator/lib:manifest",

diff --git a/sw/device/silicon_creator/rom_ext/imm_section/e2e/boot_message/BUILD b/sw/device/silicon_creator/rom_ext/imm_section/e2e/boot_message/BUILD
diff --git a/sw/device/silicon_creator/rom_ext/imm_section/imm_section.c b/sw/device/silicon_creator/rom_ext/imm_section/imm_section.c
@@ -10,8 +10,6 @@
 #include "sw/device/silicon_creator/lib/base/boot_measurements.h"
 #include "sw/device/silicon_creator/lib/base/sec_mmio.h"
 #include "sw/device/silicon_creator/lib/cert/dice_chain.h"
-#include "sw/device/silicon_creator/lib/dbg_print.h"
-#include "sw/device/silicon_creator/lib/drivers/otp.h"
 #include "sw/device/silicon_creator/lib/drivers/rnd.h"
 #include "sw/device/silicon_creator/lib/epmp_state.h"
 #include "sw/device/silicon_creator/lib/error.h"
@@ -20,8 +18,6 @@
 #include "sw/device/silicon_creator/rom_ext/imm_section/imm_section_epmp.h"
 #include "sw/device/silicon_creator/rom_ext/rom_ext_manifest.h"
 
-#include "otp_ctrl_regs.h"  // Generated.
-
 OT_WARN_UNUSED_RESULT
 static rom_error_t imm_section_start(void) {
   // Check the ePMP state.
@@ -35,16 +31,6 @@ static rom_error_t imm_section_start(void) {
   sec_mmio_next_stage_init();
   HARDENED_RETURN_IF_ERROR(imm_section_epmp_reconfigure());
 
-  // Debug UART is already configured by ROM.
-  dbg_puts("IMM_SECTION:0.1\r\n");
-  uint32_t hash_enforcement =
-      otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET);
-  if (hash_enforcement != kHardenedBoolTrue) {
-    // CAUTION: The message below should match the message defined in:
-    //   //sw/device/silicon_creator/rom_ext/imm_section/defs.bzl
-    dbg_puts("info: hash unenforced\r\n");
-  }
-
   // Establish our identity.
   const manifest_t *rom_ext = rom_ext_manifest();
   HARDENED_RETURN_IF_ERROR(dice_chain_init());

diff --git a/sw/device/silicon_creator/rom_ext/rom_ext.c b/sw/device/silicon_creator/rom_ext/rom_ext.c
@@ -53,6 +53,7 @@
 
 #include "flash_ctrl_regs.h"                          // Generated.
 #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"  // Generated.
+#include "otp_ctrl_regs.h"                            // Generated.
 #include "sram_ctrl_regs.h"                           // Generated.
 
 // Useful constants for flash sizes and ROM_EXT locations.
@@ -736,6 +737,14 @@ static rom_error_t rom_ext_start(boot_data_t *boot_data, boot_log_t *boot_log) {
   const manifest_t *self = rom_ext_manifest();
   dbg_printf("ROM_EXT:%u.%u\r\n", self->version_major, self->version_minor);
 
+  uint32_t hash_enforcement =
+      otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET);
+  if (hash_enforcement != kHardenedBoolTrue) {
+    // CAUTION: The message below should match the message defined in:
+    //   //sw/device/silicon_creator/rom_ext/imm_section/defs.bzl
+    dbg_printf("info: imm_section hash unenforced\r\n");
+  }
+
   // Prepare dice chain builder for CDI_1.
   HARDENED_RETURN_IF_ERROR(dice_chain_init());
 

diff --git a/sw/host/provisioning/ft_lib/src/lib.rs b/sw/host/provisioning/ft_lib/src/lib.rs
@@ -559,17 +559,6 @@ pub fn check_slot_b_boot_up(
     transport.reset_target(init.bootstrap.options.reset_delay, true)?;
     let uart_console = transport.uart("console")?;
 
-    let result = UartConsole::wait_for(&*uart_console, r"IMM_SECTION[: ](.*)\r\n", timeout)?;
-    log::info!("ROM_EXT IMM_SECTION started.");
-    response.stats.log_string(
-        "imm_section-version",
-        result
-            .get(1)
-            .as_ref()
-            .map(|s| s.as_str())
-            .unwrap_or("unknown"),
-    );
-
     // The ROM_EXT used to print "Starting ROM_EXT 0.1", but we cleaned up the
     // ROM_EXT output.  It now prints "ROM_EXT:0.1".
     let result = UartConsole::wait_for(&*uart_console, r"(?:\n| )ROM_EXT[: ](.*)\r\n", timeout)?;