lowRISC · cfrantz · Feb 3, 2025 · Sep 24, 2024 · Sep 11, 2024 · Sep 25, 2024
diff --git a/hw/top_earlgrey/BUILD b/hw/top_earlgrey/BUILD
@@ -8,7 +8,6 @@ load(
 )
 load(
     "//rules/opentitan:defs.bzl",
-    "CLEAR_KEY_SET",
     "DEFAULT_TEST_FAILURE_MSG",
     "DEFAULT_TEST_SUCCESS_MSG",
     "fpga_cw305",

diff --git a/signing/BUILD b/signing/BUILD
@@ -2,6 +2,8 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
+load("@bazel_skylib//rules:common_settings.bzl", "string_flag")
+
 package(default_visibility = ["//visibility:public"])
 
 label_flag(
@@ -16,6 +18,54 @@ config_setting(
     },
 )
 
+# TODO(#24641): Simplify key selection after eliminating RSA keys.
+# The currently released ROM_EXT binary for ES silicon (version 0.4) supports
+# only RSA keys.  The next release will eliminate RSA keys in favor of ECDSA
+# keys.  In order to allow current users to continue to build RSA-signed
+# applications (e.g. tests), we default to an `owner_key_type` of RSA.  Ad-hoc
+# testing on ES DEV parts running the as-yet unreleased ROM_EXT (at the head
+# of this branch) can select ECDSA keys.
+#
+# Note that the FPGA targets always run the ROM_EXT from head, and always
+# select an ECDSA key regardless of the `owner_key_type` setting.
+#
+# This key-type selection will be removed when we finish converting to ECDSA
+# and eliminate RSA keys for application signing.
+string_flag(
+    name = "owner_key_type",
+    build_setting_default = "rsa",
+    values = [
+        "rsa",
+        "ecdsa",
+    ],
+)
+
+config_setting(
+    name = "owner_key_rsa",
+    flag_values = {":owner_key_type": "rsa"},
+)
+
+config_setting(
+    name = "owner_key_ecdsa",
+    flag_values = {":owner_key_type": "ecdsa"},
+)
+
+config_setting(
+    name = "test_keys_rsa",
+    flag_values = {
+        ":token": "//signing/tokens:local",
+        ":owner_key_type": "rsa",
+    },
+)
+
+config_setting(
+    name = "test_keys_ecdsa",
+    flag_values = {
+        ":token": "//signing/tokens:local",
+        ":owner_key_type": "ecdsa",
+    },
+)
+
 filegroup(
     name = "none_key",
     srcs = ["skip.bit"],

diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.der
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.pub.der
@@ -132,13 +132,6 @@ rom_error_t sku_creator_owner_init(boot_data_t *bootdata,
   ownership_seal_page(/*page=*/0);
   memcpy(&owner_page[1], &owner_page[0], sizeof(owner_page[0]));
 
-  RETURN_IF_ERROR(owner_block_parse(&owner_page[0], config, keyring));
-  RETURN_IF_ERROR(owner_block_flash_apply(config->flash, kBootSlotA,
-                                          bootdata->primary_bl0_slot));
-  RETURN_IF_ERROR(owner_block_flash_apply(config->flash, kBootSlotB,
-                                          bootdata->primary_bl0_slot));
-  RETURN_IF_ERROR(owner_block_info_apply(config->info));
-
   // Since this module should only get linked in to FPGA builds, we can simply
   // thunk the ownership state to LockedOwner.
   bootdata->ownership_state = kOwnershipStateLockedOwner;
@@ -151,13 +144,6 @@ rom_error_t sku_creator_owner_init(boot_data_t *bootdata,
                                    &owner_page[0]));
   owner_page_valid[0] = kOwnerPageStatusSealed;
 
-  OT_DISCARD(flash_ctrl_info_erase(&kFlashCtrlInfoPageOwnerSlot1,
-                                   kFlashCtrlEraseTypePage));
-  OT_DISCARD(flash_ctrl_info_write(&kFlashCtrlInfoPageOwnerSlot1, 0,
-                                   sizeof(owner_page[0]) / sizeof(uint32_t),
-                                   &owner_page[0]));
-  owner_page_valid[1] = kOwnerPageStatusSealed;
-
   OT_DISCARD(boot_data_write(bootdata));
   dbg_printf("sku_creator_owner_init: saved to flash\r\n");
   return kErrorOk;

@@ -10,3 +10,9 @@ ROM_EXT_VERSION = struct(
     MINOR = "1",
     SECURITY = "0",
 )
+
+SLOTS = [
+    "a",
+    "b",
+    "virtual",
+]
@@ -110,10 +110,37 @@ static void change_speed(void) {
   }
 }
 
+#ifdef ROM_EXT_KLOBBER_ALLOWED
+// In order to facilitate debuging and manual test flows for ownerhsip transfer,
+// we allow the owner pages to be erased if and only if the chip is in the DEV
+// lifecycle state AND the ROM_EXT was specifically built to allow owner erase.
+//
+// In the general case, the `KLBR` command does not exist.  It can only be
+// enabled by silicon_creator and only for DEV chips.
+static void ownership_erase(void) {
+  lifecycle_state_t lc_state = lifecycle_state_get();
+  if (lc_state == kLcStateDev) {
+    OT_DISCARD(flash_ctrl_info_erase(&kFlashCtrlInfoPageOwnerSlot0,
+                                     kFlashCtrlEraseTypePage));
+    OT_DISCARD(flash_ctrl_info_erase(&kFlashCtrlInfoPageOwnerSlot1,
+                                     kFlashCtrlEraseTypePage));
+    dbg_printf("ok: erased owner blocks\r\n");
+  } else {
+    dbg_printf("error: erase not allowed in state %x\r\n", lc_state);
+  }
+}
+#endif
+
 static void validate_mode(uint32_t mode, rescue_state_t *state,
                           boot_data_t *bootdata) {
   dbg_printf("\r\nmode: %C\r\n", bitfield_byteswap32(mode));
   hardened_bool_t allow = owner_rescue_command_allowed(state->config, mode);
+#ifdef ROM_EXT_KLOBBER_ALLOWED
+  if (mode == kRescueModeKlobber) {
+    ownership_erase();
+    return;
+  }
+#endif
   if (allow == kHardenedBoolTrue) {
     switch (mode) {
       case kRescueModeBaud:

@@ -28,6 +28,8 @@ typedef enum {
   kRescueModeBootSvcRsp = 0x42525350,
   /** `BREQ` */
   kRescueModeBootSvcReq = 0x42524551,
+  /** `KLBR` */
+  kRescueModeKlobber = 0x4b4c4252,
   /** `OWNR` */
   kRescueModeOwnerBlock = 0x4f574e52,
   /** `OPG0` */

diff --git a/sw/device/silicon_creator/rom_ext/sival/BUILD b/sw/device/silicon_creator/rom_ext/sival/BUILD
@@ -15,6 +15,7 @@ load(
     "//sw/device/silicon_creator/imm_rom_ext:defs.bzl",
     "SLOT_A_IMM_ROM_EXT_SECTIONS",
     "SLOT_B_IMM_ROM_EXT_SECTIONS",
+    "SLOT_VIRTUAL_IMM_ROM_EXT_SECTIONS",
 )
 
 package(default_visibility = ["//visibility:public"])
@@ -26,6 +27,12 @@ LINK_ORDER = [
     "$(location //sw/device/lib/crt)",
 ]
 
+SLOTS = {
+    "a": SLOT_A_IMM_ROM_EXT_SECTIONS,
+    "b": SLOT_B_IMM_ROM_EXT_SECTIONS,
+    "virtual": SLOT_VIRTUAL_IMM_ROM_EXT_SECTIONS,
+}
+
 manifest(d = {
     "name": "manifest_sival",
     "identifier": hex(CONST.ROM_EXT),
@@ -40,110 +47,68 @@ manifest(d = {
 # You can manually create such a bitstream with:
 #
 # bazel build //hw/bitstream/universal:splice --//hw/bitstream/universal:env=//hw/top_earlgrey:fpga_cw310_sival
-opentitan_binary(
-    name = "rom_ext_fake_prod_signed_slot_a",
-    ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"},
-    exec_env = [
-        "//hw/top_earlgrey:silicon_creator",
-        "//hw/top_earlgrey:fpga_cw310",
-        "//hw/top_earlgrey:fpga_cw340",
-        "//hw/top_earlgrey:sim_dv_base",
-        "//hw/top_earlgrey:sim_verilator_base",
-    ],
-    extra_bazel_features = [
-        "minsize",
-        "use_lld",
-    ],
-    immutable_rom_ext_sections = SLOT_A_IMM_ROM_EXT_SECTIONS["main"],
-    linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_a",
-    linkopts = LINK_ORDER,
-    manifest = ":manifest_sival",
-    # TODO(#26060): Temporarily disable SPX signing of ROM_EXT.
-    #spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"},
-    deps = [
-        "//sw/device/lib/crt",
-        "//sw/device/silicon_creator/lib:manifest_def",
-        "//sw/device/silicon_creator/rom_ext",
-        "//sw/device/silicon_creator/rom_ext/sival/keys",
-    ],
-)
-
-opentitan_binary(
-    name = "rom_ext_fake_prod_signed_slot_b",
-    ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"},
-    exec_env = [
-        "//hw/top_earlgrey:silicon_creator",
-        "//hw/top_earlgrey:fpga_cw310",
-        "//hw/top_earlgrey:fpga_cw340",
-        "//hw/top_earlgrey:sim_dv_base",
-        "//hw/top_earlgrey:sim_verilator_base",
-    ],
-    extra_bazel_features = [
-        "minsize",
-        "use_lld",
-    ],
-    immutable_rom_ext_sections = SLOT_B_IMM_ROM_EXT_SECTIONS["main"],
-    linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_b",
-    linkopts = LINK_ORDER,
-    manifest = ":manifest_sival",
-    # TODO(#26060): Temporarily disable SPX signing of ROM_EXT.
-    #spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"},
-    deps = [
-        "//sw/device/lib/crt",
-        "//sw/device/silicon_creator/lib:manifest_def",
-        "//sw/device/silicon_creator/rom_ext",
-        "//sw/device/silicon_creator/rom_ext/sival/keys",
-    ],
-)
-
-opentitan_binary(
-    name = "rom_ext_real_prod_signed_slot_a",
-    exec_env = [
-        "//hw/top_earlgrey:silicon_creator",
-        "//hw/top_earlgrey:fpga_cw310",
-    ],
-    extra_bazel_features = [
-        "minsize",
-        "use_lld",
-    ],
-    immutable_rom_ext_sections = SLOT_A_IMM_ROM_EXT_SECTIONS["main"],
-    linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_a",
-    linkopts = LINK_ORDER,
-    deps = [
-        "//sw/device/lib/crt",
-        "//sw/device/silicon_creator/lib:manifest_def",
-        "//sw/device/silicon_creator/rom_ext",
-        "//sw/device/silicon_creator/rom_ext/sival/keys",
-    ],
-)
+[
+    opentitan_binary(
+        name = "rom_ext_fake_prod_signed_slot_{}".format(slot),
+        ecdsa_key = {"//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0"},
+        exec_env = [
+            "//hw/top_earlgrey:silicon_creator",
+            "//hw/top_earlgrey:fpga_cw310",
+            "//hw/top_earlgrey:fpga_cw340",
+            "//hw/top_earlgrey:sim_dv_base",
+            "//hw/top_earlgrey:sim_verilator_base",
+        ],
+        extra_bazel_features = [
+            "minsize",
+            "use_lld",
+        ],
+        immutable_rom_ext_sections = imm_sections["main"],
+        linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_{}".format(slot),
+        linkopts = LINK_ORDER,
+        manifest = ":manifest_sival",
+        # TODO(#26060): Temporarily disable SPX signing of ROM_EXT.
+        #spx_key = {"//sw/device/silicon_creator/rom/keys/fake/spx:prod_key_0_spx": "prod_key_0"},
+        deps = [
+            ":sival_owner",
+            "//sw/device/lib/crt",
+            "//sw/device/silicon_creator/lib:manifest_def",
+            "//sw/device/silicon_creator/rom_ext",
+        ],
+    )
+    for slot, imm_sections in SLOTS.items()
+]
 
-opentitan_binary(
-    name = "rom_ext_real_prod_signed_slot_b",
-    exec_env = [
-        "//hw/top_earlgrey:silicon_creator",
-        "//hw/top_earlgrey:fpga_cw310",
-    ],
-    extra_bazel_features = [
-        "minsize",
-        "use_lld",
-    ],
-    immutable_rom_ext_sections = SLOT_B_IMM_ROM_EXT_SECTIONS["main"],
-    linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_b",
-    linkopts = LINK_ORDER,
-    deps = [
-        "//sw/device/lib/crt",
-        "//sw/device/silicon_creator/lib:manifest_def",
-        "//sw/device/silicon_creator/rom_ext",
-        "//sw/device/silicon_creator/rom_ext/sival/keys",
-    ],
-)
+[
+    opentitan_binary(
+        name = "rom_ext_real_prod_signed_slot_{}".format(slot),
+        exec_env = [
+            "//hw/top_earlgrey:silicon_creator",
+            "//hw/top_earlgrey:fpga_cw310",
+            "//hw/top_earlgrey:fpga_cw340",
+        ],
+        extra_bazel_features = [
+            "minsize",
+            "use_lld",
+        ],
+        immutable_rom_ext_sections = imm_sections["main"],
+        linker_script = "//sw/device/silicon_creator/rom_ext:ld_slot_{}".format(slot),
+        linkopts = LINK_ORDER,
+        deps = [
+            ":sival_owner",
+            "//sw/device/lib/crt",
+            "//sw/device/silicon_creator/lib:manifest_def",
+            "//sw/device/silicon_creator/rom_ext",
+        ],
+    )
+    for slot, imm_sections in SLOTS.items()
+]
 
 offline_presigning_artifacts(
     name = "presigning",
     testonly = True,
     srcs = [
-        ":rom_ext_real_prod_signed_slot_a",
-        ":rom_ext_real_prod_signed_slot_b",
+        ":rom_ext_real_prod_signed_slot_{}".format(slot)
+        for slot in SLOTS
     ],
     ecdsa_key = {
         "//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256": "prod_key_0_ecdsa_p256",
@@ -171,3 +136,17 @@ offline_signature_attach(
     ],
     tags = ["manual"],
 )
+
+cc_library(
+    name = "sival_owner",
+    srcs = ["sival_owner.c"],
+    deps = [
+        "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
+        "//sw/device/silicon_creator/lib/ownership",
+        "//sw/device/silicon_creator/lib/ownership:datatypes",
+        "//sw/device/silicon_creator/lib/ownership:owner_block",
+        "//sw/device/silicon_creator/rom_ext/sival/keys:includes",
+    ],
+    alwayslink = True,
+)
diff --git a/sw/device/silicon_creator/rom_ext/sival/keys/BUILD b/sw/device/silicon_creator/rom_ext/sival/keys/BUILD
@@ -6,6 +6,19 @@ load("//rules:signing.bzl", "keyset")
 
 package(default_visibility = ["//visibility:public"])
 
+cc_library(
+    name = "includes",
+    hdrs = [
+        "appkey_dev_0.h",
+        "appkey_prod_0.h",
+        "appkey_test_0.h",
+        "earlgrey_z0_sival_1.h",
+        "ownership_activate_key.h",
+        "ownership_owner_key.h",
+        "ownership_unlock_key.h",
+    ],
+)
+
 cc_library(
     name = "keys",
     srcs = [
@@ -49,6 +62,9 @@ keyset(
     build_setting_default = "",
     keys = {
         "earlgrey_z0_sival_1.der": "earlgrey_z0_sival_1",
+        "appkey_dev_0.der": "appkey_dev_0",
+        "appkey_prod_0.der": "appkey_prod_0",
+        "appkey_test_0.der": "appkey_test_0",
     },
     profile = "earlgrey_z0_sival",
     tool = "//signing:token",