[manuf,rom_ext] write certs to flash in perso LTV object format #24992
Conversation
|
Still need to add the ROM_EXT update for parsing the new cert format. I will update the PR shortly before merging. |
timothytrippel
force-pushed
the
update-cert-flash-format
branch
2 times, most recently
from
fb6c4a6
to
f26a4f3
Compare
Currently, during ft_perso, the host writes the raw endorsed X.509 certificates (in ASN.1 DER format) to flash_info pages. When it needs to access them later on, the certificate length is calculated by parsing the ASN.1 header (1 or 2 bytes). This design works for X509 but not CWT-CBOR since there's no such information in some CBOR types (map, array specifically). Fixes lowRISC#24942. Co-authored-by: Tommy Chiu <[email protected]> Signed-off-by: Tim Trippel <[email protected]>
This switches the `perso_tlv_get_cert_obj()` return type to a `rom_error_t` as this function will be used in the ROM_EXT to parse DICE certificates in a following commit. Signed-off-by: Tim Trippel <[email protected]>
timothytrippel
force-pushed
the
update-cert-flash-format
branch
2 times, most recently
from
daa4561
to
276a6de
Compare
|
I have added the code that update the ROM_EXT to use the same perso LTV format when reading/writing DICE certs from/to flash. This PR is ready for review now. |
| if (obj_len > (sizeof(pb->body) - pb->next_free)) | ||
| return OUT_OF_RANGE(); | ||
| if (obj_size > *buf_size) | ||
| return kErrorPersoTlvOutputBufTooSmall; | ||
|
|
||
| // Setup the perso LTV object header. | ||
| if (needs_endorsement) { |
There was a problem hiding this comment.
Using this option to set object type is not practiable for CWT.
Maybe we'll need one more parameter?
There was a problem hiding this comment.
yeah lets add in follow up PR that adds code for CWT support
|
This seems to be a much larger change than modifying the storage format by adding the TLV header, a lot of refactoring, variable names changes, editing comments drown the actual modification, which makes it harder to review. How has this been tested? |
This refactors the `perso_tlv_data` cert object building functions so they can be reused by the ROM_EXT. A prior commit updated the perso code to store all certificates in flash info pages in the perso LTV object format. Since the ROM_EXT needs to be able to regenerate CDI_0/1 DICE certificates, the ROM_EXT must also be able to regenerate this same perso LTV object format. Signed-off-by: Tim Trippel <[email protected]>
timothytrippel
force-pushed
the
update-cert-flash-format
branch
from
f413bac
to
0085285
Compare
This has been tested on all provisioning flows locally and in CI. This is needed in order to support the new cert format in perso and ROM_EXT code, and to enable code sharing between both. Also, I broke the changes up into several smaller commits that should make each commit easier to review. Please lmk if you have any questions. |
|
FWIW @vbendeb , CI always tests the perso flow, so if a change passes CI it should be guaranteed to work. |
timothytrippel
changed the title
The format by which DICE certs have been to provisioned into flash recently changed such that the certs were written in the perso LTV structure. This updates the ROM_EXT to use the same structure when reading and writing DICE certs from/to flash. Signed-off-by: Tim Trippel <[email protected]>
timothytrippel
force-pushed
the
update-cert-flash-format
branch
from
0085285
to
5eb7370
Compare
|
Test failures are not related to this PR. |
Currently, during ft_perso, the host writes the raw endorsed X.509 certificates (in ASN.1 DER format) to flash_info pages. When it needs to access them later on, the certificate length is calculated by parsing the ASN.1 header (1 or 2 bytes). This design works for X509 but not CWT-CBOR since there's no such information in some CBOR types (map, array specifically). This updates the perso flow to write the certificates to the info page wrapped in the perso LTV object header. Additionally, this refactors the
perso_tlv_datacode to userom_error_twhere applicable so it can be shared with the ROM_EXT, which also must parse and potentially update CDI_0/1 DICE certificates.Fixes #24942.
Test: //sw/device/silicon_creator/manuf/base:ft_provision_cw340
This is a refactor of #24951 that improves code-reuse and documentation.