Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cherry-pick] manually cherry-pick of #24992 to earlgrey_1.0.0 branch #25038

Merged
merged 4 commits into from
Nov 8, 2024
Merged

[cherry-pick] manually cherry-pick of #24992 to earlgrey_1.0.0 branch #25038

merged 4 commits into from
Nov 8, 2024

Conversation

timothytrippel
Copy link
Contributor

This cherry-picks #24992 to earlgrey_1.0.0 branch to change how certs are written to flash info pages.

@timothytrippel
[manuf] write certs to flash in perso LTV object format
0876b77 
Currently, during ft_perso, the host writes the raw endorsed X.509
certificates (in ASN.1 DER format) to flash_info pages.
When it needs to access them later on, the certificate length is
calculated by parsing the ASN.1 header (1 or 2 bytes).
This design works for X509 but not CWT-CBOR since there's no such
information in some CBOR types (map, array specifically).

Fixes lowRISC#24942.

Co-authored-by: Tommy Chiu <[email protected]>
Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit fc628e6)
@timothytrippel
[manuf] switch perso_tlv_get_cert_obj()
db12bb6 
This switches the `perso_tlv_get_cert_obj()` return type to a
`rom_error_t` as this function will be used in the ROM_EXT to parse DICE
certificates in a following commit.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit dd6b29f)
@timothytrippel
[manuf] refactor perso_tlv_data cert obj functions for reuse
8b39c5e 
This refactors the `perso_tlv_data` cert object building functions so
they can be reused by the ROM_EXT. A prior commit updated the perso code
to store all certificates in flash info pages in the perso LTV object
format. Since the ROM_EXT needs to be able to regenerate CDI_0/1 DICE
certificates, the ROM_EXT must also be able to regenerate this same
perso LTV object format.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 89bf535)
@timothytrippel
[rom_ext] r/w DICE certs from/to flash in perso LTV object format
16e6159 
The format by which DICE certs have been to provisioned into flash
recently changed such that the certs were written in the perso LTV
structure. This updates the ROM_EXT to use the same structure when
reading and writing DICE certs from/to flash.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 5eb7370)
@timothytrippel timothytrippel requested a review from a team as a code owner November 7, 2024 23:42
@timothytrippel timothytrippel requested review from cfrantz and removed request for a team November 7, 2024 23:45
@timothytrippel timothytrippel mentioned this pull request Nov 7, 2024
Merged
@timothytrippel timothytrippel merged commit d1f3f2c into lowRISC:earlgrey_1.0.0 Nov 8, 2024
29 checks passed
@timothytrippel timothytrippel deleted the cp-cert-flash-format branch November 8, 2024 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moidx moidx moidx approved these changes

@cfrantz cfrantz Awaiting requested review from cfrantz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timothytrippel @moidx