From bb5b14e97afaa54fc38428023c1b13acaa56ec95 Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Mon, 28 Oct 2024 14:36:06 -0700 Subject: [PATCH] Tweak UART messages to buy some RO memory in ROM. --- FROZEN_IMAGES.sha384sum | 2 +- rom/dev/src/fht.rs | 5 +---- rom/dev/src/flow/cold_reset/fmc_alias.rs | 4 ++-- rom/dev/src/flow/cold_reset/fw_processor.rs | 18 ++++++++---------- rom/dev/src/flow/cold_reset/idev_id.rs | 4 ++-- rom/dev/src/flow/cold_reset/ldev_id.rs | 2 +- rom/dev/src/flow/cold_reset/x509.rs | 8 ++++---- rom/dev/src/flow/mod.rs | 2 +- rom/dev/src/flow/update_reset.rs | 8 ++++---- rom/dev/src/flow/warm_reset.rs | 4 ++-- rom/dev/src/main.rs | 2 +- rom/dev/src/wdt.rs | 6 ++---- 12 files changed, 29 insertions(+), 36 deletions(-) diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum index 6b4d5d9475..3c6aefd5f7 100644 --- a/FROZEN_IMAGES.sha384sum +++ b/FROZEN_IMAGES.sha384sum @@ -1,3 +1,3 @@ # WARNING: Do not update this file without the approval of the Caliptra TAC 91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3 caliptra-rom-no-log.bin -105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03 caliptra-rom-with-log.bin +c651bdddc91931c348af6f01990fe2dda7b6673bd9ce6e0552aca3de00857eafa6ff358ae73dae5b5437b87ce2ff6e6b caliptra-rom-with-log.bin diff --git a/rom/dev/src/fht.rs b/rom/dev/src/fht.rs index 70f783ea9c..c0d9f04619 100644 --- a/rom/dev/src/fht.rs +++ b/rom/dev/src/fht.rs @@ -151,10 +151,7 @@ impl FhtDataStore { pub fn initialize_fht(env: &mut RomEnv) { let pdata = &env.persistent_data.get(); - cprintln!( - "[fht] Storing FHT @ 0x{:08X}", - &pdata.fht as *const _ as usize - ); + cprintln!("[fht] FHT @ 0x{:08X}", &pdata.fht as *const _ as usize); env.persistent_data.get_mut().fht = FirmwareHandoffTable { fht_marker: FHT_MARKER, diff --git a/rom/dev/src/flow/cold_reset/fmc_alias.rs b/rom/dev/src/flow/cold_reset/fmc_alias.rs index 6f0c59604d..af78cb5fd5 100644 --- a/rom/dev/src/flow/cold_reset/fmc_alias.rs +++ b/rom/dev/src/flow/cold_reset/fmc_alias.rs @@ -196,14 +196,14 @@ impl FmcAliasLayer { // Sign the `To Be Signed` portion cprintln!( - "[afmc] Signing Cert with AUTHORITY.KEYID = {}", + "[afmc] Signing Cert w/ AUTHORITY.KEYID = {}", auth_priv_key as u8 ); let mut sig = Crypto::ecdsa384_sign_and_verify(env, auth_priv_key, auth_pub_key, tbs.tbs()); let sig = okmutref(&mut sig)?; // Clear the authority private key - cprintln!("[afmc] Erasing AUTHORITY.KEYID = {}", auth_priv_key as u8); + cprintln!("[afmc] Erase AUTHORITY.KEYID = {}", auth_priv_key as u8); env.key_vault.erase_key(auth_priv_key).map_err(|err| { sig.zeroize(); err diff --git a/rom/dev/src/flow/cold_reset/fw_processor.rs b/rom/dev/src/flow/cold_reset/fw_processor.rs index f9aadebbe0..15fb952bbb 100644 --- a/rom/dev/src/flow/cold_reset/fw_processor.rs +++ b/rom/dev/src/flow/cold_reset/fw_processor.rs @@ -180,7 +180,7 @@ impl FirmwareProcessor { ) -> CaliptraResult>> { let mut self_test_in_progress = false; - cprintln!("[fwproc] Waiting for Commands..."); + cprintln!("[fwproc] Wait for Commands..."); loop { // Random delay for CFI glitch protection. CfiCounter::delay(); @@ -193,7 +193,7 @@ impl FirmwareProcessor { return Err(CaliptraError::FW_PROC_MAILBOX_RESERVED_PAUSER); } - cprintln!("[fwproc] Received command 0x{:08x}", txn.cmd()); + cprintln!("[fwproc] Recv command 0x{:08x}", txn.cmd()); // Handle FW load as a separate case due to the re-borrow explained below if txn.cmd() == CommandId::FIRMWARE_LOAD.into() { @@ -207,11 +207,11 @@ impl FirmwareProcessor { // failure) or by a manual complete call upon success. let txn = ManuallyDrop::new(txn.start_txn()); if txn.dlen() == 0 || txn.dlen() > IMAGE_BYTE_SIZE as u32 { - cprintln!("Invalid Image of size {} bytes" txn.dlen()); + cprintln!("Invalid Img size: {} bytes" txn.dlen()); return Err(CaliptraError::FW_PROC_INVALID_IMAGE_SIZE); } - cprintln!("[fwproc] Received Image of size {} bytes" txn.dlen()); + cprintln!("[fwproc] Recv'd Img size: {} bytes" txn.dlen()); report_boot_status(FwProcessorDownloadImageComplete.into()); return Ok(txn); } @@ -285,9 +285,7 @@ impl FirmwareProcessor { } CommandId::STASH_MEASUREMENT => { if persistent_data.fht.meas_log_index == MEASUREMENT_MAX_COUNT as u32 { - cprintln!( - "[fwproc] Maximum supported number of measurements already received." - ); + cprintln!("[fwproc] Max # of measurements received."); txn.complete(false)?; // Raise a fatal error on hitting the max. limit. @@ -365,7 +363,7 @@ impl FirmwareProcessor { let info = verifier.verify(manifest, img_bundle_sz, ResetReason::ColdReset)?; cprintln!( - "[fwproc] Image verified using Vendor ECC Key Index {}", + "[fwproc] Img verified w/ Vendor ECC Key Idx {}", info.vendor_ecc_pub_key_idx, ); report_boot_status(FwProcessorImageVerificationComplete.into()); @@ -478,7 +476,7 @@ impl FirmwareProcessor { #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] fn load_image(manifest: &ImageManifest, txn: &mut MailboxRecvTxn) -> CaliptraResult<()> { cprintln!( - "[fwproc] Loading FMC at address 0x{:08x} len {}", + "[fwproc] Load FMC at address 0x{:08x} len {}", manifest.fmc.load_addr, manifest.fmc.size ); @@ -491,7 +489,7 @@ impl FirmwareProcessor { txn.copy_request(fmc_dest.as_bytes_mut())?; cprintln!( - "[fwproc] Loading Runtime at address 0x{:08x} len {}", + "[fwproc] Load Runtime at address 0x{:08x} len {}", manifest.runtime.load_addr, manifest.runtime.size ); diff --git a/rom/dev/src/flow/cold_reset/idev_id.rs b/rom/dev/src/flow/cold_reset/idev_id.rs index f16525fc98..354c393e8a 100644 --- a/rom/dev/src/flow/cold_reset/idev_id.rs +++ b/rom/dev/src/flow/cold_reset/idev_id.rs @@ -213,7 +213,7 @@ impl InitDevIdLayer { return Ok(()); } - cprintln!("[idev] CSR upload requested"); + cprintln!("[idev] CSR upload begun"); // Generate the CSR Self::make_csr(env, output) @@ -244,7 +244,7 @@ impl InitDevIdLayer { let tbs = InitDevIdCsrTbs::new(¶ms); cprintln!( - "[idev] Signing CSR with SUBJECT.KEYID = {}", + "[idev] Sign CSR w/ SUBJECT.KEYID = {}", key_pair.priv_key as u8 ); diff --git a/rom/dev/src/flow/cold_reset/ldev_id.rs b/rom/dev/src/flow/cold_reset/ldev_id.rs index a8e6222687..c9601d7a13 100644 --- a/rom/dev/src/flow/cold_reset/ldev_id.rs +++ b/rom/dev/src/flow/cold_reset/ldev_id.rs @@ -171,7 +171,7 @@ impl LocalDevIdLayer { // Sign the `To Be Signed` portion cprintln!( - "[ldev] Signing Cert with AUTHORITY.KEYID = {}", + "[ldev] Signing Cert w/ AUTHORITY.KEYID = {}", auth_priv_key as u8 ); let mut sig = Crypto::ecdsa384_sign_and_verify(env, auth_priv_key, auth_pub_key, tbs.tbs()); diff --git a/rom/dev/src/flow/cold_reset/x509.rs b/rom/dev/src/flow/cold_reset/x509.rs index 261c1829b8..aa5b4ecac6 100644 --- a/rom/dev/src/flow/cold_reset/x509.rs +++ b/rom/dev/src/flow/cold_reset/x509.rs @@ -89,24 +89,24 @@ impl X509 { let digest: [u8; 20] = match env.soc_ifc.fuse_bank().idev_id_x509_key_id_algo() { X509KeyIdAlgo::Sha1 => { - cprintln!("[idev] Using Sha1 for KeyId Algorithm"); + cprintln!("[idev] Sha1 KeyId Algorithm"); let digest = Crypto::sha1_digest(env, &data); okref(&digest)?.into() } X509KeyIdAlgo::Sha256 => { - cprintln!("[idev] Using Sha256 for KeyId Algorithm"); + cprintln!("[idev] Sha256 KeyId Algorithm"); let digest = Crypto::sha256_digest(env, &data); let digest: [u8; 32] = okref(&digest)?.into(); digest[..20].try_into().unwrap() } X509KeyIdAlgo::Sha384 => { - cprintln!("[idev] Using Sha384 for KeyId Algorithm"); + cprintln!("[idev] Sha384 KeyId Algorithm"); let digest = Crypto::sha384_digest(env, &data); let digest: [u8; 48] = okref(&digest)?.into(); digest[..20].try_into().unwrap() } X509KeyIdAlgo::Fuse => { - cprintln!("[idev] Using Fuse for KeyId"); + cprintln!("[idev] Fuse KeyId"); env.soc_ifc.fuse_bank().subject_key_id() } }; diff --git a/rom/dev/src/flow/mod.rs b/rom/dev/src/flow/mod.rs index c770d8a5bd..b6246bbc08 100644 --- a/rom/dev/src/flow/mod.rs +++ b/rom/dev/src/flow/mod.rs @@ -66,7 +66,7 @@ pub fn run(env: &mut RomEnv) -> CaliptraResult<()> { if (env.soc_ifc.lifecycle() == caliptra_drivers::Lifecycle::Production) && !(env.soc_ifc.prod_en_in_fake_mode()) { - cprintln!("Fake ROM in Production lifecycle not enabled"); + cprintln!("Fake ROM in Prod disabled"); handle_fatal_error(CaliptraError::ROM_GLOBAL_FAKE_ROM_IN_PRODUCTION.into()); } diff --git a/rom/dev/src/flow/update_reset.rs b/rom/dev/src/flow/update_reset.rs index e6a46ce848..9d09c0a495 100644 --- a/rom/dev/src/flow/update_reset.rs +++ b/rom/dev/src/flow/update_reset.rs @@ -52,13 +52,13 @@ impl UpdateResetFlow { ); let Some(mut recv_txn) = env.mbox.try_start_recv_txn() else { - cprintln!("Failed To Get Mailbox Transaction"); + cprintln!("Failed To Get Mailbox Txn"); return Err(CaliptraError::ROM_UPDATE_RESET_FLOW_MAILBOX_ACCESS_FAILURE); }; let mut process_txn = || -> CaliptraResult<()> { if recv_txn.cmd() != CommandId::FIRMWARE_LOAD.into() { - cprintln!("Invalid command 0x{:08x} received", recv_txn.cmd()); + cprintln!("Invalid command 0x{:08x} recv", recv_txn.cmd()); return Err(CaliptraError::ROM_UPDATE_RESET_FLOW_INVALID_FIRMWARE_COMMAND); } @@ -87,7 +87,7 @@ impl UpdateResetFlow { report_boot_status(UpdateResetExtendPcrComplete.into()); cprintln!( - "[update-reset] Image verified using Vendor ECC Key Index {}", + "[update-reset] Img verified w/ Vendor ECC Key Index {}", info.vendor_ecc_pub_key_idx ); @@ -167,7 +167,7 @@ impl UpdateResetFlow { #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)] fn load_image(manifest: &ImageManifest, txn: &mut MailboxRecvTxn) -> CaliptraResult<()> { cprintln!( - "[update-reset] Loading Runtime at address 0x{:08x} len {}", + "[update-reset] Loading Runtime at addr 0x{:08x} len {}", manifest.runtime.load_addr, manifest.runtime.size ); diff --git a/rom/dev/src/flow/warm_reset.rs b/rom/dev/src/flow/warm_reset.rs index 38eef933ff..d444d78f9a 100644 --- a/rom/dev/src/flow/warm_reset.rs +++ b/rom/dev/src/flow/warm_reset.rs @@ -33,7 +33,7 @@ impl WarmResetFlow { // Check if previous Cold-Reset was successful. if cfi_launder(env.data_vault.rom_cold_boot_status()) != ColdResetComplete.into() { - cprintln!("[warm-reset] Previous Cold-Reset was not successful."); + cprintln!("[warm-reset] Prev Cold-Reset failed"); return Err(CaliptraError::ROM_WARM_RESET_UNSUCCESSFUL_PREVIOUS_COLD_RESET); } else { cfi_assert_eq( @@ -44,7 +44,7 @@ impl WarmResetFlow { // Check if previous Update-Reset, if any, was successful. if cfi_launder(env.data_vault.rom_update_reset_status()) == UpdateResetStarted.into() { - cprintln!("[warm-reset] Previous Update Reset was not successful."); + cprintln!("[warm-reset] Prev Update Reset failed"); return Err(CaliptraError::ROM_WARM_RESET_UNSUCCESSFUL_PREVIOUS_UPDATE_RESET); } else { cfi_assert_ne( diff --git a/rom/dev/src/main.rs b/rom/dev/src/main.rs index 807183661b..d9af80f9f9 100644 --- a/rom/dev/src/main.rs +++ b/rom/dev/src/main.rs @@ -99,7 +99,7 @@ pub extern "C" fn rom_entry() -> ! { && (env.soc_ifc.lifecycle() == caliptra_drivers::Lifecycle::Production) && !(env.soc_ifc.prod_en_in_fake_mode()) { - cprintln!("Fake ROM in Production lifecycle not enabled"); + cprintln!("Fake ROM in Prod lifecycle disabled"); handle_fatal_error(CaliptraError::ROM_GLOBAL_FAKE_ROM_IN_PRODUCTION.into()); } diff --git a/rom/dev/src/wdt.rs b/rom/dev/src/wdt.rs index a77aaaf95a..c5c432615b 100644 --- a/rom/dev/src/wdt.rs +++ b/rom/dev/src/wdt.rs @@ -36,7 +36,7 @@ pub fn start_wdt(soc_ifc: &mut SocIfc) { wdt_timeout_cycles = 1; } cprintln!( - "[state] Starting the Watchdog Timer {} cycles", + "[state] Starting the WD Timer {} cycles", wdt_timeout_cycles ); caliptra_common::wdt::start_wdt( @@ -44,8 +44,6 @@ pub fn start_wdt(soc_ifc: &mut SocIfc) { WdtTimeout::from(core::num::NonZeroU64::new(wdt_timeout_cycles).unwrap()), ); } else { - cprintln!( - "[state] Watchdog Timer is not started because the device is not locked for debugging" - ); + cprintln!("[state] WD Timer not started. Device not locked for debugging"); } }