Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[update] Manifest Based Authorization feature update. #1828

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[update] Manifest Based Authorization feature update. #1828

wants to merge 1 commit into from

Conversation

mhatrevi
Copy link
Collaborator

@mhatrevi mhatrevi commented Dec 2, 2024

This PR makes the following changes to the feature:

  1. Adds a 'firmware id' to the image metadata entry (IME) structure.
  2. Reduces max IME limit from 128 to 127 to account for size increase due to the firmware id addition.
  3. SET_AUTH_MANIFEST command validates that the IME collection does not contain duplicate firmware ids.
  4. SET_AUTH_MANIFEST command sorts the IME on the firmware ids.
  5. Adds a new bit to the IME flags named 'SKIP AUTHORIZATION'. If set, AUTHORIZE_AND_STASH command authorizes an IME with a matching firmware id ignoring the image hash.
  6. If a firmware id is not found, AUTHORIZE_AND_STASH command returns IMAGE_NOT_AUTHORIZED status code in the command output.
  7. If a firmware id is found but the image hash does not match, AUTHORIZE_AND_STASH returns IMAGE_HASH_MISMATCH status code in the command output.
  8. If a firmware id is found and the image hash matches or if the 'SKIP AUTHORIZATION' flag is set for the firmware id, AUTHORIZE_AND_STASH command returns IMAGE_AUTHORIZED status code in the command output.
  9. AUTHORIZE_AND_STASH command uses binary search on the firmware id to lookup an IME.

@mlvisaya
Copy link

mlvisaya commented Dec 2, 2024

Should we also add the changes to the README.md doc?

@mhatrevi
[update] Manifest Based Authorization feature update.
d025425 
This PR  makes the following changes to the feature:
1. Adds a 'firmware id' to the image metadata entry (IME) structure.
2. Reduces max IME limit from 128 to 127 to account for size increase due to the firmware id addition.
3. SET_AUTH_MANIFEST command validates that the IME collection does not contain duplicate firmware ids.
4. SET_AUTH_MANIFEST command sorts the IME on the firmware ids.
5. Adds a new bit to the IME flags named 'SKIP AUTHORIZATION'. If set, AUTHORIZE_AND_STASH command authorizes an IME with a matching firmware id ignoring the image hash.
6. If a firmware id is not found, AUTHORIZE_AND_STASH command returns IMAGE_NOT_AUTHORIZED status code in the command output.
7. If a firmware id is found but the image hash does not match, AUTHORIZE_AND_STASH returns IMAGE_HASH_MISMATCH status code in the command output.
8. If a firmware id is found and the image hash matches or if the 'SKIP AUTHORIZATION' flag is set for the the firmware id, AUTHORIZE_AND_STASH command returns IMAGE_AUTHORIZED status code in the command output.
9. AUTHORIZE_AND_STASH command uses binary search on the firmware id to lookup an IME.
nquarton
nquarton reviewed Dec 3, 2024
View reviewed changes
Copy link
Contributor

@nquarton nquarton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall implementation looks good to me. I think the runtime readme will need some updates to reflect these changes.

You might also add a couple more test cases for the sorting and binary search. They look simple and correct to me. But I know corner cases can bite you on that. I'll still approve without it, just something to consider.

swenson
swenson reviewed Dec 3, 2024
View reviewed changes
runtime/src/authorize_and_stash.rs
let mut left = 0;
let mut right = auth_manifest_image_metadata_col.entry_count as usize;

while left < right {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use auth_manifest_image_metadata_col.image_metadata_list.binary_search_by_key()?

Either way, we should add unit tests for this function.

runtime/src/set_auth_manifest.rs
@@ -401,6 +415,34 @@ impl SetAuthManifestCmd {
soc_ifc,
)?;

// Sort the image metadata list by firmware ID in place. Also check for duplicate firmware IDs.
let slice =
&mut metadata_mailbox.image_metadata_list[..metadata_mailbox.entry_count as usize];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why can't we use metadata_mailbox.image_metadata_list.sort_unstable_by_key()?

If we need to check for duplicates, we can do it after sorting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nquarton nquarton nquarton left review comments

@swenson swenson swenson left review comments

@jhand2 jhand2 Awaiting requested review from jhand2 jhand2 is a code owner

@fdamato fdamato Awaiting requested review from fdamato fdamato is a code owner

@rusty1968 rusty1968 Awaiting requested review from rusty1968 rusty1968 is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 is a code owner

@vsonims vsonims Awaiting requested review from vsonims vsonims is a code owner

@JohnTraverAmd JohnTraverAmd Awaiting requested review from JohnTraverAmd

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Caliptra v1.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mhatrevi @mlvisaya @swenson @nquarton