Skip to content

Commit

Permalink
dice-mfg: allow querying secure boot key slot status
Browse files Browse the repository at this point in the history
  • Loading branch information
mx-shift authored and flihp committed Aug 8, 2023
1 parent 3fb145e commit 0a2ef68
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 6 deletions.
6 changes: 3 additions & 3 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ zeroize = { version = "1.5.7", default-features = false, features = ["zeroize_de
zip = { version = "0.6", default-features = false, features = ["bzip2"] }

# Oxide forks and repos
dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false }
dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.2.1" }
gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
hif = { git = "https://github.com/oxidecomputer/hif", default-features = false }
humpty = { git = "https://github.com/oxidecomputer/humpty", default-features = false, version = "0.1.3" }
Expand Down
2 changes: 1 addition & 1 deletion app/oxide-rot-1/app.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ version = 0

[kernel]
name = "oxide-rot-1"
requires = {flash = 59840, ram = 2696}
requires = {flash = 60544, ram = 2696}
features = ["dice-mfg"]

[caboose]
Expand Down
74 changes: 73 additions & 1 deletion lib/dice/src/mfg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,16 @@ use crate::{
cert::PersistIdSelfCertBuilder, csr::PersistIdCsrBuilder, CertSerialNumber,
IntermediateCert, PersistIdCert, SeedBuf,
};
use dice_mfg_msgs::{MessageHash, MfgMessage, PlatformId, SizedBlob};
use core::mem::size_of;
use dice_mfg_msgs::{
KeySlotStatus, MessageHash, MfgMessage, PlatformId, SizedBlob,
};
use lib_lpc55_usart::{Read, Usart, Write};
use lpc55_pac::SYSCON;
use salty::{constants::SECRETKEY_SEED_LENGTH, signature::Keypair};
use sha3::{digest::FixedOutputReset, Digest, Sha3_256};
use unwrap_lite::UnwrapLite;
use zerocopy::FromBytes;
use zeroize::{Zeroize, ZeroizeOnDrop};

pub enum Error {
Expand Down Expand Up @@ -299,6 +303,74 @@ impl DiceMfg for SerialMfg<'_> {
syscon_locked,
})
}
MfgMessage::GetKeySlotStatus => {
/// Layout of the Customer Field Programmble Area structure in Flash.
///
/// This struct should be exactly 512 bytes. If you change it such that its size
/// is no longer 512 bytes, it will not compromise security, but bootleby will
/// panic while checking the persistent settings (and with any luck the static
/// assertion below will fire before you hit the panic).
#[derive(FromBytes)]
#[repr(C)]
struct CfpaPage {
// Fields defined by NXP:
header: u32,
monotonic_version: u32,
_fields_we_do_not_use: [u32; 4],
rotkh_revoke: u32,
_more_fields_we_do_not_use: [u32; 5],
_prince_ivs: [[u32; 14]; 3],
_nxp_reserved: [u32; 10],
_customer_area: [u8; 224],
_digest: [u8; 32],
}

// It's really quite important that the CFPA data structure be exactly the size
// of a flash page, 512 bytes.
static_assertions::const_assert_eq!(
size_of::<CfpaPage>(),
512
);

let cfpa_ping: &[u8] = unsafe {
core::slice::from_raw_parts(0x9_e000 as *const u8, 512)
};
let Some(cfpa_ping) = CfpaPage::read_from(cfpa_ping) else {
let _ = self.send_nak();
continue;
};

let cfpa_pong: &[u8] = unsafe {
core::slice::from_raw_parts(0x9_e200 as *const u8, 512)
};
let Some(cfpa_pong) = CfpaPage::read_from(cfpa_pong) else {
let _ = self.send_nak();
continue;
};

let cfpa = if cfpa_ping.monotonic_version
> cfpa_pong.monotonic_version
{
&cfpa_ping
} else {
&cfpa_pong
};

let key_status_from_slot_value = |value| match value & 0x3 {
0b00 => KeySlotStatus::Invalid,
0b01 => KeySlotStatus::Enabled,
_ => KeySlotStatus::Revoked,
};

self.send_msg(MfgMessage::KeySlotStatus {
slots: [
key_status_from_slot_value(cfpa.rotkh_revoke),
key_status_from_slot_value(cfpa.rotkh_revoke >> 2),
key_status_from_slot_value(cfpa.rotkh_revoke >> 4),
key_status_from_slot_value(cfpa.rotkh_revoke >> 6),
],
})
}
_ => continue,
};
}
Expand Down

0 comments on commit 0a2ef68

Please sign in to comment.