-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dice-mfg: allow querying secure boot key slot status #1442
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Double checked the bits against the spreadsheet, LGTM
#[derive(FromBytes)] | ||
#[repr(C)] | ||
struct CfpaPage { | ||
// Fields defined by NXP: | ||
header: u32, | ||
monotonic_version: u32, | ||
_fields_we_do_not_use: [u32; 4], | ||
rotkh_revoke: u32, | ||
_more_fields_we_do_not_use: [u32; 5], | ||
_prince_ivs: [[u32; 14]; 3], | ||
_nxp_reserved: [u32; 10], | ||
_customer_area: [u8; 224], | ||
_digest: [u8; 32], | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ugh I really wish we had this accessible in another crate but I don't have a better idea at the moment.
I dug out my local mfg setup yesterday evening and gave this a test (it worked as expected). I'm going to test a few additional configurations but will be merging this first. |
Almost forgot that this PR needs an update to |
Tested by modifying lpc55expresso to use dice-mfg, flashing to lpc55xpresso w/ secure boot enabled, and running
dice-mfg get-key-slot-status
(from oxidecomputer/dice-util#88) which reported all slots enabled as expected.Depends on oxidecomputer/dice-util#88 so CI will fail until that is merged.