Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dice-mfg: allow querying secure boot key slot status #1442

Merged
merged 1 commit into from
Aug 8, 2023
Merged

dice-mfg: allow querying secure boot key slot status #1442

merged 1 commit into from
Aug 8, 2023

Conversation

mx-shift
Copy link
Contributor

@mx-shift mx-shift commented Jun 27, 2023
edited
Loading

Tested by modifying lpc55expresso to use dice-mfg, flashing to lpc55xpresso w/ secure boot enabled, and running dice-mfg get-key-slot-status (from oxidecomputer/dice-util#88) which reported all slots enabled as expected.

Depends on oxidecomputer/dice-util#88 so CI will fail until that is merged.

@flihp flihp requested a review from labbott as a code owner August 7, 2023 20:30
labbott
labbott approved these changes Aug 8, 2023
View reviewed changes
Copy link
Collaborator

@labbott labbott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double checked the bits against the spreadsheet, LGTM

lib/dice/src/mfg.rs
Comment on lines +313 to +326
#[derive(FromBytes)]
#[repr(C)]
struct CfpaPage {
// Fields defined by NXP:
header: u32,
monotonic_version: u32,
_fields_we_do_not_use: [u32; 4],
rotkh_revoke: u32,
_more_fields_we_do_not_use: [u32; 5],
_prince_ivs: [[u32; 14]; 3],
_nxp_reserved: [u32; 10],
_customer_area: [u8; 224],
_digest: [u8; 32],
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ugh I really wish we had this accessible in another crate but I don't have a better idea at the moment.

@flihp
Copy link
Contributor

flihp commented Aug 8, 2023

I dug out my local mfg setup yesterday evening and gave this a test (it worked as expected). I'm going to test a few additional configurations but will be merging this first.

@flihp flihp enabled auto-merge (rebase) August 8, 2023 15:23
@flihp flihp disabled auto-merge August 8, 2023 15:29
@flihp
Copy link
Contributor

flihp commented Aug 8, 2023

Almost forgot that this PR needs an update to Cargo.lock as well now that the dice-mfg-msgs crate is at a new version with the required messages.

@flihp flihp enabled auto-merge (rebase) August 8, 2023 15:35
@flihp flihp merged commit 00a74ba into master Aug 8, 2023
66 checks passed
@flihp flihp deleted the key_slot_status branch August 8, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flihp flihp flihp approved these changes

@labbott labbott labbott approved these changes

@cbiffle cbiffle Awaiting requested review from cbiffle cbiffle is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mx-shift @flihp @labbott