Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dice-mfg: allow querying secure boot key slot status #1442

Merged
merged 1 commit into from
Aug 8, 2023
Merged

dice-mfg: allow querying secure boot key slot status #1442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ zeroize = { version = "1.5.7", default-features = false, features = ["zeroize_de
zip = { version = "0.6", default-features = false, features = ["bzip2"] }

# Oxide forks and repos
dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false }
dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.2.1" }
gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
hif = { git = "https://github.com/oxidecomputer/hif", default-features = false }
humpty = { git = "https://github.com/oxidecomputer/humpty", default-features = false, version = "0.1.3" }
Expand Down
2 changes: 1 addition & 1 deletion app/oxide-rot-1/app.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ version = 0

[kernel]
name = "oxide-rot-1"
requires = {flash = 59840, ram = 2696}
requires = {flash = 60544, ram = 2696}
features = ["dice-mfg"]

[caboose]
Expand Down
74 changes: 73 additions & 1 deletion lib/dice/src/mfg.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,16 @@ use crate::{
cert::PersistIdSelfCertBuilder, csr::PersistIdCsrBuilder, CertSerialNumber,
IntermediateCert, PersistIdCert, SeedBuf,
};
use dice_mfg_msgs::{MessageHash, MfgMessage, PlatformId, SizedBlob};
use core::mem::size_of;
use dice_mfg_msgs::{
KeySlotStatus, MessageHash, MfgMessage, PlatformId, SizedBlob,
};
use lib_lpc55_usart::{Read, Usart, Write};
use lpc55_pac::SYSCON;
use salty::{constants::SECRETKEY_SEED_LENGTH, signature::Keypair};
use sha3::{digest::FixedOutputReset, Digest, Sha3_256};
use unwrap_lite::UnwrapLite;
use zerocopy::FromBytes;
use zeroize::{Zeroize, ZeroizeOnDrop};

pub enum Error {
Expand Down Expand Up @@ -299,6 +303,74 @@ impl DiceMfg for SerialMfg<'_> {
syscon_locked,
})
}
MfgMessage::GetKeySlotStatus => {
/// Layout of the Customer Field Programmble Area structure in Flash.
///
/// This struct should be exactly 512 bytes. If you change it such that its size
/// is no longer 512 bytes, it will not compromise security, but bootleby will
/// panic while checking the persistent settings (and with any luck the static
/// assertion below will fire before you hit the panic).
#[derive(FromBytes)]
#[repr(C)]
struct CfpaPage {
// Fields defined by NXP:
header: u32,
monotonic_version: u32,
_fields_we_do_not_use: [u32; 4],
rotkh_revoke: u32,
_more_fields_we_do_not_use: [u32; 5],
_prince_ivs: [[u32; 14]; 3],
_nxp_reserved: [u32; 10],
_customer_area: [u8; 224],
_digest: [u8; 32],
}
Comment on lines +313 to +326
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ugh I really wish we had this accessible in another crate but I don't have a better idea at the moment.


// It's really quite important that the CFPA data structure be exactly the size
// of a flash page, 512 bytes.
static_assertions::const_assert_eq!(
size_of::<CfpaPage>(),
512
);

let cfpa_ping: &[u8] = unsafe {
core::slice::from_raw_parts(0x9_e000 as *const u8, 512)
};
let Some(cfpa_ping) = CfpaPage::read_from(cfpa_ping) else {
let _ = self.send_nak();
continue;
};

let cfpa_pong: &[u8] = unsafe {
core::slice::from_raw_parts(0x9_e200 as *const u8, 512)
};
let Some(cfpa_pong) = CfpaPage::read_from(cfpa_pong) else {
let _ = self.send_nak();
continue;
};

let cfpa = if cfpa_ping.monotonic_version
> cfpa_pong.monotonic_version
{
&cfpa_ping
} else {
&cfpa_pong
};

let key_status_from_slot_value = |value| match value & 0x3 {
0b00 => KeySlotStatus::Invalid,
0b01 => KeySlotStatus::Enabled,
_ => KeySlotStatus::Revoked,
};

self.send_msg(MfgMessage::KeySlotStatus {
slots: [
key_status_from_slot_value(cfpa.rotkh_revoke),
key_status_from_slot_value(cfpa.rotkh_revoke >> 2),
key_status_from_slot_value(cfpa.rotkh_revoke >> 4),
key_status_from_slot_value(cfpa.rotkh_revoke >> 6),
],
})
}
_ => continue,
};
}
Expand Down