From db50799b9b43eb399b04613146bb6b419185bc6a Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Tue, 25 Jul 2023 11:10:26 -0700 Subject: [PATCH 1/5] rot-carrier: config sp_measure to hash gimletlet SP image This makes a bit more sense as a default configuration as the rot-carrier is designed to work with the gimletlet. --- app/rot-carrier/app.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/rot-carrier/app.toml b/app/rot-carrier/app.toml index 4bbbe4268..dae76f5ac 100644 --- a/app/rot-carrier/app.toml +++ b/app/rot-carrier/app.toml @@ -199,7 +199,7 @@ task-slots = ["swd"] stacksize = 2048 [tasks.sp_measure.config] -binary_path = "../../target/gemini-bu/dist/final.bin" +binary_path = "../../target/gimletlet/dist/default/final.bin" [tasks.attest] name = "task-attest" From 1c162d07eee70c6365408282b25abeb404842766 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Tue, 25 Jul 2023 11:56:20 -0700 Subject: [PATCH 2/5] sp_measure: Record SP measurement in 'attest' task. --- Cargo.lock | 2 ++ app/oxide-rot-1/app-dev.toml | 4 ++-- app/rot-carrier/app.toml | 4 ++-- task/sp_measure/Cargo.toml | 2 ++ task/sp_measure/src/main.rs | 12 ++++++++++++ 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2d38d7bab..97ba720f2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4428,6 +4428,7 @@ name = "task-sp-measure" version = "0.1.0" dependencies = [ "anyhow", + "attest-api", "build-util", "drv-sp-ctrl-api", "idol", @@ -4436,6 +4437,7 @@ dependencies = [ "serde", "sha3", "userlib", + "zerocopy", ] [[package]] diff --git a/app/oxide-rot-1/app-dev.toml b/app/oxide-rot-1/app-dev.toml index 9c32fd09f..0eb6cddb1 100644 --- a/app/oxide-rot-1/app-dev.toml +++ b/app/oxide-rot-1/app-dev.toml @@ -148,8 +148,8 @@ task-slots = ["swd"] [tasks.sp_measure] name = "task-sp-measure" priority = 6 -max-sizes = {flash = 131072, ram = 8192} -task-slots = ["swd"] +max-sizes = {flash = 12400, ram = 8192} +task-slots = ["attest", "swd"] stacksize = 2048 [tasks.sp_measure.config] diff --git a/app/rot-carrier/app.toml b/app/rot-carrier/app.toml index dae76f5ac..9dd3a31c7 100644 --- a/app/rot-carrier/app.toml +++ b/app/rot-carrier/app.toml @@ -194,8 +194,8 @@ task-slots = ["gpio_driver", "swd", "update_server"] [tasks.sp_measure] name = "task-sp-measure" priority = 6 -max-sizes = {flash = 131072, ram = 8192} -task-slots = ["swd"] +max-sizes = {flash = 12400, ram = 8192} +task-slots = ["attest", "swd"] stacksize = 2048 [tasks.sp_measure.config] diff --git a/task/sp_measure/Cargo.toml b/task/sp_measure/Cargo.toml index 55b5757e5..646d6202f 100644 --- a/task/sp_measure/Cargo.toml +++ b/task/sp_measure/Cargo.toml @@ -7,8 +7,10 @@ edition = "2021" sha3 = { workspace = true } drv-sp-ctrl-api = { path = "../../drv/sp-ctrl-api" } +attest-api = { path = "../../task/attest-api" } ringbuf = { path = "../../lib/ringbuf" } userlib = { path = "../../sys/userlib", features = ["panic-messages"] } +zerocopy = { workspace = true } [build-dependencies] anyhow = { workspace = true } diff --git a/task/sp_measure/src/main.rs b/task/sp_measure/src/main.rs index 70ccbd84d..7bd18ddd2 100644 --- a/task/sp_measure/src/main.rs +++ b/task/sp_measure/src/main.rs @@ -5,15 +5,18 @@ #![no_std] #![no_main] +use attest_api::{Attest, AttestError, HashAlgorithm}; use drv_sp_ctrl_api::*; use ringbuf::*; use sha3::{Digest, Sha3_256}; use userlib::*; +use zerocopy::AsBytes; const READ_SIZE: usize = 256; const TRANSACTION_SIZE: u32 = 1024; +task_slot!(ATTEST, attest); task_slot!(SP_CTRL, swd); #[derive(Copy, Clone, PartialEq)] @@ -22,6 +25,7 @@ enum Trace { End(u64), ShaGood, ShaBad, + RecordFail(AttestError), None, } @@ -68,6 +72,14 @@ fn main() -> ! { ringbuf_entry!(Trace::ShaBad); } + let attest = Attest::from(ATTEST.get_task_id()); + if let Err(e) = + attest.record(HashAlgorithm::Sha3_256, sha_out.as_bytes()) + { + ringbuf_entry!(Trace::RecordFail(e)); + panic!(); + }; + // Wait for a notification that will never come, politer than // busy looping forever if sys_recv_closed(&mut [], 1, TaskId::KERNEL).is_err() { From 83fd2ba1276317c15ebd0a1262f1dff15e55d470 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Wed, 26 Jul 2023 16:38:48 -0700 Subject: [PATCH 3/5] sp_measure: Remove comparison of hash collected to expected value. This was great for development. Less so now. --- Cargo.lock | 4 ---- app/rot-carrier/app.toml | 3 --- task/sp_measure/Cargo.toml | 6 ------ task/sp_measure/build.rs | 37 ------------------------------------- task/sp_measure/src/main.rs | 7 ------- 5 files changed, 57 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 97ba720f2..fe3723fff 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4427,14 +4427,10 @@ dependencies = [ name = "task-sp-measure" version = "0.1.0" dependencies = [ - "anyhow", "attest-api", "build-util", "drv-sp-ctrl-api", - "idol", - "quote", "ringbuf", - "serde", "sha3", "userlib", "zerocopy", diff --git a/app/rot-carrier/app.toml b/app/rot-carrier/app.toml index 9dd3a31c7..c2cf001ed 100644 --- a/app/rot-carrier/app.toml +++ b/app/rot-carrier/app.toml @@ -198,9 +198,6 @@ max-sizes = {flash = 12400, ram = 8192} task-slots = ["attest", "swd"] stacksize = 2048 -[tasks.sp_measure.config] -binary_path = "../../target/gimletlet/dist/default/final.bin" - [tasks.attest] name = "task-attest" priority = 5 diff --git a/task/sp_measure/Cargo.toml b/task/sp_measure/Cargo.toml index 646d6202f..bddc1e171 100644 --- a/task/sp_measure/Cargo.toml +++ b/task/sp_measure/Cargo.toml @@ -13,12 +13,6 @@ userlib = { path = "../../sys/userlib", features = ["panic-messages"] } zerocopy = { workspace = true } [build-dependencies] -anyhow = { workspace = true } -idol = { workspace = true } -quote = { workspace = true } -serde = { workspace = true } -sha3 = { workspace = true } - build-util = { path = "../../build/util" } # This section is here to discourage RLS/rust-analyzer from doing test builds, diff --git a/task/sp_measure/build.rs b/task/sp_measure/build.rs index 3df391224..974d1b55d 100644 --- a/task/sp_measure/build.rs +++ b/task/sp_measure/build.rs @@ -2,15 +2,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use serde::Deserialize; -use sha3::{Digest, Sha3_256}; use std::io::Write; -use std::path::PathBuf; - -#[derive(Debug, Deserialize)] -struct TaskConfig { - binary_path: PathBuf, -} const TEST_SIZE: usize = 0x0010_0000; @@ -19,39 +11,10 @@ fn main() -> Result<(), Box> { let dest_path = out_dir.join("expected.rs"); let mut file = std::fs::File::create(&dest_path)?; - let task_config = build_util::task_config::()?; - - println!("cargo:rerun-if-changed={:?}", task_config.binary_path); - - // We intentionally don't error out of the binary path isn't - // found. There's no way to have another binary available for CI - // unless we check something in which will still be wrong. It's - // still useful to calculate a hash to demonstrate the connection - // works. - let bin = match std::fs::read(&task_config.binary_path) { - Ok(b) => b, - Err(_) => vec![0; 256], - }; - writeln!(&mut file, "const FLASH_START: u32 = 0x0800_0000;").unwrap(); writeln!(&mut file, "const TEST_SIZE: u32 = {};", TEST_SIZE).unwrap(); writeln!(&mut file, "const FLASH_END: u32 = FLASH_START + TEST_SIZE;") .unwrap(); - let mut sha = Sha3_256::new(); - sha.update(&bin); - - let extra: Vec = vec![0xff; TEST_SIZE - bin.len()]; - - sha.update(&extra); - - let sha_out = sha.finalize(); - - writeln!(&mut file, "const EXPECTED : [u8; 32] = [").unwrap(); - for b in sha_out { - writeln!(&mut file, "0x{:x},", b).unwrap(); - } - writeln!(&mut file, "];").unwrap(); - Ok(()) } diff --git a/task/sp_measure/src/main.rs b/task/sp_measure/src/main.rs index 7bd18ddd2..bd55088a1 100644 --- a/task/sp_measure/src/main.rs +++ b/task/sp_measure/src/main.rs @@ -23,8 +23,6 @@ task_slot!(SP_CTRL, swd); enum Trace { Start(u64), End(u64), - ShaGood, - ShaBad, RecordFail(AttestError), None, } @@ -66,11 +64,6 @@ fn main() -> ! { let end = sys_get_timer().now; ringbuf_entry!(Trace::End(end)); - if sha_out.as_slice() == EXPECTED.as_slice() { - ringbuf_entry!(Trace::ShaGood); - } else { - ringbuf_entry!(Trace::ShaBad); - } let attest = Attest::from(ATTEST.get_task_id()); if let Err(e) = From 4df41c08e244810d7c7560bd84641bb1702a3e82 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Wed, 26 Jul 2023 16:49:14 -0700 Subject: [PATCH 4/5] jefe: hold sp_measure `sp_measure` panic's on most / all errors. This causes `jefe` to restart it. In testing this has casued the `swd` task to get stuck in the RUNNING state. Better to hold this task than lock up the system. --- app/rot-carrier/app.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/rot-carrier/app.toml b/app/rot-carrier/app.toml index c2cf001ed..330a0688e 100644 --- a/app/rot-carrier/app.toml +++ b/app/rot-carrier/app.toml @@ -27,6 +27,9 @@ features = ["itm"] stacksize = 1536 notifications = ["fault", "timer"] +[tasks.jefe.config] +tasks-to-hold = ["sp_measure"] + [tasks.jefe.config.allowed-callers] request_reset = ["update_server"] From 72bfa85af4768d37723e4a03880dc450f66fad90 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Tue, 8 Aug 2023 09:41:00 -0700 Subject: [PATCH 5/5] sp_measure: Remove unnecessary loop in main. This task is intended to run once when the system boots and the task it performs should not be repeated. Jefe will no longer restart this task and so we could remove the final call to `sys_recv_closed` as well, however tasks that return from their `main` function are reported as having executed an illegal instruction. So we leave this call in place to prevent a scary message from showing up in the task list: `FAULT: illegal instruction (was: ready)` --- task/sp_measure/src/main.rs | 74 ++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/task/sp_measure/src/main.rs b/task/sp_measure/src/main.rs index bd55088a1..6f8f0cdeb 100644 --- a/task/sp_measure/src/main.rs +++ b/task/sp_measure/src/main.rs @@ -30,54 +30,50 @@ enum Trace { ringbuf!(Trace, 16, Trace::None); #[export_name = "main"] -fn main() -> ! { - loop { - let mut sha = Sha3_256::new(); - let sp_ctrl = SpCtrl::from(SP_CTRL.get_task_id()); +fn main() { + let mut sha = Sha3_256::new(); + let sp_ctrl = SpCtrl::from(SP_CTRL.get_task_id()); - if sp_ctrl.setup().is_err() { + if sp_ctrl.setup().is_err() { + panic!(); + } + + let mut data: [u8; READ_SIZE] = [0; READ_SIZE]; + + let start = sys_get_timer().now; + ringbuf_entry!(Trace::Start(start)); + for addr in (FLASH_START..FLASH_END).step_by(READ_SIZE) { + if addr % TRANSACTION_SIZE == 0 + && sp_ctrl + .read_transaction_start(addr, addr + TRANSACTION_SIZE) + .is_err() + { panic!(); } - let mut data: [u8; READ_SIZE] = [0; READ_SIZE]; - - let start = sys_get_timer().now; - ringbuf_entry!(Trace::Start(start)); - for addr in (FLASH_START..FLASH_END).step_by(READ_SIZE) { - if addr % TRANSACTION_SIZE == 0 - && sp_ctrl - .read_transaction_start(addr, addr + TRANSACTION_SIZE) - .is_err() - { - panic!(); - } - - data.fill(0); - if sp_ctrl.read_transaction(&mut data).is_err() { - panic!(); - } - - sha.update(&data); + data.fill(0); + if sp_ctrl.read_transaction(&mut data).is_err() { + panic!(); } - let sha_out = sha.finalize(); + sha.update(&data); + } - let end = sys_get_timer().now; - ringbuf_entry!(Trace::End(end)); + let sha_out = sha.finalize(); - let attest = Attest::from(ATTEST.get_task_id()); - if let Err(e) = - attest.record(HashAlgorithm::Sha3_256, sha_out.as_bytes()) - { - ringbuf_entry!(Trace::RecordFail(e)); - panic!(); - }; + let end = sys_get_timer().now; + ringbuf_entry!(Trace::End(end)); - // Wait for a notification that will never come, politer than - // busy looping forever - if sys_recv_closed(&mut [], 1, TaskId::KERNEL).is_err() { - panic!(); - } + let attest = Attest::from(ATTEST.get_task_id()); + if let Err(e) = attest.record(HashAlgorithm::Sha3_256, sha_out.as_bytes()) { + ringbuf_entry!(Trace::RecordFail(e)); + panic!(); + }; + + // Wait for a notification that will never come, politer than + // busy looping forever + if sys_recv_closed(&mut [], 1, TaskId::KERNEL).is_err() { + panic!(); } }