Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP sp_measure: record measurement in attest task #1482

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

WIP sp_measure: record measurement in attest task #1482

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
db50799
rot-carrier: config sp_measure to hash gimletlet SP image
flihp Jul 25, 2023
1c162d0
sp_measure: Record SP measurement in 'attest' task.
flihp Jul 25, 2023
83fd2ba
sp_measure: Remove comparison of hash collected to expected value.
flihp Jul 26, 2023
4df41c0
jefe: hold sp_measure
flihp Jul 26, 2023
72bfa85
sp_measure: Remove unnecessary loop in main.
flihp Aug 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions app/oxide-rot-1/app-dev.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,8 @@ task-slots = ["swd"]
[tasks.sp_measure]
name = "task-sp-measure"
priority = 6
max-sizes = {flash = 131072, ram = 8192}
task-slots = ["swd"]
max-sizes = {flash = 12400, ram = 8192}
task-slots = ["attest", "swd"]
stacksize = 2048

[tasks.sp_measure.config]
Expand Down
10 changes: 5 additions & 5 deletions app/rot-carrier/app.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ features = ["itm"]
stacksize = 1536
notifications = ["fault", "timer"]

[tasks.jefe.config]
tasks-to-hold = ["sp_measure"]

[tasks.jefe.config.allowed-callers]
request_reset = ["update_server"]

Expand Down Expand Up @@ -194,13 +197,10 @@ task-slots = ["gpio_driver", "swd", "update_server"]
[tasks.sp_measure]
name = "task-sp-measure"
priority = 6
max-sizes = {flash = 131072, ram = 8192}
task-slots = ["swd"]
max-sizes = {flash = 12400, ram = 8192}
task-slots = ["attest", "swd"]
stacksize = 2048

[tasks.sp_measure.config]
binary_path = "../../target/gemini-bu/dist/final.bin"

[tasks.attest]
name = "task-attest"
priority = 5
Expand Down
8 changes: 2 additions & 6 deletions task/sp_measure/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,12 @@ edition = "2021"
sha3 = { workspace = true }

drv-sp-ctrl-api = { path = "../../drv/sp-ctrl-api" }
attest-api = { path = "../../task/attest-api" }
ringbuf = { path = "../../lib/ringbuf" }
userlib = { path = "../../sys/userlib", features = ["panic-messages"] }
zerocopy = { workspace = true }

[build-dependencies]
anyhow = { workspace = true }
idol = { workspace = true }
quote = { workspace = true }
serde = { workspace = true }
sha3 = { workspace = true }

build-util = { path = "../../build/util" }

# This section is here to discourage RLS/rust-analyzer from doing test builds,
Expand Down
37 changes: 0 additions & 37 deletions task/sp_measure/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,7 @@
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.

use serde::Deserialize;
use sha3::{Digest, Sha3_256};
use std::io::Write;
use std::path::PathBuf;

#[derive(Debug, Deserialize)]
struct TaskConfig {
binary_path: PathBuf,
}

const TEST_SIZE: usize = 0x0010_0000;

Expand All @@ -19,39 +11,10 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let dest_path = out_dir.join("expected.rs");
let mut file = std::fs::File::create(&dest_path)?;

let task_config = build_util::task_config::<TaskConfig>()?;

println!("cargo:rerun-if-changed={:?}", task_config.binary_path);

// We intentionally don't error out of the binary path isn't
// found. There's no way to have another binary available for CI
// unless we check something in which will still be wrong. It's
// still useful to calculate a hash to demonstrate the connection
// works.
let bin = match std::fs::read(&task_config.binary_path) {
Ok(b) => b,
Err(_) => vec![0; 256],
};

writeln!(&mut file, "const FLASH_START: u32 = 0x0800_0000;").unwrap();
writeln!(&mut file, "const TEST_SIZE: u32 = {};", TEST_SIZE).unwrap();
writeln!(&mut file, "const FLASH_END: u32 = FLASH_START + TEST_SIZE;")
.unwrap();

let mut sha = Sha3_256::new();
sha.update(&bin);

let extra: Vec<u8> = vec![0xff; TEST_SIZE - bin.len()];

sha.update(&extra);

let sha_out = sha.finalize();

writeln!(&mut file, "const EXPECTED : [u8; 32] = [").unwrap();
for b in sha_out {
writeln!(&mut file, "0x{:x},", b).unwrap();
}
writeln!(&mut file, "];").unwrap();

Ok(())
}
79 changes: 40 additions & 39 deletions task/sp_measure/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,74 +5,75 @@
#![no_std]
#![no_main]

use attest_api::{Attest, AttestError, HashAlgorithm};
use drv_sp_ctrl_api::*;
use ringbuf::*;
use sha3::{Digest, Sha3_256};
use userlib::*;
use zerocopy::AsBytes;

const READ_SIZE: usize = 256;

const TRANSACTION_SIZE: u32 = 1024;

task_slot!(ATTEST, attest);
task_slot!(SP_CTRL, swd);

#[derive(Copy, Clone, PartialEq)]
enum Trace {
Start(u64),
End(u64),
ShaGood,
ShaBad,
RecordFail(AttestError),
None,
}

ringbuf!(Trace, 16, Trace::None);

#[export_name = "main"]
fn main() -> ! {
loop {
let mut sha = Sha3_256::new();
let sp_ctrl = SpCtrl::from(SP_CTRL.get_task_id());
fn main() {
let mut sha = Sha3_256::new();
let sp_ctrl = SpCtrl::from(SP_CTRL.get_task_id());

if sp_ctrl.setup().is_err() {
if sp_ctrl.setup().is_err() {
panic!();
}

let mut data: [u8; READ_SIZE] = [0; READ_SIZE];

let start = sys_get_timer().now;
ringbuf_entry!(Trace::Start(start));
for addr in (FLASH_START..FLASH_END).step_by(READ_SIZE) {
if addr % TRANSACTION_SIZE == 0
&& sp_ctrl
.read_transaction_start(addr, addr + TRANSACTION_SIZE)
.is_err()
{
panic!();
}

let mut data: [u8; READ_SIZE] = [0; READ_SIZE];

let start = sys_get_timer().now;
ringbuf_entry!(Trace::Start(start));
for addr in (FLASH_START..FLASH_END).step_by(READ_SIZE) {
if addr % TRANSACTION_SIZE == 0
&& sp_ctrl
.read_transaction_start(addr, addr + TRANSACTION_SIZE)
.is_err()
{
panic!();
}

data.fill(0);
if sp_ctrl.read_transaction(&mut data).is_err() {
panic!();
}

sha.update(&data);
data.fill(0);
if sp_ctrl.read_transaction(&mut data).is_err() {
panic!();
}

let sha_out = sha.finalize();
sha.update(&data);
}

let sha_out = sha.finalize();

let end = sys_get_timer().now;
ringbuf_entry!(Trace::End(end));
if sha_out.as_slice() == EXPECTED.as_slice() {
ringbuf_entry!(Trace::ShaGood);
} else {
ringbuf_entry!(Trace::ShaBad);
}
let end = sys_get_timer().now;
ringbuf_entry!(Trace::End(end));

// Wait for a notification that will never come, politer than
// busy looping forever
if sys_recv_closed(&mut [], 1, TaskId::KERNEL).is_err() {
panic!();
}
let attest = Attest::from(ATTEST.get_task_id());
if let Err(e) = attest.record(HashAlgorithm::Sha3_256, sha_out.as_bytes()) {
ringbuf_entry!(Trace::RecordFail(e));
panic!();
};

// Wait for a notification that will never come, politer than
// busy looping forever
if sys_recv_closed(&mut [], 1, TaskId::KERNEL).is_err() {
panic!();
}
}

Expand Down