[signing] Sign new perso binaries

Build and sign personalization binaries. Signed-off-by: Chris Frantz <[email protected]>
lowRISC · Feb 8, 2025 · 09a5789 · 09a5789
1 parent 1105200
commit 09a5789
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 1 deletion.
diff --git a/signing/logs/2025-02-08.md b/signing/logs/2025-02-08.md
@@ -0,0 +1,103 @@
+# Signing Ceremony 2025-02-08
+
+- Purpose:
+    - Sign FT personalization binaries.
+    - Introduce ECDSA P256 + SLH-DSA hybrid signing for personalization binaries.
+- Participants: cfrantz(leader), timothytrippel (witness), moidx (witness).
+
+## Ceremony Prolog
+
+Before the ceremony, we double checked build reproducibility.
+At opentitan commit 1105200082c529b7ec7e4096b7c927fb4a19c335 on branch
+`earlgrey_1.0.0`, we ran:
+
+```
+$ bazel build --stamp \
+    //sw/device/silicon_creator/manuf/base:digests
+    //sw/host/hsmtool
+$ sha256sum bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/manuf/base/digests.tar
+d2286a3a07950e9824cbd67d3812e28f41f9fa872632b82764b66b85b87b92be  bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/manuf/base/digests.tar
+```
+
+Note: there is a build reproducibility error with perso images that use the CWT DICE certificate format.
+We verified that the perso images that use X.509 DICE certificate formats are reproducible by examining the SHA256 digests of the individual personalization binaries themselves:
+
+```
+$ sha256sum *.digest
+6076b9f552e06abf94019576f5ca8218cb42b69bff011690ca6fa7de25227b3d  ft_personalize_gb_cros_fpga_cw340_rom_with_fake_keys.digest
+9b3f76398ee6780aacda936e9c73e06832515449a90c6583fba91758970a410f  ft_personalize_gb_cros_fpga_hyper310_rom_with_fake_keys.digest
+8054747ebe96f51c7f4577f06dd4b4fc5385bf339829e5ca3c34c56e90f57d67  ft_personalize_gb_cros_silicon_creator.digest
+ee1e5d98180f54ba01df473c96cabe0ec5c67cbd5293152ed526924dfc53a889  ft_personalize_gb_ti_fpga_cw340_rom_with_fake_keys.digest
+b0cd8b35eb64a52f2ed3902025a667d28091b8f79e4376c6665a8b070e283eca  ft_personalize_gb_ti_fpga_hyper310_rom_with_fake_keys.digest
+15c8a7729aa1681357c0ba4675298c56be9b3358ed0d7f8ad757bcadc3e852e6  ft_personalize_gb_ti_silicon_creator.digest
+dcb636b23138c58498cf5fd64993b1fcee1f395f97b97e0eb7a1a42d06ade830  ft_personalize_sival_fpga_cw340_rom_with_fake_keys.digest
+9f3d0d768693b0ccb31638fe2088c4c031c857446041f9540bd5ac506606c38e  ft_personalize_sival_fpga_hyper310_rom_with_fake_keys.digest
+f26c2a9de7070a713dbd2e12cd8dfd7918f3982cb20bdaa6aaa4274243839dd6  ft_personalize_sival_silicon_creator.digest
+```
+
+We copied the digests and `hsmtool` to a staging subdirectory.
+```
+cp bazel-bin/sw/host/hsmtool/hsmtool ${STAGING_DIR}
+cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/manuf/base/digests.tar ${STAGING_DIR}
+```
+
+## NitroKey Preparation
+
+In order to communicate with the NitroKey token holding the key material, we used the `opensc` package.
+
+## Ceremony
+
+### Setup & Authenticate to the HSM
+
+```
+$ cd ${STAGING_DIR}
+$ export HSMTOOL_MODULE=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+$ ./hsmtool token list
+{
+  "tokens": [
+    {
+      "label": "earlgrey_a1",
+      "manufacturer_id": "www.cardcontact.de",
+      "model": "SmartCard-HSM"
+      "serial_number": "DENK0107146"
+    }
+  ]
+}
+$ export HSMTOOL_SPX_MODULE=pkcs11-ef
+```
+
+## Signing
+
+Signing was performed in the staging subdirectory.
+I have an `hsmtool` profile defined named `earlgrey_a1` which supplies the username and PIN.
+
+### Personalization signatures
+
+```
+$ mkdir perso
+$ cd perso
+$ tar xvf ../digests.tar
+$ ../hsmtool -t earlgrey_a1 -u user -p ${PIN} exec provisioning_sival.json
+$ ../hsmtool -t earlgrey_a1 -u user -p ${PIN} exec provisioning_gb_cros.json
+$ ../hsmtool -t earlgrey_a1 -u user -p ${PIN} exec provisioning_gb_pixel.json
+$ ../hsmtool -t earlgrey_a1 -u user -p ${PIN} exec provisioning_gb_ti.json
+```
+
+## Ceremony Epilog
+
+After signing, the signatures were collected so they could be tested prior to
+publishing the signatures and binaries.
+
+```
+$ tar cvf signatures.tar */*_sig
+...
+$ exit
+```
+
+### Attaching signatures
+
+The following command was used to attach the signatures to the personalization binaries:
+
+```
+bazel build --stamp //sw/device/silicon_creator/manuf/base:signed
+```
diff --git a/...creator/manuf/base/binaries/ft_personalize_sival_fpga_cw340_rom_with_fake_keys.signed.bin b/...creator/manuf/base/binaries/ft_personalize_sival_fpga_cw340_rom_with_fake_keys.signed.bin
diff --git a/...ator/manuf/base/binaries/ft_personalize_sival_fpga_hyper310_rom_with_fake_keys.signed.bin b/...ator/manuf/base/binaries/ft_personalize_sival_fpga_hyper310_rom_with_fake_keys.signed.bin
diff --git a/...evice/silicon_creator/manuf/base/binaries/ft_personalize_sival_silicon_creator.signed.bin b/...evice/silicon_creator/manuf/base/binaries/ft_personalize_sival_silicon_creator.signed.bin
diff --git a/...reator/manuf/base/signatures/ft_personalize_sival_fpga_cw340_rom_with_fake_keys.ecdsa_sig b/...reator/manuf/base/signatures/ft_personalize_sival_fpga_cw340_rom_with_fake_keys.ecdsa_sig
diff --git a/...tor/manuf/base/signatures/ft_personalize_sival_fpga_hyper310_rom_with_fake_keys.ecdsa_sig b/...tor/manuf/base/signatures/ft_personalize_sival_fpga_hyper310_rom_with_fake_keys.ecdsa_sig
diff --git a/...vice/silicon_creator/manuf/base/signatures/ft_personalize_sival_silicon_creator.ecdsa_sig b/...vice/silicon_creator/manuf/base/signatures/ft_personalize_sival_silicon_creator.ecdsa_sig
@@ -1 +1 @@
-@a���W>'��*?�!�qEe3���3�̍�{)�QMܐ�FE�DDŪ��!��.ƭ��d7
+��7/����țrCɾ&�����,;;M�E�"��G�lJR$�\��wQL&����t�VJ�З�
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		@a��W>'��*?�!�qEe3��3�̍�{)�QMܐ�FE�DDŪ��!��.ƭ��d7
		��7/��țrCɾ&��,;;M�E�"��G�lJR$�\��wQL&��t�VJ�З�
Expand Down