[rom_ext,e2e] add ROM_EXT E2E test to check variation interoperability

timothytrippel · timothytrippel · commit 2d37e7ba0dda · 2025-02-07T09:48:31.000-08:00
There are two flavors of ROM_EXT:
1. one that uses X.509 DICE cert encodings, and
2. one that uses CWT DICE cert encodings.

If you run one first, you should be able to run the other later and the
ROM_EXT should seemlessly update the CDI certs. This adds a test to
check this behavior works as intended.

Signed-off-by: Tim Trippel &lt;ttrippel@google.com&gt;
diff --git a/sw/device/silicon_creator/rom_ext/e2e/dice_chain/BUILD b/sw/device/silicon_creator/rom_ext/e2e/dice_chain/BUILD
@@ -2,15 +2,27 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
+load("//rules:const.bzl", "CONST", "hex")
+load("//rules:manifest.bzl", "manifest")
+load("//rules/opentitan:cc.bzl", "opentitan_binary_assemble")
 load(
     "//rules/opentitan:defs.bzl",
     "fpga_params",
+    "opentitan_binary",
     "opentitan_test",
 )
+load(
+    "//sw/device/silicon_creator/rom/e2e:defs.bzl",
+    "SLOTS",
+)
 load(
     "//sw/device/silicon_creator/rom_ext:defs.bzl",
     "ROM_EXT_VARIATIONS",
 )
+load(
+    "//sw/device/silicon_creator/rom_ext/e2e:defs.bzl",
+    "OWNER_SLOTS",
+)
 
 package(default_visibility = ["//visibility:public"])
 
@@ -38,3 +50,91 @@ package(default_visibility = ["//visibility:public"])
     )
     for variation in ROM_EXT_VARIATIONS.keys()
 ]
+
+manifest({
+    "name": "owner_manifest",
+    "identifier": hex(CONST.OWNER),
+    "visibility": ["//visibility:private"],
+})
+
+opentitan_binary(
+    name = "print_certs_for_assemble",
+    testonly = True,
+    srcs = ["//sw/device/silicon_creator/rom_ext/e2e/attestation:print_certs.c"],
+    exec_env = {
+        "//hw/top_earlgrey:fpga_hyper310_rom_ext": None,
+        "//hw/top_earlgrey:fpga_cw340_rom_ext": None,
+    },
+    linker_script = "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
+    manifest = ":owner_manifest",
+    deps = [
+        "//sw/device/lib/base:status",
+        "//sw/device/lib/runtime:log",
+        "//sw/device/lib/runtime:print",
+        "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
+        "//sw/device/silicon_creator/manuf/base:perso_tlv_data",
+    ],
+)
+
+[
+    opentitan_binary_assemble(
+        name = "{}_rom_ext_owner_bundle".format(variation),
+        testonly = True,
+        bins = {
+            "//sw/device/silicon_creator/rom_ext:rom_ext_{}_slot_a".format(variation): SLOTS["a"],
+            ":print_certs_for_assemble": OWNER_SLOTS["a"],
+        },
+        exec_env = [
+            "//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys",
+            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys",
+        ],
+    )
+    for variation in ROM_EXT_VARIATIONS.keys()
+]
+
+_VARIATION_INTEROP_TEST_CASES = [
+    {
+        "first": "x509",
+        "second": "cwt",
+    },
+    {
+        "first": "cwt",
+        "second": "x509",
+    },
+]
+
+[
+    opentitan_test(
+        name = "variation_interop_{}_first_test".format(tc["first"]),
+        exec_env = {
+            "//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys": None,
+            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
+        },
+        fpga = fpga_params(
+            binaries = {
+                ":dice_{}_rom_ext_owner_bundle".format(tc["second"]): "second",
+                ":dice_{}_rom_ext_owner_bundle".format(tc["first"]): "firmware",
+            },
+            otp = "//sw/device/silicon_creator/rom_ext/e2e:otp_img_secret2_locked_rma",
+            test_cmd = """
+                --clear-bitstream
+                --bootstrap={firmware}
+                --second-bootstrap={second}
+            """,
+            test_harness = "//sw/host/tests/rom_ext/e2e_variation_interop",
+        ),
+    )
+    for tc in _VARIATION_INTEROP_TEST_CASES
+]
+
+test_suite(
+    name = "variation_interop_tests",
+    tags = ["manual"],
+    tests = [
+        "variation_interop_{}_first_test".format(
+            tc["first"],
+        )
+        for tc in _VARIATION_INTEROP_TEST_CASES
+    ],
+)
diff --git a/sw/device/silicon_creator/rom_ext/rom_ext.c b/sw/device/silicon_creator/rom_ext/rom_ext.c
@@ -875,7 +875,7 @@ rom_error_t dice_chain_attestation_owner(
   HARDENED_RETURN_IF_ERROR(dice_chain_load_cert_obj("CDI_1", /*name_size=*/6));
   if (launder32(dice_chain.cert_valid) == kHardenedBoolFalse) {
     HARDENED_CHECK_EQ(dice_chain.cert_valid, kHardenedBoolFalse);
-    dbg_printf("warning: CDI_1 certificate not valid. updating\r\n");
+    dbg_printf("warning: CDI_1 certificate not valid; updating\r\n");
     // Update the cert page buffer.
     size_t updated_cert_size = kScratchCertSizeBytes;
     HARDENED_RETURN_IF_ERROR(dice_cdi_1_cert_build(
diff --git a/sw/host/tests/rom_ext/e2e_variation_interop/BUILD b/sw/host/tests/rom_ext/e2e_variation_interop/BUILD
@@ -0,0 +1,23 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@rules_rust//rust:defs.bzl", "rust_binary")
+
+package(default_visibility = ["//visibility:public"])
+
+rust_binary(
+    name = "e2e_variation_interop",
+    srcs = [
+        "src/main.rs",
+    ],
+    deps = [
+        "//sw/host/opentitanlib",
+        "//third_party/rust/crates:anyhow",
+        "//third_party/rust/crates:clap",
+        "//third_party/rust/crates:humantime",
+        "//third_party/rust/crates:log",
+        "//third_party/rust/crates:num_enum",
+        "//third_party/rust/crates:regex",
+    ],
+)
diff --git a/sw/host/tests/rom_ext/e2e_variation_interop/src/main.rs b/sw/host/tests/rom_ext/e2e_variation_interop/src/main.rs
@@ -0,0 +1,95 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+//! ROM_EXT E2E Variation Interoperability test.
+//!
+//! This test harness checks that an CWT ROM_EXT can be booted on a chip before and after an X.509
+//! ROM_EXT can be booted, and vice versa. In both cases, CDI_* should be regenerated by the
+//! ROM_EXT seamlessly.
+
+use std::path::PathBuf;
+use std::time::Duration;
+
+use anyhow::{anyhow, Context};
+use clap::Parser;
+use regex::Regex;
+
+use opentitanlib::test_utils::init::InitializeTest;
+use opentitanlib::uart::console::{ExitStatus, UartConsole};
+
+/// CLI args for this test.
+#[derive(Debug, Parser)]
+struct Opts {
+    #[command(flatten)]
+    init: InitializeTest,
+
+    /// Second image (ROM_EXT + Owner FW bundle) to bootstrap.
+    #[arg(long)]
+    second_bootstrap: PathBuf,
+
+    /// Console receive timeout.
+    #[arg(long, value_parser = humantime::parse_duration, default_value = "30s")]
+    timeout: Duration,
+}
+
+fn main() -> anyhow::Result<()> {
+    let opts = Opts::parse();
+    opts.init.init_logging();
+
+    // Bootstrap first ROM_EXT + Owner FW.
+    let transport = opts.init.init_target()?;
+    let uart = transport.uart("console").context("failed to get UART")?;
+
+    // Wait for CDI_* update messags.
+    for i in 0..2 {
+        let _ = UartConsole::wait_for(
+            &*uart,
+            format!(r"warning: CDI_{:?} certificate not valid; updating", i).as_str(),
+            opts.timeout,
+        )?;
+    }
+
+    // Wait for pass message from first owner firmware stage.
+    let _ = UartConsole::wait_for(&*uart, r"PASS!", opts.timeout)?;
+
+    // Bootstrap second ROM_EXT + Owner FW.
+    opts.init
+        .bootstrap
+        .load(&transport, &opts.second_bootstrap)?;
+
+    // Wait for pass message from owner firmware stage.
+    let mut console = UartConsole {
+        timeout: Some(opts.timeout),
+        exit_success: Some(Regex::new(r"PASS.*\n")?),
+        exit_failure: Some(Regex::new(r"BFV.*\n")?),
+        newline: true,
+        ..Default::default()
+    };
+    let mut stdout = std::io::stdout();
+    let result = console.interact(&*uart, None, Some(&mut stdout))?;
+    match result {
+        ExitStatus::None | ExitStatus::CtrlC => Ok(()),
+        ExitStatus::Timeout => {
+            if console.exit_success.is_some() {
+                Err(anyhow!("Console timeout exceeded"))
+            } else {
+                Ok(())
+            }
+        }
+        ExitStatus::ExitSuccess => {
+            log::info!(
+                "ExitSuccess({:?})",
+                console.captures(result).unwrap().get(0).unwrap().as_str()
+            );
+            Ok(())
+        }
+        ExitStatus::ExitFailure => {
+            log::info!(
+                "ExitFailure({:?})",
+                console.captures(result).unwrap().get(0).unwrap().as_str()
+            );
+            Err(anyhow!("Matched exit_failure expression"))
+        }
+    }
+}
