[rom_ext] fix CDI_* update bug

If non-CWT CDI certs are found in flash info page 19, we should treat
this case as if the cert page is empty, and regenerate the certs. This
enables running an X.509 ROM_EXT first and changing to a CWT ROM_EXT
later. Since UDS cert is never generated outside perso (and is on a
separate flash page), the UDS cert format is defined at provisioning
time.

Signed-off-by: Tim Trippel <[email protected]>

Author: timothytrippel

sw/device/silicon_creator/rom_ext/rom_ext.c

@@ -630,9 +630,14 @@ static rom_error_t dice_chain_load_cert_obj(const char *name,
 
   HARDENED_RETURN_IF_ERROR(err);
 
-  // Check if this cert is what we are looking for.
+  // Check if this cert is what we are looking for. The name and type (X.509 vs
+  // CWT) should match.
   HARDENED_CHECK_LE(name_size, sizeof(dice_chain.cert_obj.name));
-  if (name == NULL || memcmp(dice_chain.cert_obj.name, name, name_size) != 0) {
+  const perso_tlv_object_type_t kExpectedCertType =
+      kDiceCertFormat == kDiceCertFormatX509TcbInfo ? kPersoObjectTypeX509Cert
+                                                    : kPersoObjectTypeCwtCert;
+  if (name == NULL || memcmp(dice_chain.cert_obj.name, name, name_size) != 0 ||
+      kExpectedCertType != dice_chain.cert_obj.obj_type) {
     // Name unmatched, keep the cert_obj but mark it as invalid.
     dice_chain.cert_valid = kHardenedBoolFalse;
     return kErrorOk;