search

chipsalliance / caliptra-sw

Caliptra software (ROM, FMC, runtime firmware), and libraries/tools needed to build and test
Apache License 2.0
52 stars 39 forks source link

Test failure: warm_reset_basic #932

Closed korran closed 11 months ago

korran commented 11 months ago

This test is failing on both FPGA and verilator models:

cargo test -p caliptra-test --release --features=fpga_realtime warm_reset_basic -- --nocapture
test warm_reset_basic ...           0 new_unbooted
          1 ready_for_fuses is high
          1 writing to cptra_bootfsm_go
         10 UART: 
         10 UART: Running Caliptra ROM ...
         11 UART: 
         11 UART: [state] CFI Enabled
         11 UART: [state] LifecycleState = Production
         11 UART: [state] DebugLocked = Yes
         11 UART: [state] Starting the Watchdog Timer
         18 UART: ROM Digest: B2420B162026FE80BFF68735DC311124219ACA4279F96FC13507B26B7699A06D
         19 UART: [kat] ++
         19 UART: [kat] sha1
         19 UART: [kat] SHA2-256
         19 UART: [kat] SHA2-384
         20 UART: [kat] SHA2-384-ACC
         20 UART: [kat] ECC-384
        134 UART: [kat] HMAC-384
        134 UART: [kat] LMS
        186 UART: [kat] --
        186 UART: [cold-reset] ++
        186 UART: [fht] Storing FHT @ 0x50003400
        187 UART: [idev] ++
        187 UART: [idev] CDI.KEYID = 6
        187 UART: [idev] SUBJECT.KEYID = 7
        187 UART: [idev] UDS.KEYID = 0
        188 UART: [idev] Erasing UDS.KEYID = 0
        351 UART: [idev] Using Sha1 for KeyId Algorithm
        352 UART: [idev] --
        352 UART: [ldev] ++
        352 UART: [ldev] CDI.KEYID = 6
        353 UART: [ldev] SUBJECT.KEYID = 5
        353 UART: [ldev] AUTHORITY.KEYID = 7
        353 UART: [ldev] FE.KEYID = 1
        353 UART: [ldev] Erasing FE.KEYID = 1
        517 UART: [ldev] Signing Cert with AUTHORITY.KEYID = 7
        632 UART: [ldev] PUB.X = 842C00AF05ACCCEB14514E2D37B0C3AAA218F15057F1DCB824A214980B744688A0888A0297FA7DC5E1EAD8CA1291DB22
        633 UART: [ldev] PUB.Y = 9C28EB8678BCE800822C07228F416AE49D218E5DA2F2D1A8A27DC19ADF668A74628999D222B40159D8076FAFBB8C5EDB
        634 UART: [ldev] SIG.R = D59DFC464DBF6A859A598FACE430319C0456AD3784693D039EA59877710BAAB4D1105C5BC6AB244CCBD05EFFA316C786
        634 UART: [ldev] SIG.S = 28889D96A9967976EB3B5B5773601DB6F09B18C8456298C04C2C853CA55A78D3D84E15465CAE31763536B45DD94768F4
        635 UART: [ldev] --
        636 ready_for_fw is high
        636 <<< Executing mbox cmd 0x46574c44 (67156 bytes) from SoC
        640 UART: [fwproc] Waiting for Commands...
        640 UART: [fwproc] Received command 0x46574c44
        640 UART: [fwproc] Received Image of size 67156 bytes
        812 UART: [fwproc] Image verified using Vendor ECC Key Index 0
        816 UART: [fwproc] Loading FMC at address 0x40000000 len 12688
        820 UART: [fwproc] Loading Runtime at address 0x40004000 len 48584
        835 >>> mbox cmd response: success
        835 UART: [afmc] ++
        835 UART: [afmc] CDI.KEYID = 6
        835 UART: [afmc] SUBJECT.KEYID = 7
        835 UART: [afmc] AUTHORITY.KEYID = 5
      1,001 UART: [afmc] Signing Cert with AUTHORITY.KEYID = 5
      1,115 UART: [afmc] Erasing AUTHORITY.KEYID = 5
      1,115 UART: [afmc] PUB.X = 0E99F941C037B07D814B5B7BFBE087E99589D2E148C74BDE9F3322E0B375688874ED0A13BCD958564377973671DF5481
      1,116 UART: [afmc] PUB.Y = 52F5064E7D6183C0835098CE18E45933C92F86557394B7DD761F42B0892403567EF13042EFB22180701A5A9AD5EB8CEE
      1,117 UART: [afmc] SIG.R = 47A7CB35E14C7DF5EEF10F7FDD6BC6EE7438EBD76D834FE004FD54A8E635A180CBF4ABA6C8D9D20F2E013B86C48A17DC
      1,118 UART: [afmc] SIG.S = 5AC72C46CE4887125D2DF7B713DE09E6E7C30CABEEEE162070B1853FE1C4C5CFCE4F3B88B08B69281575F6F0C7DB900D
      1,119 UART: [afmc] --
      1,119 UART: [cold-reset] --
      1,120 UART: [state] Stopping the Watchdog Timer
      1,120 UART: [state] Locking Datavault
      1,120 UART: [state] Locking PCR0, PCR1 and PCR31
      1,120 UART: [state] Locking ICCM
      1,120 UART: [exit] Launching FMC @ 0x40000134
      1,121 UART: 
      1,121 UART: Running Caliptra FMC ...
      1,121 UART: 
      1,121 UART: [alias rt] Extend RT PCRs
      1,123 UART: [alias rt] Extend RT PCRs Done
      1,123 UART: [alias rt] Lock RT PCRs
      1,123 UART: [alias rt] Lock RT PCRs Done
      1,123 UART: [alias rt] Populate DV
      1,123 UART: [alias rt] Populate DV Done
      1,123 UART: Handoff : FMC CDI: 6
      1,123 UART: FMC Alias Private Key: 7
      1,123 UART: [alias rt] Derive CDI
      1,123 UART: [alias rt] Store in in slot 0x4
      1,125 UART: [alias rt] Derive Key Pair
      1,125 UART: [alias rt] Store priv key in slot 0x5
      1,287 UART: [alias rt] Derive Key Pair - Done
      1,288 UART: [alias rt] Signing Cert with AUTHO
      1,288 UART:             RITY.KEYID = 7
      1,402 UART: [alias rt] Erasing AUTHORITY.KEYID = 7
      1,402 UART: [alias rt] PUB.X = CB81F609B98074BCAD4702CE0A1641DEC352CDC7D02029A80999967368D44024116734C097EEF7B48A9EE7CEEFFC7B51
      1,402 UART: [alias rt] PUB.Y = 25BBADB86E0EDB97EA7A2C3A28974F7802F8D8A93E5A70874B22B16A8DB21CFAB6AA348EE3304281B93497D3CA44A6D3
      1,403 UART: [alias rt] SIG.R = F6C2DE4D5FC2D56B0452ADD6E6887961F60FC57C93D831E637CE2B03027D947B4F731A4995E71028EDED53678D507C96
      1,403 UART: [alias rt] SIG.S = E546EA80E90A834DBEE4F867FF6A8ADCBC52FA6C2BF1CE753A5DB9B90BCA46ECEF548F6583BDCA9F8C50BB333FEE8EE0
      1,468 UART: 
      1,468 UART:   ____      _ _       _               ____ _____
      1,468 UART:  / ___|__ _| (_)_ __ | |_ _ __ __ _  |  _ \_   _|
      1,468 UART: | |   / _` | | | '_ \| __| '__/ _` | | |_) || |
      1,468 UART: | |__| (_| | | | |_) | |_| | | (_| | |  _ < | |
      1,468 UART:  \____\__,_|_|_| .__/ \__|_|  \__,_| |_| \_\|_|
      1,469 UART:                |_|
      1,469 UART: 
      1,473 UART: Caliptra RT listening for mailbox commands...
      1,473 UART: 
      1,473 UART: Running Caliptra ROM ...
      1,473 UART: 
      1,473 UART: [state] CFI Enabled
      1,473 UART: [state] LifecycleState = Production
      1,473 UART: [state] DebugLocked = Yes
      1,473 UART: [state] Starting the Watchdog Timer
      1,481 UART: ROM Digest: B2420B162026FE80BFF68735DC311124219ACA4279F96FC13507B26B7699A06D
      1,481 UART: [kat] ++
      1,481 UART: [kat] sha1
      1,482 UART: [kat] SHA2-256
      1,482 UART: [kat] SHA2-384
      1,482 UART: [kat] SHA2-384-ACC
      1,482 UART: [kat] ECC-384
      1,596 UART: [kat] HMAC-384
      1,597 UART: [kat] LMS
      1,649 UART: [kat] --
      1,649 UART: [warm-reset] ++
      1,649 UART: [warm-reset] --
      1,649 UART: [state] Stopping the Watchdog Timer
      1,649 UART: [state] Locking Datavault
      1,649 UART: [state] Locking PCR0, PCR1 and PCR31
      1,649 UART: [state] Locking ICCM
      1,650 UART: [exit] Launching FMC @ 0x40000134
      1,650 UART: 
      1,650 UART: Running Caliptra FMC ...
      1,650 UART: 
      1,650 UART: [alias rt] Extend RT PCRs
      1,650 UART: [alias rt : skip pcr extension
      1,650 UART: [alias rt] Extend RT PCRs Done
      1,650 UART: [alias rt] Lock RT PCRs
      1,650 UART: [alias rt] Lock RT PCRs Done
      1,650 UART: [alias rt] Populate DV
      1,650 UART: [alias rt] Populate DV Done
      1,651 UART: Handoff : FMC CDI: 6
      1,651 UART: FMC Alias Private Key: 7
      1,651 UART: [alias rt] Derive CDI
      1,651 UART: [alias rt] Store in in slot 0x4
      1,653 UART: [alias rt] Derive Key Pair
      1,653 UART: [alias rt] Store priv key in slot 0x5
      1,815 UART: [alias rt] Derive Key Pair - Done
      1,815 UART: [alias rt] Signing Cert with AUTHO
      1,815 UART:             RITY.KEYID = 7
      1,929 UART: [alias rt] Erasing AUTHORITY.KEYID = 7
      1,929 UART: [alias rt] PUB.X = CB81F609B98074BCAD4702CE0A1641DEC352CDC7D02029A80999967368D44024116734C097EEF7B48A9EE7CEEFFC7B51
      1,930 UART: [alias rt] PUB.Y = 25BBADB86E0EDB97EA7A2C3A28974F7802F8D8A93E5A70874B22B16A8DB21CFAB6AA348EE3304281B93497D3CA44A6D3
      1,930 UART: [alias rt] SIG.R = F6C2DE4D5FC2D56B0452ADD6E6887961F60FC57C93D831E637CE2B03027D947B4F731A4995E71028EDED53678D507C96
      1,930 UART: [alias rt] SIG.S = E546EA80E90A834DBEE4F867FF6A8ADCBC52FA6C2BF1CE753A5DB9B90BCA46ECEF548F6583BDCA9F8C50BB333FEE8EE0
      1,996 UART: 
      1,996 UART:   ____      _ _       _               ____ _____
      1,996 UART:  / ___|__ _| (_)_ __ | |_ _ __ __ _  |  _ \_   _|
      1,996 UART: | |   / _` | | | '_ \| __| '__/ _` | | |_) || |
      1,996 UART: | |__| (_| | | | |_) | |_| | | (_| | |  _ < | |
      1,996 UART:  \____\__,_|_|_| .__/ \__|_|  \__,_| |_| \_\|_|
      1,996 UART:                |_|
      1,996 UART: 
      1,998 UART: 262145
      1,998 UART: Handoff Error: Runtime can't load drivers 0x000E000C

As best as I can tell, the runtime firmware is trying to disable attestation at https://github.com/chipsalliance/caliptra-sw/blob/da0cf516fdcea1b6f388567927f33e9f0c9f65da/runtime/src/drivers.rs#L216-L218, but that is failing with error code DRIVER_HMAC384_READ_KEY_KV_READ for key id KEY_ID_RT_CDI. I'm guessing this is a bug because KEY_ID_RT_CDI was just erased at https://github.com/chipsalliance/caliptra-sw/blob/da0cf516fdcea1b6f388567927f33e9f0c9f65da/runtime/src/disable.rs#L13-L16, so why is the code trying to use it?

sree-revoori1 commented 11 months ago

The reason disable_attestation tries to use KEY_ID_RT_CDI in generate_dice_key is because we previously thought that erasing a key vault slot and then reusing it later would cause that key vault slot to be read as all 0s.

I wrote the test test_derive_ecc_key_from_cdi_in_erased_kv_slot to check this, but looks like this test passed in the integration tests, but not the verilator/FPGA.