search

oxidecomputer / dice-util

utilities for cert template generation and manufacturing / certifying DeviceIds
Mozilla Public License 2.0
7 stars 3 forks source link

Ack contained invalid hash #185

Closed flihp closed 7 months ago

flihp commented 8 months ago

Been a while since I've run through the identity certification process but one of the first things I did threw back a warning that's interesting:

$ cargo run --bin dice-mfg -- --serial-dev /dev/ttyUSB0 set-platform-id PDV2:PPP-PPPPPPP:RRR:LLLWWYYSSS7
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
     Running `target/debug/dice-mfg --serial-dev /dev/ttyUSB0 set-platform-id 'PDV2:PPP-PPPPPPP:RRR:LLLWWYYSSS7'`
setting platform id to: "PDV2:PPP-PPPPPPP:RRR:LLLWWYYSSS7" ... [WARN  dice_mfg] Ack contained invalid hash
setting platform id to: "PDV2:PPP-PPPPPPP:RRR:LLLWWYYSSS7" ... success

If the Ack we got back from the RoT was invalid then I would expect we would do more than just warn the caller. Seems like this indicates that the RoT got a corrupted message and we should throw an error.

flihp commented 7 months ago

I've seen this again but this time it was immediately following the expected (but annoying) period that the UART is unstable on the LPC55 after a cold boot. Makes sense that the last failed exchange might only be partially corrupt. This isn't a bug.