Software APIs
imm_section.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/rom_ext/imm_section/imm_section.h"
6 
7 #include "sw/device/lib/arch/device.h"
8 #include "sw/device/lib/base/hardened.h"
9 #include "sw/device/lib/base/macros.h"
10 #include "sw/device/silicon_creator/lib/base/boot_measurements.h"
11 #include "sw/device/silicon_creator/lib/base/sec_mmio.h"
12 #include "sw/device/silicon_creator/lib/cert/dice_chain.h"
13 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
14 #include "sw/device/silicon_creator/lib/drivers/rnd.h"
15 #include "sw/device/silicon_creator/lib/epmp_state.h"
16 #include "sw/device/silicon_creator/lib/error.h"
17 #include "sw/device/silicon_creator/lib/manifest.h"
18 #include "sw/device/silicon_creator/lib/ownership/ownership_key.h"
19 #include "sw/device/silicon_creator/rom_ext/imm_section/imm_section_epmp.h"
20 #include "sw/device/silicon_creator/rom_ext/rom_ext_manifest.h"
21 
22 OT_WARN_UNUSED_RESULT
23 static rom_error_t imm_section_start(void) {
24  // Check the ePMP state.
25  HARDENED_RETURN_IF_ERROR(epmp_state_check());
26  // Check sec_mmio expectations.
27  // We don't check the counters since we don't want to tie ROM_EXT to a
28  // specific ROM version.
29  sec_mmio_check_values(rnd_uint32());
30 
31  // Initialize Immutable ROM EXT.
32  sec_mmio_next_stage_init();
33  HARDENED_RETURN_IF_ERROR(imm_section_epmp_reconfigure());
34 
35  // Lockdown the attestation seed to readonly as soon as possible to prevent
36  // key tampering and exfiltration.
37  flash_ctrl_cert_info_page_creator_cfg(&kFlashCtrlInfoPageAttestationKeySeeds);
38  flash_ctrl_cert_info_page_owner_restrict(
39  &kFlashCtrlInfoPageAttestationKeySeeds);
40  flash_ctrl_info_cfg_lock(&kFlashCtrlInfoPageAttestationKeySeeds);
41 
42  // Establish our identity.
43  const manifest_t *rom_ext = rom_ext_manifest();
44  HARDENED_RETURN_IF_ERROR(dice_chain_init());
45  HARDENED_RETURN_IF_ERROR(dice_chain_attestation_silicon());
46 
47  // Sideload sealing key to KMAC hw keyslot.
48  HARDENED_RETURN_IF_ERROR(ownership_seal_init());
49 
50  HARDENED_RETURN_IF_ERROR(
51  dice_chain_attestation_creator(&boot_measurements.rom_ext, rom_ext));
52 
53  // Make mutable part executable.
54  HARDENED_RETURN_IF_ERROR(imm_section_epmp_mutable_rx(rom_ext));
55 
56  return kErrorOk;
57 }
58 
59 void imm_section_main(void) {
60  rom_error_t error = imm_section_start();
61 
62  // If there's an error, this hardened check will trigger the irq handler
63  // in ROM to shutdown.
64  HARDENED_CHECK_EQ(error, kErrorOk);
65 
66  // Go back to ROM / Mutable ROM_EXT.
67  return;
68 }
Return to OpenTitan Documentation