Software APIs
imm_section.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/rom_ext/imm_section/imm_section.h"
6 
7 #include "sw/device/lib/arch/device.h"
8 #include "sw/device/lib/base/hardened.h"
9 #include "sw/device/lib/base/macros.h"
10 #include "sw/device/silicon_creator/lib/base/boot_measurements.h"
11 #include "sw/device/silicon_creator/lib/base/sec_mmio.h"
12 #include "sw/device/silicon_creator/lib/cert/dice_chain.h"
13 #include "sw/device/silicon_creator/lib/dbg_print.h"
14 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
15 #include "sw/device/silicon_creator/lib/drivers/otp.h"
16 #include "sw/device/silicon_creator/lib/drivers/rnd.h"
17 #include "sw/device/silicon_creator/lib/epmp_state.h"
18 #include "sw/device/silicon_creator/lib/error.h"
19 #include "sw/device/silicon_creator/lib/manifest.h"
20 #include "sw/device/silicon_creator/lib/ownership/ownership_key.h"
21 #include "sw/device/silicon_creator/rom_ext/imm_section/imm_section_epmp.h"
22 #include "sw/device/silicon_creator/rom_ext/rom_ext_manifest.h"
23 
24 #include "otp_ctrl_regs.h" // Generated.
25 
26 OT_WARN_UNUSED_RESULT
27 static rom_error_t imm_section_start(void) {
28  // Check the ePMP state.
29  HARDENED_RETURN_IF_ERROR(epmp_state_check());
30  // Check sec_mmio expectations.
31  // We don't check the counters since we don't want to tie ROM_EXT to a
32  // specific ROM version.
33  sec_mmio_check_values(rnd_uint32());
34 
35  // Initialize Immutable ROM EXT.
36  sec_mmio_next_stage_init();
37  HARDENED_RETURN_IF_ERROR(imm_section_epmp_reconfigure());
38 
39  // Debug UART is already configured by ROM.
40  dbg_puts("IMM_SECTION:0.1\r\n");
41  uint32_t hash_enforcement =
42  otp_read32(OTP_CTRL_PARAM_CREATOR_SW_CFG_IMMUTABLE_ROM_EXT_EN_OFFSET);
43  if (hash_enforcement != kHardenedBoolTrue) {
44  // CAUTION: The message below should match the message defined in:
45  // //sw/device/silicon_creator/rom_ext/imm_section/defs.bzl
46  dbg_puts("info: hash unenforced\r\n");
47  }
48 
49  // Lockdown the attestation seed to readonly as soon as possible to prevent
50  // key tampering and exfiltration.
51  flash_ctrl_cert_info_page_creator_cfg(&kFlashCtrlInfoPageAttestationKeySeeds);
52  flash_ctrl_cert_info_page_owner_restrict(
53  &kFlashCtrlInfoPageAttestationKeySeeds);
54  flash_ctrl_info_cfg_lock(&kFlashCtrlInfoPageAttestationKeySeeds);
55 
56  // Establish our identity.
57  const manifest_t *rom_ext = rom_ext_manifest();
58  HARDENED_RETURN_IF_ERROR(dice_chain_init());
59  HARDENED_RETURN_IF_ERROR(dice_chain_attestation_silicon());
60 
61  // Sideload sealing key to KMAC hw keyslot.
62  HARDENED_RETURN_IF_ERROR(ownership_seal_init());
63 
64  HARDENED_RETURN_IF_ERROR(
65  dice_chain_attestation_creator(&boot_measurements.rom_ext, rom_ext));
66 
67  // Make mutable part executable.
68  HARDENED_RETURN_IF_ERROR(imm_section_epmp_mutable_rx(rom_ext));
69 
70  return kErrorOk;
71 }
72 
73 void imm_section_main(void) {
74  rom_error_t error = imm_section_start();
75 
76  // If there's an error, this hardened check will trigger the irq handler
77  // in ROM to shutdown.
78  HARDENED_CHECK_EQ(error, kErrorOk);
79 
80  // Go back to ROM / Mutable ROM_EXT.
81  return;
82 }
Return to OpenTitan Documentation