Software APIs
keymgr_unittest.cc
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/lib/drivers/keymgr.h"
6 
7 #include <array>
8 #include <limits>
9 
10 #include "gtest/gtest.h"
11 #include "sw/device/lib/base/mock_abs_mmio.h"
12 #include "sw/device/silicon_creator/lib/base/mock_sec_mmio.h"
13 #include "sw/device/silicon_creator/lib/error.h"
14 
15 #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
16 #include "keymgr_regs.h" // Generated.
17 
18 namespace keymgr_unittest {
19 namespace {
20 
21 struct SwBindingCfg {
22  uint32_t max_key_ver;
23  keymgr_binding_value_t binding_value_sealing;
24  keymgr_binding_value_t binding_value_attestation;
25 };
26 
27 class KeymgrTest : public rom_test::RomTest {
28  protected:
29  void ExpectStatusCheck(uint32_t op_status, uint32_t km_state,
30  uint32_t err_code) {
31  EXPECT_ABS_READ32(base_ + KEYMGR_OP_STATUS_REG_OFFSET, op_status);
32  EXPECT_ABS_WRITE32(base_ + KEYMGR_OP_STATUS_REG_OFFSET, op_status);
33 
34  EXPECT_ABS_READ32(base_ + KEYMGR_ERR_CODE_REG_OFFSET, err_code);
35  EXPECT_ABS_WRITE32(base_ + KEYMGR_ERR_CODE_REG_OFFSET, err_code);
36 
37  EXPECT_SEC_READ32(base_ + KEYMGR_WORKING_STATE_REG_OFFSET, km_state);
38  }
39  void ExpectIdleCheck(uint32_t op_status) {
40  EXPECT_ABS_READ32(base_ + KEYMGR_OP_STATUS_REG_OFFSET, op_status);
41  }
42  void ExpectDiversificationWrite(sc_keymgr_diversification_t diversification) {
43  EXPECT_ABS_WRITE32(base_ + KEYMGR_KEY_VERSION_REG_OFFSET,
44  diversification.version);
45  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_0_REG_OFFSET,
46  diversification.salt[0]);
47  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_1_REG_OFFSET,
48  diversification.salt[1]);
49  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_2_REG_OFFSET,
50  diversification.salt[2]);
51  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_3_REG_OFFSET,
52  diversification.salt[3]);
53  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_4_REG_OFFSET,
54  diversification.salt[4]);
55  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_5_REG_OFFSET,
56  diversification.salt[5]);
57  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_6_REG_OFFSET,
58  diversification.salt[6]);
59  EXPECT_ABS_WRITE32(base_ + KEYMGR_SALT_7_REG_OFFSET,
60  diversification.salt[7]);
61  }
62  void ExpectSwBindingUnlockWait(void) {
63  EXPECT_ABS_READ32(base_ + KEYMGR_SW_BINDING_REGWEN_REG_OFFSET, 1);
64  EXPECT_SEC_READ32(base_ + KEYMGR_SW_BINDING_REGWEN_REG_OFFSET, 1);
65  }
66  void ExpectSwBindingValueSet(
67  const keymgr_binding_value_t *binding_value_sealing,
68  const keymgr_binding_value_t *binding_value_attestation) {
69  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_0_REG_OFFSET,
70  binding_value_sealing->data[0]);
71  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_1_REG_OFFSET,
72  binding_value_sealing->data[1]);
73  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_2_REG_OFFSET,
74  binding_value_sealing->data[2]);
75  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_3_REG_OFFSET,
76  binding_value_sealing->data[3]);
77  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_4_REG_OFFSET,
78  binding_value_sealing->data[4]);
79  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_5_REG_OFFSET,
80  binding_value_sealing->data[5]);
81  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_6_REG_OFFSET,
82  binding_value_sealing->data[6]);
83  EXPECT_SEC_WRITE32(base_ + KEYMGR_SEALING_SW_BINDING_7_REG_OFFSET,
84  binding_value_sealing->data[7]);
85 
86  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_0_REG_OFFSET,
87  binding_value_attestation->data[0]);
88  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_1_REG_OFFSET,
89  binding_value_attestation->data[1]);
90  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_2_REG_OFFSET,
91  binding_value_attestation->data[2]);
92  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_3_REG_OFFSET,
93  binding_value_attestation->data[3]);
94  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_4_REG_OFFSET,
95  binding_value_attestation->data[4]);
96  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_5_REG_OFFSET,
97  binding_value_attestation->data[5]);
98  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_6_REG_OFFSET,
99  binding_value_attestation->data[6]);
100  EXPECT_SEC_WRITE32(base_ + KEYMGR_ATTEST_SW_BINDING_7_REG_OFFSET,
101  binding_value_attestation->data[7]);
102 
103  EXPECT_SEC_WRITE32(base_ + KEYMGR_SW_BINDING_REGWEN_REG_OFFSET, 0);
104  }
105  void ExpectAdvanceState(void) {
106  EXPECT_ABS_WRITE32_SHADOWED(
107  base_ + KEYMGR_CONTROL_SHADOWED_REG_OFFSET,
108  {
109  {KEYMGR_CONTROL_SHADOWED_DEST_SEL_OFFSET,
110  KEYMGR_CONTROL_SHADOWED_DEST_SEL_VALUE_NONE},
111  {KEYMGR_CONTROL_SHADOWED_OPERATION_OFFSET,
112  KEYMGR_CONTROL_SHADOWED_OPERATION_VALUE_ADVANCE},
113  });
114  EXPECT_ABS_WRITE32(base_ + KEYMGR_START_REG_OFFSET,
115  {
116  {KEYMGR_START_EN_BIT, true},
117  });
118  }
119  void ExpectWaitUntilDone(size_t busy_cycles, uint32_t end_status) {
120  for (size_t i = 0; i < busy_cycles; i++) {
121  EXPECT_ABS_READ32(base_ + KEYMGR_OP_STATUS_REG_OFFSET,
122  KEYMGR_OP_STATUS_STATUS_VALUE_WIP);
123  EXPECT_ABS_WRITE32(base_ + KEYMGR_OP_STATUS_REG_OFFSET,
124  KEYMGR_OP_STATUS_STATUS_VALUE_WIP);
125  }
126  EXPECT_ABS_READ32(base_ + KEYMGR_OP_STATUS_REG_OFFSET, end_status);
127  EXPECT_ABS_WRITE32(base_ + KEYMGR_OP_STATUS_REG_OFFSET, end_status);
128  }
129  uint32_t base_ = TOP_EARLGREY_KEYMGR_BASE_ADDR;
130  SwBindingCfg cfg_ = {
131  .max_key_ver = 0xA5A5A5A5,
132  .binding_value_sealing = {0, 1, 2, 3, 4, 6, 7, 8},
133  .binding_value_attestation = {9, 10, 11, 12, 13, 14, 15},
134  };
135  rom_test::MockAbsMmio mmio_;
136  rom_test::MockSecMmio sec_mmio_;
137 };
138 
139 TEST_F(KeymgrTest, EntropyReseedIntervalSet) {
140  EXPECT_SEC_WRITE32_SHADOWED(
141  base_ + KEYMGR_RESEED_INTERVAL_SHADOWED_REG_OFFSET, 0u);
142 
143  sc_keymgr_entropy_reseed_interval_set(0u);
144 }
145 
146 TEST_F(KeymgrTest, SwBindingValuesSet) {
147  ExpectSwBindingValueSet(&cfg_.binding_value_sealing,
148  &cfg_.binding_value_attestation);
149  sc_keymgr_sw_binding_set(&cfg_.binding_value_sealing,
150  &cfg_.binding_value_attestation);
151 }
152 
153 TEST_F(KeymgrTest, SwBindingUnlockWait) {
154  ExpectSwBindingUnlockWait();
155  sc_keymgr_sw_binding_unlock_wait();
156 }
157 
158 TEST_F(KeymgrTest, SetCreatorMaxVerKey) {
159  EXPECT_SEC_WRITE32_SHADOWED(
160  base_ + KEYMGR_MAX_CREATOR_KEY_VER_SHADOWED_REG_OFFSET, cfg_.max_key_ver);
161  EXPECT_SEC_WRITE32(base_ + KEYMGR_MAX_CREATOR_KEY_VER_REGWEN_REG_OFFSET, 0);
162  sc_keymgr_creator_max_ver_set(cfg_.max_key_ver);
163 }
164 
165 TEST_F(KeymgrTest, SetOwnerIntMaxVerKey) {
166  EXPECT_SEC_WRITE32_SHADOWED(
167  base_ + KEYMGR_MAX_OWNER_INT_KEY_VER_SHADOWED_REG_OFFSET,
168  cfg_.max_key_ver);
169  EXPECT_SEC_WRITE32(base_ + KEYMGR_MAX_OWNER_INT_KEY_VER_REGWEN_REG_OFFSET, 0);
170  sc_keymgr_owner_int_max_ver_set(cfg_.max_key_ver);
171 }
172 
173 TEST_F(KeymgrTest, SetOwnerMaxVerKey) {
174  EXPECT_SEC_WRITE32_SHADOWED(
175  base_ + KEYMGR_MAX_OWNER_KEY_VER_SHADOWED_REG_OFFSET, cfg_.max_key_ver);
176  EXPECT_SEC_WRITE32(base_ + KEYMGR_MAX_OWNER_KEY_VER_REGWEN_REG_OFFSET, 0);
177  sc_keymgr_owner_max_ver_set(cfg_.max_key_ver);
178 }
179 
180 TEST_F(KeymgrTest, AdvanceState) {
181  ExpectAdvanceState();
182  sc_keymgr_advance_state();
183 }
184 
185 TEST_F(KeymgrTest, CheckState) {
186  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
187  KEYMGR_WORKING_STATE_STATE_VALUE_CREATOR_ROOT_KEY,
188  /*err_code=*/0u);
189  EXPECT_EQ(sc_keymgr_state_check(kScKeymgrStateCreatorRootKey), kErrorOk);
190 }
191 
192 TEST_F(KeymgrTest, CheckStateInvalidResponse) {
193  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
194  KEYMGR_WORKING_STATE_STATE_VALUE_INVALID,
195  /*err_code=*/0u);
196  EXPECT_EQ(sc_keymgr_state_check(kScKeymgrStateCreatorRootKey),
197  kErrorKeymgrInternal);
198 
199  // Any non-idle status is expected to fail.
200  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_DONE_ERROR,
201  KEYMGR_WORKING_STATE_STATE_VALUE_CREATOR_ROOT_KEY,
202  /*err_code=*/0u);
203  EXPECT_EQ(sc_keymgr_state_check(kScKeymgrStateCreatorRootKey),
204  kErrorKeymgrInternal);
205 
206  // Any non-zero error code is expected to fail.
207  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
208  KEYMGR_WORKING_STATE_STATE_VALUE_CREATOR_ROOT_KEY,
209  /*err_code=*/1u);
210  EXPECT_EQ(sc_keymgr_state_check(kScKeymgrStateCreatorRootKey),
211  kErrorKeymgrInternal);
212 }
213 
214 TEST_F(KeymgrTest, GenOtbnAttestationKey) {
215  sc_keymgr_diversification_t test_diversification = {
216  .salt = {0xf0f1f2f3, 0xf4f5f6f7, 0xf8f9fafb, 0xfcfdfeff, 0xd0d1d2d3,
217  0xd4d5d6d7, 0xd8d9dadb, 0xdcdddedf},
218  .version = cfg_.max_key_ver - 1,
219  };
220 
221  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE);
222  EXPECT_ABS_WRITE32_SHADOWED(
223  base_ + KEYMGR_CONTROL_SHADOWED_REG_OFFSET,
224  {
225  {KEYMGR_CONTROL_SHADOWED_DEST_SEL_OFFSET,
226  KEYMGR_CONTROL_SHADOWED_DEST_SEL_VALUE_OTBN},
227  {KEYMGR_CONTROL_SHADOWED_CDI_SEL_BIT, true},
228  {KEYMGR_CONTROL_SHADOWED_OPERATION_OFFSET,
229  KEYMGR_CONTROL_SHADOWED_OPERATION_VALUE_GENERATE_HW_OUTPUT},
230  });
231  ExpectDiversificationWrite(test_diversification);
232  EXPECT_ABS_WRITE32(base_ + KEYMGR_START_REG_OFFSET,
233  {
234  {KEYMGR_START_EN_BIT, true},
235  });
236  ExpectWaitUntilDone(/*busy_cycles=*/2,
237  KEYMGR_OP_STATUS_STATUS_VALUE_DONE_SUCCESS);
238 
239  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeAttestation,
240  test_diversification),
241  kErrorOk);
242 }
243 
244 TEST_F(KeymgrTest, GenOtbnSealingKey) {
245  sc_keymgr_diversification_t test_diversification = {
246  .salt = {0xf0f1f2f3, 0xf4f5f6f7, 0xf8f9fafb, 0xfcfdfeff, 0xd0d1d2d3,
247  0xd4d5d6d7, 0xd8d9dadb, 0xdcdddedf},
248  .version = cfg_.max_key_ver - 1,
249  };
250 
251  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE);
252  EXPECT_ABS_WRITE32_SHADOWED(
253  base_ + KEYMGR_CONTROL_SHADOWED_REG_OFFSET,
254  {
255  {KEYMGR_CONTROL_SHADOWED_DEST_SEL_OFFSET,
256  KEYMGR_CONTROL_SHADOWED_DEST_SEL_VALUE_OTBN},
257  {KEYMGR_CONTROL_SHADOWED_CDI_SEL_BIT, false},
258  {KEYMGR_CONTROL_SHADOWED_OPERATION_OFFSET,
259  KEYMGR_CONTROL_SHADOWED_OPERATION_VALUE_GENERATE_HW_OUTPUT},
260  });
261  ExpectDiversificationWrite(test_diversification);
262  EXPECT_ABS_WRITE32(base_ + KEYMGR_START_REG_OFFSET,
263  {
264  {KEYMGR_START_EN_BIT, true},
265  });
266  ExpectWaitUntilDone(/*busy_cycles=*/2,
267  KEYMGR_OP_STATUS_STATUS_VALUE_DONE_SUCCESS);
268 
269  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeSealing,
270  test_diversification),
271  kErrorOk);
272 }
273 
274 TEST_F(KeymgrTest, GenOtbnKeyNotIdle) {
275  sc_keymgr_diversification_t test_diversification = {
276  .salt = {0xf0f1f2f3, 0xf4f5f6f7, 0xf8f9fafb, 0xfcfdfeff, 0xd0d1d2d3,
277  0xd4d5d6d7, 0xd8d9dadb, 0xdcdddedf},
278  .version = cfg_.max_key_ver - 1,
279  };
280 
281  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_WIP);
282  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeAttestation,
283  test_diversification),
284  kErrorKeymgrInternal);
285  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_DONE_ERROR);
286  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeAttestation,
287  test_diversification),
288  kErrorKeymgrInternal);
289  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_DONE_SUCCESS);
290  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeAttestation,
291  test_diversification),
292  kErrorKeymgrInternal);
293 }
294 
295 TEST_F(KeymgrTest, GenOtbnKeyError) {
296  sc_keymgr_diversification_t test_diversification = {
297  .salt = {0xf0f1f2f3, 0xf4f5f6f7, 0xf8f9fafb, 0xfcfdfeff, 0xd0d1d2d3,
298  0xd4d5d6d7, 0xd8d9dadb, 0xdcdddedf},
299  .version = cfg_.max_key_ver - 1,
300  };
301  uint32_t err_code = 0x1;
302 
303  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE);
304  EXPECT_ABS_WRITE32_SHADOWED(
305  base_ + KEYMGR_CONTROL_SHADOWED_REG_OFFSET,
306  {
307  {KEYMGR_CONTROL_SHADOWED_DEST_SEL_OFFSET,
308  KEYMGR_CONTROL_SHADOWED_DEST_SEL_VALUE_OTBN},
309  {KEYMGR_CONTROL_SHADOWED_CDI_SEL_BIT, true},
310  {KEYMGR_CONTROL_SHADOWED_OPERATION_OFFSET,
311  KEYMGR_CONTROL_SHADOWED_OPERATION_VALUE_GENERATE_HW_OUTPUT},
312  });
313  ExpectDiversificationWrite(test_diversification);
314  EXPECT_ABS_WRITE32(base_ + KEYMGR_START_REG_OFFSET,
315  {
316  {KEYMGR_START_EN_BIT, true},
317  });
318  ExpectWaitUntilDone(/*busy_cycles=*/2,
319  KEYMGR_OP_STATUS_STATUS_VALUE_DONE_ERROR);
320  EXPECT_ABS_READ32(base_ + KEYMGR_ERR_CODE_REG_OFFSET, err_code);
321  EXPECT_ABS_WRITE32(base_ + KEYMGR_ERR_CODE_REG_OFFSET, err_code);
322 
323  EXPECT_EQ(sc_keymgr_generate_key_otbn(kScKeymgrKeyTypeAttestation,
324  test_diversification),
325  kErrorKeymgrInternal);
326 }
327 
328 TEST_F(KeymgrTest, SideloadClearOtbn) {
329  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE);
330  EXPECT_ABS_WRITE32(base_ + KEYMGR_SIDELOAD_CLEAR_REG_OFFSET,
331  {
332  {KEYMGR_SIDELOAD_CLEAR_VAL_OFFSET,
333  KEYMGR_SIDELOAD_CLEAR_VAL_VALUE_OTBN},
334  });
335  EXPECT_ABS_READ32(base_ + KEYMGR_SIDELOAD_CLEAR_REG_OFFSET,
336  {
337  {KEYMGR_SIDELOAD_CLEAR_VAL_OFFSET,
338  KEYMGR_SIDELOAD_CLEAR_VAL_VALUE_OTBN},
339  });
340  EXPECT_ABS_WRITE32(base_ + KEYMGR_SIDELOAD_CLEAR_REG_OFFSET,
341  {
342  {KEYMGR_SIDELOAD_CLEAR_VAL_OFFSET,
343  KEYMGR_SIDELOAD_CLEAR_VAL_VALUE_NONE},
344  });
345 
346  EXPECT_EQ(sc_keymgr_sideload_clear_otbn(), kErrorOk);
347 }
348 
349 TEST_F(KeymgrTest, SideloadClearOtbnNotIdle) {
350  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_WIP);
351  EXPECT_EQ(sc_keymgr_sideload_clear_otbn(), kErrorKeymgrInternal);
352  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_DONE_SUCCESS);
353  EXPECT_EQ(sc_keymgr_sideload_clear_otbn(), kErrorKeymgrInternal);
354  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_DONE_ERROR);
355  EXPECT_EQ(sc_keymgr_sideload_clear_otbn(), kErrorKeymgrInternal);
356 }
357 
358 TEST_F(KeymgrTest, SideloadClearOtbnReadbackMismatch) {
359  ExpectIdleCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE);
360  EXPECT_ABS_WRITE32(base_ + KEYMGR_SIDELOAD_CLEAR_REG_OFFSET,
361  {
362  {KEYMGR_SIDELOAD_CLEAR_VAL_OFFSET,
363  KEYMGR_SIDELOAD_CLEAR_VAL_VALUE_OTBN},
364  });
365 
366  // Readback does not match the value written.
367  EXPECT_ABS_READ32(base_ + KEYMGR_SIDELOAD_CLEAR_REG_OFFSET,
368  {
369  {KEYMGR_SIDELOAD_CLEAR_VAL_OFFSET,
370  KEYMGR_SIDELOAD_CLEAR_VAL_VALUE_AES},
371  });
372 
373  EXPECT_EQ(sc_keymgr_sideload_clear_otbn(), kErrorKeymgrInternal);
374 }
375 
376 TEST_F(KeymgrTest, OwnerIntAdvance) {
377  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
378  KEYMGR_WORKING_STATE_STATE_VALUE_CREATOR_ROOT_KEY,
379  /*err_code=*/0u);
380  ExpectSwBindingValueSet(&cfg_.binding_value_sealing,
381  &cfg_.binding_value_attestation);
382  EXPECT_SEC_WRITE32_SHADOWED(
383  base_ + KEYMGR_MAX_OWNER_INT_KEY_VER_SHADOWED_REG_OFFSET,
384  cfg_.max_key_ver);
385  EXPECT_SEC_WRITE32(base_ + KEYMGR_MAX_OWNER_INT_KEY_VER_REGWEN_REG_OFFSET, 0);
386  ExpectAdvanceState();
387  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
388  KEYMGR_WORKING_STATE_STATE_VALUE_OWNER_INTERMEDIATE_KEY,
389  /*err_code=*/0u);
390  EXPECT_EQ(sc_keymgr_owner_int_advance(&cfg_.binding_value_sealing,
391  &cfg_.binding_value_attestation,
392  cfg_.max_key_ver),
393  kErrorOk);
394 }
395 
396 TEST_F(KeymgrTest, OwnerAdvance) {
397  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
398  KEYMGR_WORKING_STATE_STATE_VALUE_OWNER_INTERMEDIATE_KEY,
399  /*err_code=*/0u);
400  ExpectSwBindingValueSet(&cfg_.binding_value_sealing,
401  &cfg_.binding_value_attestation);
402  EXPECT_SEC_WRITE32_SHADOWED(
403  base_ + KEYMGR_MAX_OWNER_KEY_VER_SHADOWED_REG_OFFSET, cfg_.max_key_ver);
404  EXPECT_SEC_WRITE32(base_ + KEYMGR_MAX_OWNER_KEY_VER_REGWEN_REG_OFFSET, 0);
405  ExpectAdvanceState();
406  ExpectStatusCheck(KEYMGR_OP_STATUS_STATUS_VALUE_IDLE,
407  KEYMGR_WORKING_STATE_STATE_VALUE_OWNER_KEY,
408  /*err_code=*/0u);
409  EXPECT_EQ(sc_keymgr_owner_advance(&cfg_.binding_value_sealing,
410  &cfg_.binding_value_attestation,
411  cfg_.max_key_ver),
412  kErrorOk);
413 }
414 
415 } // namespace
416 } // namespace keymgr_unittest
Return to OpenTitan Documentation