From ae6fe809beab3605de0569419c5bc96c206a9964 Mon Sep 17 00:00:00 2001
From: Jordan Hand <jhand@google.com>
Date: Thu, 23 May 2024 10:19:09 -0700
Subject: [PATCH] Properly evaluate PL0 PAUSERs when the fw header bit is unset

Previously, if PL0 PAUSER bit was unset, all users were treated as PL0.
Align with the spec and treat them all as PL1 in that case.
---
 Cargo.lock                                    |   1 +
 runtime/Cargo.toml                            |   1 +
 runtime/src/drivers.rs                        |   3 +-
 .../test_pauser_privilege_levels.rs           | 146 +++++++++++++++++-
 4 files changed, 148 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index d167434831..4460b2f4b7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -740,6 +740,7 @@ dependencies = [
  "caliptra-error",
  "caliptra-gen-linker-scripts",
  "caliptra-hw-model",
+ "caliptra-image-crypto",
  "caliptra-image-elf",
  "caliptra-image-fake-keys",
  "caliptra-image-gen",
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
index f0f2426544..db739ef1c6 100644
--- a/runtime/Cargo.toml
+++ b/runtime/Cargo.toml
@@ -39,6 +39,7 @@ caliptra-hw-model.workspace = true
 caliptra-image-elf.workspace = true
 caliptra-image-fake-keys.workspace = true
 caliptra-image-gen.workspace = true
+caliptra-image-crypto.workspace = true
 caliptra-image-serde.workspace = true
 caliptra-cfi-lib-git = { workspace = true, features = ["cfi-test"] }
 openssl.workspace = true
diff --git a/runtime/src/drivers.rs b/runtime/src/drivers.rs
index e4609f432f..a410b7a259 100644
--- a/runtime/src/drivers.rs
+++ b/runtime/src/drivers.rs
@@ -590,7 +590,8 @@ impl Drivers {
     /// * `flags` - Flags from manifest header
     /// * `locality` - Caller's locality
     pub fn is_caller_pl1(pl0_pauser: u32, flags: u32, locality: u32) -> bool {
-        flags & PL0_PAUSER_FLAG == 0 && locality != pl0_pauser
+        (flags & PL0_PAUSER_FLAG == 0) // There is no PL0 PAUSER
+            || (locality != pl0_pauser) // There is a PL0 PAUSER, but it's not the current user
     }
 
     /// Get the KeyId for the RT Alias CDI
diff --git a/runtime/tests/runtime_integration_tests/test_pauser_privilege_levels.rs b/runtime/tests/runtime_integration_tests/test_pauser_privilege_levels.rs
index 241ffdcfd2..dc29480317 100644
--- a/runtime/tests/runtime_integration_tests/test_pauser_privilege_levels.rs
+++ b/runtime/tests/runtime_integration_tests/test_pauser_privilege_levels.rs
@@ -1,15 +1,23 @@
 // Licensed under the Apache-2.0 license
 
-use caliptra_builder::ImageOptions;
+use caliptra_builder::{
+    build_firmware_elf,
+    firmware::{APP_WITH_UART, FMC_WITH_UART},
+    ImageOptions,
+};
 use caliptra_common::mailbox_api::{
     CertifyKeyExtendedFlags, CertifyKeyExtendedReq, CommandId, MailboxReq, MailboxReqHeader,
     PopulateIdevCertReq, StashMeasurementReq,
 };
 use caliptra_error::CaliptraError;
-use caliptra_hw_model::HwModel;
+use caliptra_hw_model::{BootParams, Fuses, HwModel, InitParams, SecurityState};
+use caliptra_image_crypto::OsslCrypto as Crypto;
+use caliptra_image_elf::ElfExecutable;
+use caliptra_image_gen::{ImageGenerator, ImageGeneratorConfig};
 use caliptra_runtime::{
     RtBootStatus, PL0_DPE_ACTIVE_CONTEXT_THRESHOLD, PL1_DPE_ACTIVE_CONTEXT_THRESHOLD,
 };
+
 use dpe::{
     commands::{
         CertifyKeyCmd, CertifyKeyFlags, Command, DeriveContextCmd, DeriveContextFlags, InitCtxCmd,
@@ -440,3 +448,137 @@ fn test_measurement_log_pl_context_threshold() {
             == u32::from(CaliptraError::RUNTIME_PL0_USED_DPE_CONTEXT_THRESHOLD_REACHED)
     });
 }
+
+#[test]
+fn test_pl0_unset_in_header() {
+    let fuses = Fuses::default();
+    let rom = caliptra_builder::rom_for_fw_integration_tests().unwrap();
+    let mut model = caliptra_hw_model::new(
+        InitParams {
+            rom: &rom,
+            security_state: SecurityState::from(fuses.life_cycle as u32),
+            ..Default::default()
+        },
+        BootParams {
+            fuses,
+            ..Default::default()
+        },
+    )
+    .unwrap();
+
+    let mut opts = ImageOptions::default();
+    opts.vendor_config.pl0_pauser = None;
+    let mut image_bundle =
+        caliptra_builder::build_and_sign_image(&FMC_WITH_UART, &APP_WITH_UART, opts).unwrap();
+
+    // Change PL0 to 1 so that it matches the real PL0 PAUSER but don't set the
+    // flag bit to make it valid. Also need to re-generate and re-sign the image.
+    image_bundle.manifest.header.pl0_pauser = 1;
+
+    let opts = ImageOptions::default();
+    let ecc_index = opts.vendor_config.ecc_key_idx;
+    let lms_index = opts.vendor_config.lms_key_idx;
+    let gen = ImageGenerator::new(Crypto::default());
+    let header_digest_vendor = gen
+        .header_digest_vendor(&image_bundle.manifest.header)
+        .unwrap();
+    let header_digest_owner = gen
+        .header_digest_owner(&image_bundle.manifest.header)
+        .unwrap();
+    let fmc_elf = build_firmware_elf(&FMC_WITH_UART).unwrap();
+    let app_elf = build_firmware_elf(&APP_WITH_UART).unwrap();
+    let preamble = gen
+        .gen_preamble(
+            &ImageGeneratorConfig {
+                fmc: ElfExecutable::new(
+                    &fmc_elf,
+                    opts.fmc_version as u32,
+                    opts.fmc_svn,
+                    *b"~~~~~NO_GIT_REVISION",
+                )
+                .unwrap(),
+                runtime: ElfExecutable::new(
+                    &app_elf,
+                    opts.app_version,
+                    opts.app_svn,
+                    *b"~~~~~NO_GIT_REVISION",
+                )
+                .unwrap(),
+                vendor_config: opts.vendor_config,
+                owner_config: opts.owner_config,
+            },
+            ecc_index,
+            lms_index,
+            &header_digest_vendor,
+            &header_digest_owner,
+        )
+        .unwrap();
+    image_bundle.manifest.preamble = preamble;
+
+    model
+        .upload_firmware(&image_bundle.to_bytes().unwrap())
+        .unwrap();
+
+    model.step_until(|m| {
+        m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands)
+    });
+
+    // If PL0 PAUSER is unset, make sure PL0-only operation fails
+    let certify_key_cmd = CertifyKeyCmd {
+        handle: ContextHandle::default(),
+        label: TEST_LABEL,
+        flags: CertifyKeyFlags::empty(),
+        format: CertifyKeyCmd::FORMAT_X509,
+    };
+    let resp = execute_dpe_cmd(
+        &mut model,
+        &mut Command::CertifyKey(certify_key_cmd),
+        DpeResult::MboxCmdFailure(CaliptraError::RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL),
+    );
+    assert!(resp.is_none());
+}
+
+#[test]
+fn test_user_not_pl0() {
+    let fuses = Fuses::default();
+    let rom = caliptra_builder::rom_for_fw_integration_tests().unwrap();
+    let mut model = caliptra_hw_model::new(
+        InitParams {
+            rom: &rom,
+            security_state: SecurityState::from(fuses.life_cycle as u32),
+            ..Default::default()
+        },
+        BootParams {
+            fuses,
+            ..Default::default()
+        },
+    )
+    .unwrap();
+
+    let mut opts = ImageOptions::default();
+    opts.vendor_config.pl0_pauser = Some(0); // Caller PAUSER is always 1 for current models
+    let image_bundle =
+        caliptra_builder::build_and_sign_image(&FMC_WITH_UART, &APP_WITH_UART, opts).unwrap();
+
+    model
+        .upload_firmware(&image_bundle.to_bytes().unwrap())
+        .unwrap();
+
+    model.step_until(|m| {
+        m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands)
+    });
+
+    // If PAUSER is not PL0, make sure PL0-only operation fails
+    let certify_key_cmd = CertifyKeyCmd {
+        handle: ContextHandle::default(),
+        label: TEST_LABEL,
+        flags: CertifyKeyFlags::empty(),
+        format: CertifyKeyCmd::FORMAT_X509,
+    };
+    let resp = execute_dpe_cmd(
+        &mut model,
+        &mut Command::CertifyKey(certify_key_cmd),
+        DpeResult::MboxCmdFailure(CaliptraError::RUNTIME_INCORRECT_PAUSER_PRIVILEGE_LEVEL),
+    );
+    assert!(resp.is_none());
+}